hxxps://ad-account-disabled-2794a[.]web[.]app/

Analysis

max time kernel
34s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2023, 01:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://ad-account-disabled-2794a.web.app/

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\42193854-ccb6-414d-a758-34e96985f9d5.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230604010245.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4460	powershell.exe
4460	powershell.exe
1648	msedge.exe
1648	msedge.exe
3416	msedge.exe
3416	msedge.exe
4188	identity_helper.exe
4188	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4460	powershell.exe

Suspicious use of FindShellTrayWindow 11 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe
3416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 3700	3416	msedge.exe	86
PID 3416 wrote to memory of 3700	3416	msedge.exe	86
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 3092	3416	msedge.exe	87
PID 3416 wrote to memory of 1648	3416	msedge.exe	88
PID 3416 wrote to memory of 1648	3416	msedge.exe	88
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89
PID 3416 wrote to memory of 1852	3416	msedge.exe	89

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://ad-account-disabled-2794a.web.app/
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://ad-account-disabled-2794a.web.app/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9700246f8,0x7ff970024708,0x7ff970024718
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,18372837176135715325,10039731332866194848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,18372837176135715325,10039731332866194848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,18372837176135715325,10039731332866194848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18372837176135715325,10039731332866194848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18372837176135715325,10039731332866194848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18372837176135715325,10039731332866194848,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18372837176135715325,10039731332866194848,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18372837176135715325,10039731332866194848,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18372837176135715325,10039731332866194848,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,18372837176135715325,10039731332866194848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3484
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff728cb5460,0x7ff728cb5470,0x7ff728cb5480
    3⤵
    PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,18372837176135715325,10039731332866194848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae2c65ccf1085f2a624551421576a3ee

SHA1
f1dea6ccfbd7803cc4489b9260758b8ad053e08e

SHA256
49bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54

SHA512
3abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c3770be634be8da92e71a3f9f76d79d3

SHA1
f4538b79d313dd46e55d1fd3e6ca3d4681fe4c3f

SHA256
23549094c00feed7abf21e56caae3c8b22a7bd89cfc2f5ea369cf13259273432

SHA512
09c1a087be6dcb49fd0725936571946266f31298f8ae141d59b9ac60f3f0fe8e7d964f661818d72682633845b48dbb906d8c89bb33bd2060bb4971b3e14fc4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
30f7dfd0a088acc9f1bfb86e3788ae46

SHA1
d41695c9c85467ae74b46406327cbdbe77befa95

SHA256
6bff80b711c4335da0a8b1f4e2d248b7d1d0d335b6c4ba7310ce5f4314a34cdb

SHA512
dad8bec5a24b4f826bdd48e5228036acf36cc461e45b69af4825dc46ca01ae53639c0f497949dbcf43f9965af4721b2e5f4a1926124ae2cb5519f61f62513e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
70d05c36b57424060b56e6ca4f524b99

SHA1
ea51be00d074b40dd1f3dc0a4af2f10a4f95be4a

SHA256
02656ab9b09801ff6fe43cb98083cadf90064ba1c3e6a19d17ad5436720ec402

SHA512
9a89adfd408e649dbca2ea0c7675b5a8a954624269c3149429c2cf198165c581b81b9aab45c08be7625bccd7831defe2a7dd4544d10514e32506e3859c9e7e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
75b1a6ea2f06757a5b3a0ed4ce81f304

SHA1
88e302feec611efaf0957425df0d3aa4b57fc92b

SHA256
71ae53febf582f0718ec46697e2643bd57885d5a2d1a353f4d40f0313a09345f

SHA512
a6014570490c2ca17958e4078ba0f52dfe47f825536f458a1d7817584ab071fbddd12607c17367b6bbcb2c44a8c19c9081bad1fe2947c78ff683515d92160ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
2e670ca7cdb58786de8ab5be47df7bd8

SHA1
387849cab05f2a66526854b8a91e033aee1dd8ef

SHA256
2c78957b3878decdf76f1ccda4a89eb3e9da7821e112d14f6b877534714e2a66

SHA512
7035764661e194be25f0ecc916b16219803a9996df82184695df4c49f909bbf10fe27ef00d56f6fd7e95e650b63136ab35bb1f2afa11b17b08119d57fea25e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2c42e63607a948075bca7e1c4c84cd4

SHA1
95ea317fe6ed0579a41e77b939b3069191ef90d2

SHA256
897d59a0e57b487da67deab4548417eaafa03bd2ac456cec62b3d3152e7530ec

SHA512
23512b315baf17a624ed0d457515bb53ad665bcafb9f903e7b5c8d1e17e458fe5ca25f57526cc4e8c929647850e8700026b972cb57d3cdb9b79c42eef5ccb21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
710874ae35a0c93f1b36bc38a73b7088

SHA1
d996f408b5c252d8c9d9f584809f28165d1237bc

SHA256
79928d44f44aafea711e4ed9cdd07d65729c7c77c8d71246e4e0a98049aa297c

SHA512
0fe63e8e3261a78d659873d7f3cf1890187ac040f4c0ad0569317fde2d379a7eece030a154224f2af66c3e3e00243f236b8e96ce4d7a9b7663e6a68759078fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acad17cc8ac09e2a3fe3eae6683e3e94

SHA1
850784fe33958600587c04a3fc40ea4ce179cf4e

SHA256
b30d117a8e22ff4a708d8a834f0654c82a148d121b80a198c4c91b3dde7e66ab

SHA512
71aa15c0ec05273da6e6a1559ab6b20d1add0d03a4aa9ffa1923405ddd94912010bf1594149bbdbb5d062a5326e54404fb45cd7c4fc5657aa34fc6bbf3ddbb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b3fbb8a02260d5e41407a7e1af3ee2f6

SHA1
9180c8b9593405936b0fe52272571b63829525d4

SHA256
8c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de

SHA512
8a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
cfd585ce0db9a1484f8223dc2cfce2f8

SHA1
4e5e287160c05ecdff8acdfa0899faa5bad4de82

SHA256
0bcae3ddcadfadb917e4f910daefde07af8d2708b7795f3a1146102dcf6cf445

SHA512
b45dd6c3231a79155508d807d4b6f839d49e6120841c4f31147a83039515d3358822fa1fa4ae6f770b4369b96f221326c0b80dc2f0cd99d605440b12c93fb648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\6fedc2bb-b9a5-48f5-ba6b-c0d918b88294\index-dir\temp-index

Filesize
144B

MD5
8809de3f5b9eec98cd6445f5f333bc58

SHA1
15aaac3a82ed0ed6725af8c9a7aea7806fad74c2

SHA256
529d560ef730eb2a0f5286f65c36fb68ccd94c15698aa39a2f8656e4d968cff2

SHA512
878dd65c97df5166647e148d97c1da2fc5d9fd0ed0b3207c46120cdb2e54b2d517a509cc08662d9c1c5170641be6b13024d6e68c0ef55b37db3bf6917365a9c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\a41fe61e-2d3c-4212-be3a-9250abb7a0a3\index-dir\the-real-index

Filesize
72B

MD5
2199addf7c968f84a13f0f7deec68da3

SHA1
869dba5e52ae57906db3c9b2abf8756b0c6ce776

SHA256
e7115c7185e5943fd05a677bda059ff8e46a1aa0e7f28980825bf91b67a77bc9

SHA512
8dee042e8c72711bdaee861f8e376a2ddbe7481c65b827173308f04863eaa079fcbcca73ffd8908164061b97bf58495d956c6c4f4e2a5ef8eec43d5e2b911a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\a41fe61e-2d3c-4212-be3a-9250abb7a0a3\index-dir\the-real-index~RFe56e39e.TMP

Filesize
48B

MD5
a0e1898454061a66dbbcff968533ebb0

SHA1
072bad24765d5b4744e95e05726447a728d45ae7

SHA256
2feda99fde9822c8e05c6279483169f2ba4f7e32e72e2c83be17820bf82e5f95

SHA512
5f71f130f3172675e1b3cf9eefdbe6bd8e577a114dd96d146e8110518700a101efbf001979de2a059593e13907aaf779c4998daed41da7f6a8c78f54e17db029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\fd1e8148-568c-4f47-bcab-462a0c811344\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\fd1e8148-568c-4f47-bcab-462a0c811344\index-dir\the-real-index

Filesize
144B

MD5
43920bba0c9eb110c4637ff46b9f649e

SHA1
275a90dcd7e55da82fb4f5f31ae4c81a3ae3c7bf

SHA256
e57065a4c3773718aee53b451f01fe0ce827e5f3bd85e8031444ce0aee18bdb6

SHA512
749e24a1ce1b171339dc8aca37edcacc14e95ed62128029c44c12fb1e8a01017f0752ec5e38c065b506765aa556db326a617cf4e2d2fa2c952a23eb89079dcd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\fd1e8148-568c-4f47-bcab-462a0c811344\index-dir\the-real-index~RFe56e38f.TMP

Filesize
48B

MD5
9c21710251c155b67520875f9095dd9a

SHA1
b6afbb846382066a951dc5be5c912e54b1d53ac6

SHA256
8560f0a82c06df14ee244b8fd0bb3956da180c7f698fce90cb6902d0130bf88f

SHA512
3d65c9c58ec9ead8dd8541e5d44eb51082a9facd257ab37e91862002bce8b51d899dd0ffd7b67851e531fbaf4b5f68365980488582d2553f432194e56e8453e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\index.txt

Filesize
117B

MD5
37454ea34e90e96a418f896df269a4d9

SHA1
7edf4e38f72c67dc26a35497685e5c04e3f988d5

SHA256
5943e8103a40f418e5cbe1099c5a9baa052ca5b6682b791d09db42f1bfbcf2cb

SHA512
ee5d1ca9dca7c6c7215d052760aabab520bbe740b51634d2ad5c5d471e6e4a7cc9301c2e617b71c819fa7445f6f86b72c5b9f18232a49442741a531591468419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\index.txt

Filesize
185B

MD5
7fad55e430d049dee0574f8146d9e69c

SHA1
9f2aaee78814e346bf0e56d71acb64159622dee3

SHA256
255aac2d1f9fdaecb82d5de3f928b8506306b77e5db0dd2dd2fa02ef7f9deee4

SHA512
b5e274c6009716dadd5a110a671bdbc86e566199fa3b1f33319f9b0167c2b66f484805cc802886e27f9e48b0e19ae4820871861167b746228f8a3dba06614df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\index.txt

Filesize
253B

MD5
4e489fb928162959201bc742815e4782

SHA1
23a5ef22442bf26e35494f0ec126abb78c851261

SHA256
9d011b628e1a31d4e5152e8c757f15b2b9260e74bfb8d11abe516f71f525212c

SHA512
f8c48dc1168fb08e02132531b3407d35ee0064d7351cb709a85060ff75ee94b0d6771a7278a737457ac83bbe3db9367b73db4e3a893b33b41f20104f472a1fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\index.txt

Filesize
253B

MD5
d2e8af0086feae7cc1e06c25845d57e3

SHA1
f40587d11eb61ed2489d1a2c495c0db097ee8b57

SHA256
0fadefca8313083c3bf9be5224b87d48c02733842bb9651880fd570dffce5416

SHA512
5e86c4d51c795c4ae203f3d2041f001baf901b88d749f31b523112d770d1239043fd0123f7be6939b963074aa65cb3f108edbe2351851a3baabdfd7e09edf72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\index.txt

Filesize
180B

MD5
482d990ab0d087fbc8ad40672d71b81b

SHA1
499fdddc4e02f05ea28c3ebc2da51643a16feda7

SHA256
6898ddf2f365b44d390ed3ebb4c1ad31c9ba25e1c13d79831a4ade8fefcc5a94

SHA512
b480cebcdee58ca794a6cb3b55a7fc2080a6525ea0c7ca05e96156a6cd510e021993be105404e4716f78014d61fc37778c4ce515351cded2949a596b39e669a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\index.txt

Filesize
181B

MD5
bfbb18d4b5510bb4269694ece1476539

SHA1
6b2f73aadaad4e4841504fb53b1b348d664348f6

SHA256
eb60937d1705961b89ad4a4995d768d5ecb6ee571f7455cc5c56e6b315539a9f

SHA512
1a1f631cf1f76454cd8bfbe4ad10f52c99d976860bb316f7130c2bff553f87cb8baee326fe37c059fe871e8707ce3732b656aed8bc4ce45c34c7bec3b8e27709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\e2a5010e5d796f88cb319644231df18ddf4dc49d\index.txt

Filesize
181B

MD5
07b11257f1771848088da5df7b61424c

SHA1
8419dbe79e6ab69ac5b62f6791df2cdfdcb92dd1

SHA256
33d11bb397dc5d416d2c7bb43d5b78344948942c8fccade2b1931eaebe066569

SHA512
b85624990da73a419ca97ba1204127f4a4d474320f8c09b42ea2c70417dde1b44adfc8a38f586b56aa83ee9d2ce1d5135396218f2b96c0569474bfaa88213045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
91163093a45d97034c4a9c69b2f8aacf

SHA1
60cc5583074852dfdf0bd474491a378ebd76cdc7

SHA256
db17aea8374c9c67f6ea929c7e50acd778c760fcaba4e1dd8d95939527e3cd54

SHA512
bb834128ff13482f34b32f9101e53d43f753a43b7a9b6c9185319ba5f0534c11dfaa742137eed0da1acbe785f6ad0aadf9727c51732cc24246739a8dbbe7cef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56defb.TMP

Filesize
48B

MD5
d9d3f41c46891c9b8ccebba0ae6032ac

SHA1
8a71fefda9c3a4e056d57195dc57083dd3b0a630

SHA256
deb3181f943d84c9b08579f1951c4fda26150044bccccb4b3fe6abab883243c3

SHA512
2e66adb10d2c05be79ab84d24908fa8eda7759dbe8f652f979deb82aed5cbd93cfe9765a0065357fb79a305f7e9701a4df0fbd5a682525e16485af4be59c70ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4e7bbe061585c392e3864d34e4834463

SHA1
8149db477177c0af65d4be9a50fcc40a5692f04c

SHA256
9066b698f296e1871033e64cbe09badf1cdeaebfe466ca5785a5b54c1ea5f9d8

SHA512
ce7974c22fbe1a310c5ad09230a04428db10ca5e36d34e3352649ec90b480f91a8b91b5d58d69490227319d9ade35a82615f8224e881400a5dda76124b1735b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56eb6e.TMP

Filesize
370B

MD5
c4f2b61fe2152929e797d771d3430e9d

SHA1
4c5aa0680615e66142f315c504d3ddec86848b17

SHA256
2cd804cf0f0273f2f1719c2c81e47643e2fcb1d3dc7af7d111beed58c4613141

SHA512
6d590bfc7cc7f6e36d80745578d2eeaa3e189896c0cec3e353f7b093bff0fecfe1d2f0070f44eacd2b6b535e2bafbdfc05fab1b94a8455d2337e4fc3b84a74cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
34ca38e65d91166a784748464256c34d

SHA1
017a75c762b4933a682ca42d594e8478b5f64c56

SHA256
36bdec73e1cf3bdace06d85260c46d7a143226246c0a768833497760903617f0

SHA512
3cadfc92e69a025fb7958a98302ae044bf24523fb5d197690855f63bad920b9e7b2645757e1ac647fb0abbdd933edf22e16bf4703ca70fab01e18bcb14244890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3a596501e6ecb2f012df4ea43ebc525c

SHA1
71a3e80428dacede3ffaa0100036432f7d0b6fd5

SHA256
953a812efbcc09a5c2d4ada68fa5e9bc77fd3a43c8d1dc48737b7edcaa5c7ca1

SHA512
6545a3b2fef96ac89745bf6983c2cc6a39ad383882b537c0ee819e378134452a70434411bfd6fd213a28aa759f243f1ccb5332c19477e569947db21ac0efcac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hz1f4u1x.nbi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
e400a293eacab6e46e97619dc0092fe5

SHA1
6603dbcf96f3110b3d14f831942411ca4adbcf89

SHA256
4a4917e5c9af8e460ea6b9c907cc40309ce849774050f7015721773f6aecddb2

SHA512
94ac8144c7799c553229b3bd6e4460ead35f8016a7a272a676a480a9751c04c597a6189b1bba50e2f9cdd18813860cacb04543dfa959e9e3d5763e26d02825bc

Download Submit
memory/4460-133-0x000001FBD9980000-0x000001FBD99A2000-memory.dmp

Filesize
136KB

Download
memory/4460-145-0x000001FBD7890000-0x000001FBD78A0000-memory.dmp

Filesize
64KB

Download
memory/4460-144-0x000001FBD7890000-0x000001FBD78A0000-memory.dmp

Filesize
64KB

Download
memory/4460-143-0x000001FBD7890000-0x000001FBD78A0000-memory.dmp

Filesize
64KB

Download