Overview

overview

10

Static

static

10

1996-54-0x...ry.exe

windows7-x64

1

1996-54-0x...ry.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2023 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1996-54-0x00000000001B0000-0x00000000001E0000-memory.exe

  • Size

    192KB

  • MD5

    dfdf1eac9400d2da414cde7450490045

  • SHA1

    99816e3f0632bba7b384169ebe1bf8aad825420d

  • SHA256

    647704f63d6403e921b6cfc5c38a9376d9e48ba227795089386314ba7f65f774

  • SHA512

    e82199bdc0347f74543e9a6ac0116dd89becaf08de1360998b960ed0fc68a980a098db28cff79fad97f21cb76464e93939e120441cc919b85deb7bcb6ec15efe

  • SSDEEP

    3072:MKfN10T8hFnWmMJxN/GJvQf3xGPn78e8hN:ZNvWmMR1f3xGPn7

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1996-54-0x00000000001B0000-0x00000000001E0000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\1996-54-0x00000000001B0000-0x00000000001E0000-memory.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4960
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1996-54-0x00000000001B0000-0x00000000001E0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
      2⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:876
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9687f46f8,0x7ff9687f4708,0x7ff9687f4718
        3⤵
          PID:752
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
          3⤵
            PID:772
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1096
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
            3⤵
              PID:3560
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              3⤵
                PID:1796
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                3⤵
                  PID:3316
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
                  3⤵
                    PID:484
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
                    3⤵
                      PID:4764
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                      3⤵
                        PID:2968
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
                        3⤵
                          PID:1904
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                          3⤵
                          • Drops file in Program Files directory
                          PID:5044
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff660c45460,0x7ff660c45470,0x7ff660c45480
                            4⤵
                              PID:2336
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4112
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                            3⤵
                              PID:4224
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
                              3⤵
                                PID:4232
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
                                3⤵
                                  PID:3788
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
                                  3⤵
                                    PID:5056
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2383114834053285823,8650516885801880278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6452 /prefetch:2
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4932
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1996-54-0x00000000001B0000-0x00000000001E0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
                                  2⤵
                                    PID:4744
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9687f46f8,0x7ff9687f4708,0x7ff9687f4718
                                      3⤵
                                        PID:4252
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2136

                                    Network

                                    MITRE ATT&CK Matrix ATT&CK v6

                                    Initial Access

                                    Execution

                                    Persistence

                                    Privilege Escalation

                                    Defense Evasion

                                    Credential Access

                                    Discovery

                                    System Information Discovery

                                    2
                                    T1082

                                    Query Registry

                                    1
                                    T1012

                                    Lateral Movement

                                    Collection

                                    Exfiltration

                                    Command and Control

                                    Impact

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      ae2c65ccf1085f2a624551421576a3ee

                                      SHA1

                                      f1dea6ccfbd7803cc4489b9260758b8ad053e08e

                                      SHA256

                                      49bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54

                                      SHA512

                                      3abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      c3770be634be8da92e71a3f9f76d79d3

                                      SHA1

                                      f4538b79d313dd46e55d1fd3e6ca3d4681fe4c3f

                                      SHA256

                                      23549094c00feed7abf21e56caae3c8b22a7bd89cfc2f5ea369cf13259273432

                                      SHA512

                                      09c1a087be6dcb49fd0725936571946266f31298f8ae141d59b9ac60f3f0fe8e7d964f661818d72682633845b48dbb906d8c89bb33bd2060bb4971b3e14fc4a0

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      cb2ff64f73629938a4349480a8654f8c

                                      SHA1

                                      72cdc3e5a55cb9b29beb17f643e0ccfe32d11fba

                                      SHA256

                                      745c0c49f261cfb2caf19fa38574e4a9245a6f6ca1caa66b8220db26117b7f0a

                                      SHA512

                                      75cc8eca1dca5077fb278870d4f4e0dee7cb4a180fe43c3d19522b94605dbe34daf9f19faa09fba4bfd6ae098e3643fb3cd022a91000d99f62f43f004d757b59

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\59ccf633-4fa5-4de6-9da5-8388fc9ee824.tmp
                                      Filesize

                                      70KB

                                      MD5

                                      e5e3377341056643b0494b6842c0b544

                                      SHA1

                                      d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                      SHA256

                                      e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                      SHA512

                                      83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      48B

                                      MD5

                                      a68c689c55e1690cc49619bb23eb4cd0

                                      SHA1

                                      58bb4a49df7e1d2b95febd92f3c51500bc53c7b2

                                      SHA256

                                      eb62c05ffa747da0c265bd35f3d742e003bdb667ab23a79e58fc03a41fa79569

                                      SHA512

                                      74717b421e7f62b5a3dd23f2cbae4510c6186183b54b0fa42d18275a91df233d3b24885b24d8755b5a0a25d5001a53b743e329bf7bfc075911b16c3152cee72e

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      360B

                                      MD5

                                      26f39151e9e2a1be00ecdf0ee724ca45

                                      SHA1

                                      32d4ec23ffcdd47c49ac91e1cf6dace7352e2b4c

                                      SHA256

                                      488b1583d3615f934f63ee6b93f6f4405d3ecd0b308013290ec52c7e381baf95

                                      SHA512

                                      c392b1a4226a193d9906fdb8f7c93d7ade0e14c84a957af3a621ca34bda8f101955a2740634a8a586e992073a80b8618ec83951c165d2a4b664fce793e891ae6

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
                                      Filesize

                                      2KB

                                      MD5

                                      9dd5ee6d23b2b496aeb8b4f682de152a

                                      SHA1

                                      0026b8c2bf98f72e76fb47a377edf85e406fae5f

                                      SHA256

                                      f86fbf32fe0dfaf6035266522c2d71e250ba47dea89c74fa6e1e45d66aba0418

                                      SHA512

                                      ea07c2032eb27be7e38d4cf061ea7c3758300d491c03bfe6a173c7e90a6eabe16a85d6dd95c18ad3f46106b00e965034e5ce8f01132778a5dcf742d84fad31b9

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      566B

                                      MD5

                                      381ac45cdf7aedc98e646056ccde4a8d

                                      SHA1

                                      168e192b23a595e9f41cf8d107d6c1d601c3ca77

                                      SHA256

                                      9f056538358e029a4a7f13bab71dec7dcec6a9ac69b95c766a887849faf49e84

                                      SHA512

                                      98ab242ae61cbeefe9816b68044a15f7118e2576c6e559fb1fb801cc405d4c81310183c6c6a31ab46791a1477d0f61ce113d98311f9858619e91a03935e8a4ab

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      4KB

                                      MD5

                                      e24d288150fc88460fd5ed71e9616588

                                      SHA1

                                      bb2e1e0503e2d39546092ce6657cd9a25578794e

                                      SHA256

                                      0d0af2636bab2b675cd530637492a3f021a81ad7a45e0ed09d128bc54c110174

                                      SHA512

                                      6318cec31cf3d769a0d8122e6ffa8fd320cd9cd085fa5d6bd061dfb02f5d60995043bd9c05e1378076ce4bf530c59697ed38d8edb88cc0d8c1ed06d028f89e1b

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      c47296d580034fb6adaa8df48eab5f2e

                                      SHA1

                                      ff3266ac32f2413734ddf83f92f98a34ddae9e8f

                                      SHA256

                                      68679302e2f1962590d49374f098f34538335defb51363a3b023b4806be8c96e

                                      SHA512

                                      a6d267153e09b2497091095ff763073f5748b51ebef4e820705716e605f33658e133721ca545d23ed293676532aa895ca8c761a425760be8268b467d90425ecd

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      efeae4178e67873b6265b8915333a096

                                      SHA1

                                      802261f9e21f7687699cb6a17b68412be66d735c

                                      SHA256

                                      7c62951eed74ead59a8793bbdd245cffe053deac2c3975852ed243ca0bd55842

                                      SHA512

                                      99282e5b6acfcd3335943b7a868a13cd1da4377cc2e9aeaea208c9d63925a80785bc75d6580ced857fdb2a807328c1e517b5065e9b2e0758518cc8c9d0bdc5d0

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                      Filesize

                                      24KB

                                      MD5

                                      b3fbb8a02260d5e41407a7e1af3ee2f6

                                      SHA1

                                      9180c8b9593405936b0fe52272571b63829525d4

                                      SHA256

                                      8c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de

                                      SHA512

                                      8a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                      Filesize

                                      24KB

                                      MD5

                                      cfd585ce0db9a1484f8223dc2cfce2f8

                                      SHA1

                                      4e5e287160c05ecdff8acdfa0899faa5bad4de82

                                      SHA256

                                      0bcae3ddcadfadb917e4f910daefde07af8d2708b7795f3a1146102dcf6cf445

                                      SHA512

                                      b45dd6c3231a79155508d807d4b6f839d49e6120841c4f31147a83039515d3358822fa1fa4ae6f770b4369b96f221326c0b80dc2f0cd99d605440b12c93fb648

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      536B

                                      MD5

                                      8d3e23b4fcc931e5d14eedb454f61717

                                      SHA1

                                      4d1bda438b21ea0be0ace27fc1bdf9634cc6aeb3

                                      SHA256

                                      6e8da783702dad03cf7baf5ec17194f2b9ae5da6469c5830b96354bed04e207e

                                      SHA512

                                      490ba925bf16580e2a3636602e686fec60e3c20466803171043e36c2d24362eb0ae7f251c5e77107b2b9eefc58e3e49aa8abeab89111dd656bf4dc2afff6f23f

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56e92c.TMP
                                      Filesize

                                      536B

                                      MD5

                                      0d20586ed498639006d89a5cff362b94

                                      SHA1

                                      62f412423d3c233834c07f902aa2ab16e91b5b95

                                      SHA256

                                      8a21628b41a17ec15299ead7ccfca0c50b54cd2981e0422614c009391d0cbd32

                                      SHA512

                                      f72e40498603b5e9a0c771f24065a7b2adccabd7835e4929519c58f0ac0c075ed41a737f8e13f167bb7cc63d4747f58aee297395726325e6632b3a84b4f49dd6

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
                                      Filesize

                                      41B

                                      MD5

                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                      SHA1

                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                      SHA256

                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                      SHA512

                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      9KB

                                      MD5

                                      3409a3f9853b6cbdbd3120676b962902

                                      SHA1

                                      9a7db1a1c7d8587dbc9e21b9d0e807ce90d71eaa

                                      SHA256

                                      d7f2af44fce4cc1af80168aaa58715a726f61d9ad4d9a4851213d05f7448720f

                                      SHA512

                                      b6f6e0857c22c24aea516477016a144c1ffb232dfbbdce0085628630faeb0510d08bb3832cd23ecf4f4d3b661481f1de51ac0f41006dfc5b7b8122b29e8f8dc2

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      12KB

                                      MD5

                                      cf0a2142bc125cb42702aa4469f66928

                                      SHA1

                                      48bef3e88ac29eeff69b1b6fe155fb608ed9298b

                                      SHA256

                                      12c1798d1757f5426145218f5d5cae22ce5914ee8f2c961048c572665246f92a

                                      SHA512

                                      44b64c04b7fe293b8731b05439b27c3d7f7e38570c51236902ef445ebc11e86b80445c4c19f4c457e45b7485500df909b25f184ab10254ea43b968e65164b663

                                      Download Submit
                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                      Filesize

                                      3KB

                                      MD5

                                      5c86211b4680ddfd938c46d5c0c4ab3d

                                      SHA1

                                      67e25e96b102df03eb3ec4d9fd0a0250f8fbc2d5

                                      SHA256

                                      913fb5cec6042ba96923c9a76ea51a9f2feed3bddd21ca9f4d91e3c3b5fb0cd4

                                      SHA512

                                      8c7c9f82eda7306042bc9ea387469f2575bc85772e4819d8cc665717ffaf79b49da6eb96f4c815b1986ca4605f1998886e86c55111c76cf89e8d1fe2d768c1ac

                                      Download Submit
                                    • \??\pipe\LOCAL\crashpad_876_PPBQVMDQQPVHIMRU
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit