fc5f6521f74a7ddf07417db5b0e2b7ccaa0cc82c5d28e33a1c1338034ab31289

Analysis

max time kernel
170s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2023 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91becd4cb177c25bc255ee8c6408aa9a.zip
Size

1KB
MD5

146383bb30406745f0c0d56d65917bd3
SHA1

288f672919690229555c22074b7bc14488bedbd6
SHA256

fc5f6521f74a7ddf07417db5b0e2b7ccaa0cc82c5d28e33a1c1338034ab31289
SHA512

e8b2016e461d6bef6137f0b607c47f2793a66cd33e0dfef6d7f2d96b07c8292facd3fbba0e4db412a6e56aa46f26e100f77c6b0351a3a292989e5d6c9eec09a3

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\74c0e222-2910-4455-ad80-bbeaa151feae.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230320124738.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

OpenWith.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

3880 msedge.exe
3880 msedge.exe
2556 msedge.exe
2556 msedge.exe
1520 identity_helper.exe
1520 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

2556 msedge.exe
2556 msedge.exe
2556 msedge.exe
2556 msedge.exe
2556 msedge.exe
2556 msedge.exe
2556 msedge.exe
2556 msedge.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

msedge.exe

pid process

2556 msedge.exe
2556 msedge.exe
2556 msedge.exe
2556 msedge.exe

pid	process
3880	msedge.exe
3880	msedge.exe
2556	msedge.exe
2556	msedge.exe
1520	identity_helper.exe
1520	identity_helper.exe

pid	process
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

pid	process
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious use of SetWindowsHookEx 23 IoCs

Processes:

OpenWith.exe

pid	process
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe
2628	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exemsedge.exe

description	pid	process	target process
PID 2628 wrote to memory of 1324	2628	OpenWith.exe	NOTEPAD.EXE
PID 2628 wrote to memory of 1324	2628	OpenWith.exe	NOTEPAD.EXE
PID 2556 wrote to memory of 2824	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2824	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 2680	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3880	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3880	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe
PID 2556 wrote to memory of 3876	2556	msedge.exe	msedge.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\91becd4cb177c25bc255ee8c6408aa9a.zip
1⤵
PID:5088

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\91becd4cb177c25bc255ee8c6408aa9a\91becd4cb177c25bc255ee8c6408aa9a
2⤵
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Documents\91becd4cb177c25bc255ee8c6408aa9a\91becd4cb177c25bc255ee8c6408aa9a.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x11c,0x120,0x40,0x124,0x7ffda7d046f8,0x7ffda7d04708,0x7ffda7d04718
2⤵
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
2⤵
PID:3876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
2⤵
PID:1716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
2⤵
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6b5dc5460,0x7ff6b5dc5470,0x7ff6b5dc5480
3⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
2⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
2⤵
PID:1200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
2⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
2⤵
PID:2112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5076441835061036300,17841588786246755104,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
2⤵
PID:1004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
8febd0cc7667673cf5b8754a08ec9f0c

SHA1
aa5141b79a77689bd982815fd9a6cee6a4eb309c

SHA256
891901bd375d31787ce0e9acf78c5205c5d3b1c0ff973649fe81b24d37cde4a3

SHA512
2d4bdf2ed7d1eb7d186e39240b367b6fdad3a001efb36852c62d5f545a3d957fcc2c7a14b96d0e0b7e48d40bbb8cf50ba4786312d8a9035b1ec15461f1cb2dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
8617bc86f4301084b729b07c1cd27c2c

SHA1
756f3e722c4efbf59366028f5481d1433752dfeb

SHA256
f8072fca2e68e99ae9d8aeaade5a2e079c39a5d94d9614bf8030919c81b03ea0

SHA512
566e79716c8a7ff7ede344766635f9c0c95d673996c8e3f22695b87652925e7776179140a541dcaa0aa0c19e3fe16bf0b78e113bf7462806099843e8f139342e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c8564a15e5d8a7feacafae3881ae8854

SHA1
75533a104df777909e8b6accb3d07f92e03d8771

SHA256
b376753b1b62bea219309dabdc22e4e636e2d565b4270d9be7123b5a9e11613a

SHA512
159743c6d9e0752f11e946c13eb0186befadec80efc959193b24d88bc7dab37e71f489abbbf56ad6298172b1be2193c5cc357c7299d3300e24dfbe9821452cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da1f5a91a8ac04ca94db7912a4dc9662

SHA1
3149ed13193c25c5a2d01813ae0ba440692276c3

SHA256
9890e61d41170de69d642a06714401f7306b7c91128001506615e7408318baff

SHA512
adf8759a76d42ffc7906eadad307285300355c44aa880ec644209ac637851e014482a3f0ec1f231823066fe7aa0cd3436ca6b0f9de25e7407743ea50d522d867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
edc6e52be67745972e5652ecbf9ee481

SHA1
2ea686b874f8f56bf54640163bcee1034bb204ea

SHA256
8df3a01a6388f15d9922a28a3c3faf276b55e781f4537ba44b64f3674e641cb1

SHA512
dbc7ccb0dbf37f19ddbd57c0b57953d4611f44b37f3cb3f994e7db30680a8d37233a2f37e5c398f5af0788289901ca4fb9bacf05cd12b0d4be33f6b42a9a657f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5930bb.TMP

Filesize
203B

MD5
344f0e600134111426c7562c01f5109d

SHA1
79ab134f7a03870c38f683e456127cfeaaca2fa6

SHA256
02375496a52cc140c0b951fab420298d35bef43d1829a9d9220ce50e8bd999bd

SHA512
18e20c22998fe335e979f7715c2f567b20fd44991bb0c74dd1a8bac23a9010a139f75d58ec66840fc7be77d08cfabec339dd805ee6a2e98fbac12bc68a2762c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f80313d4-a773-4970-b46c-d8826f8ed827.tmp

Filesize
334B

MD5
bcbd7db27d672e75983442d74cd9daeb

SHA1
cb17c48404c127a5a7f70d50087d4c99eb50a8c2

SHA256
fecffd6bddad8df0ae55c677ce45a41b545803074f730d63b9ac26ee5470e2b1

SHA512
889227787edd1bdda768620daa0060356fb4e18e62559d6de1de7954fc3ad544ede61173deb7fb1374114f921037d6ae0e02f8f18dcf49943f7c9cb0ebbd4625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7851f84a4224826d18f55a9786f626d4

SHA1
a840049402caa0050df88ec3d05763f438094e80

SHA256
79405f9e89e37d5535e98e523673da6d27b0c21d84f8d5dfdba6e063b48451c7

SHA512
402614874c4102bfcfb8ff50eed2ad46273d3fe0ba2602a297a0e93ac70223e3c4ab27e7b9825ce830806ca12441a3667dd8f40d17df09b77c184bbdfac6635d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
486f9f43508bf933ebe70b245e7d9675

SHA1
ae72e9ca2f123a4c59d55c46e704aafdcaf0ee9a

SHA256
b4b7b201279ee6b0aa689b5e5226ccb181d4c0c9c017188db8f3aa34def82fb6

SHA512
77991c73fffb13cec7cffaddf5b7419eb0ddfd704f4712b530ddff685d21e76788c573fc2c8eddf3d625bf4fb4405ecf51ecf10d1428c28af3d61060324f4bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3981ae9635106b9458e9213ba4d363ea

SHA1
540f8fa024767d76d0f7b0f21aafec12e55aed3c

SHA256
fc5f67532e7b259b442d54be9e6e1f2f24e6d608a5baeb795ab3f8c30d108dd5

SHA512
d7ee8a07dd812514e6ccefa69a22d6df8aeff7fb17014560bdb08ea101d1c81519ea114a8cb92984e6dbbb7e523835fbf9dd4c63c340733ae89e0a8741330b7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
09ebd0fb21a0b16634fdfcbea9a73654

SHA1
0422f01b260bf4b51a2c62381caf40f0631ee728

SHA256
eba09bddaee89646ec28dc28506f87ec2a04f8c6661a6279bf1dee17e44a1a88

SHA512
fffe6179a0e516e25b9beed446e55864cb9644b2e4c05158129ba2ffdead6d96b8a0a3bcc459b3532608bd9d2666618e72ffd551a5cad753da6898120d4802ad

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
67d0e709d389b6320673b684d3d87155

SHA1
b1188ba15ff464c388a6edb2ccf8af6694f85297

SHA256
dea8ea050d9b17d032df179d65f533fe57bc8785433c83e184554a4c90c68b04

SHA512
4e0c21392f4568be7294168ad90a7eb17aa84cb5aa7d285b8f7ee729088a675e96792c5d8f93b6bcdd84c3f580e66d0826fe323281609517b973e01063550bd4

Download Submit
\??\pipe\LOCAL\crashpad_2556_GYZDQHICHNCAASPX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1324-133-0x000001DFCA830000-0x000001DFCA90E000-memory.dmp

Filesize
888KB

Download
memory/1324-136-0x000001DFCA830000-0x000001DFCA90E000-memory.dmp

Filesize
888KB

Download