31ba322238cbec10f6777cc16d2fd078bef6f14de2f021545f353a2df22adb1f

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2023, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7041230x00000000002E00000.exe
Size

192KB
MD5

775aab41f41e92607f3762b08d181fcc
SHA1

5ca4447fd0342bd651b417631ab2202652bd39e6
SHA256

31ba322238cbec10f6777cc16d2fd078bef6f14de2f021545f353a2df22adb1f
SHA512

6cb4501bc6b505ea9494383431c9ca90cb0cfec1c69be8b6bdb4002c993ab6283e5b485b11580772f2ddab5dab5c0a9a36dcdf3a1575c2e7be675cda601d7e3c
SSDEEP

3072:NUUEa9Te3JQBf8td3/oxN1ULH0tyV8e8h4:O7QRyi1tyV

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f3dea4f1-c931-4b69-a996-0ea8f822b72e.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230630120018.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
1608	msedge.exe
1608	msedge.exe
4028	identity_helper.exe
4028	identity_helper.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe
4160	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 1608	4960	7041230x00000000002E00000.exe	84
PID 4960 wrote to memory of 1608	4960	7041230x00000000002E00000.exe	84
PID 1608 wrote to memory of 3924	1608	msedge.exe	85
PID 1608 wrote to memory of 3924	1608	msedge.exe	85
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 1944	1608	msedge.exe	86
PID 1608 wrote to memory of 224	1608	msedge.exe	87
PID 1608 wrote to memory of 224	1608	msedge.exe	87
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88
PID 1608 wrote to memory of 4472	1608	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\7041230x00000000002E00000.exe
"C:\Users\Admin\AppData\Local\Temp\7041230x00000000002E00000.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=7041230x00000000002E00000.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2dce46f8,0x7fff2dce4708,0x7fff2dce4718
    3⤵
    PID:3924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
    3⤵
    PID:1944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
    3⤵
    PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
    3⤵
    PID:1780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
    3⤵
    PID:1660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:1
    3⤵
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
    3⤵
    PID:4864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
    3⤵
    PID:4160
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
    3⤵
    PID:3788
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x130,0x22c,0x7ff7cf215460,0x7ff7cf215470,0x7ff7cf215480
      4⤵
      PID:2136
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
    3⤵
    PID:648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
    3⤵
    PID:4588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
    3⤵
    PID:860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
    3⤵
    PID:3788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8142126916727287296,5993830884304434620,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2816 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=7041230x00000000002E00000.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:2712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2dce46f8,0x7fff2dce4708,0x7fff2dce4718
    3⤵
    PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3244

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb62f344ad026c624f757eeb452e2ee2

SHA1
69d135731ecd414f7f7b1ed5a6d4a6e4414dce92

SHA256
61cf4c2a79753705e6ecd28867b548115e83cbdb76a5a124849cd094635d2d6a

SHA512
50318f97a2fae97f9483d1eb87b4cb8ec3f22f22f21749f375ee3210ad8ad1c3929f8afc60fcaf19d5fc2c4a8420fb0da5787744c589b25f70ff763c6abfcb6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab6c60116611221845298123c757197c

SHA1
f90ee239579b1c40697c32ea688390ff9d777362

SHA256
6f72e30896b7ac428f722bf30ef27bf005dff5c9df0a210c05d3077a86a67b2f

SHA512
481b8743f7835acdc7463638b584be281e4f99d6b457a50d4276b19ccf151373a7fd2287c51efea2c1335a4263694aed330b5c41313f76a9b149171364e28a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
68611d57920db1c34544b1455c401875

SHA1
6023a56a751b2a33fe0a1673e56f27ec6c68df00

SHA256
e53e43cf54f40fef4e61cebbc44e9c41e7d3012ebe19eede6808f58b62210eea

SHA512
7225d25c6c6e3d20e214b17803d5415166ff81cdb24152efbb1f6e0b1f13c32ca993ea43aff958b7159508f3705b71ef5855459cfd71c1fa9d50c4d00dade23e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
9ec74865eb5cface3123b9d11ce7f7de

SHA1
e066875bfa1fbd074eafb64614cf138498f34a59

SHA256
70e78dccaab2ed162282879f2c66e112b431ffd83176472c8f01186ee94a0747

SHA512
6864714e8086ca95bdb561b9c3ebcc113cc200a71a04312e7ca38a31a7d8d90c2acc36849ede30e312cb70e0a5e908cc16ca4dc209ed2b01083d3aeddab86867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57226c.TMP

Filesize
48B

MD5
994f9132390d73a84e9244c2360e34bd

SHA1
3f1b96424677e51f58e15f226e520da0746f3d07

SHA256
ef48a7e4d51584a1e6c170188469dfea92c6b7622b75c6c828885710fea7cd9b

SHA512
62dd7aaa3cc40c7a77cf34e3df07751bbab928a29877246fe8c15bd758f0a191e05a4d4d3856261666645bf8c7688b20bbae883b4e1f10bca077df2b8f8e0f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
9fb815287eaf782bed0ced604e5f487c

SHA1
beef8ce9e6f550a8c57dabc1b9e95f83d2ef00dd

SHA256
b4750701dfa5270363d1770adf598166928e1af1a7552e7ade001c928fecac10

SHA512
e5f0e68f9f599a0c025d3f04d7560f0b2f2952c7b50ab0d49169b55d764bcc5ba2c9d38cc012b226734c92bc55b9501ccb4164d04eced69bc68d1a49ecf0d5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
346B

MD5
172a03f1e073cbc347cb5102d038fa13

SHA1
83a95a02491a4b046ea79fd04ccf6c5c24b29d60

SHA256
b8193a8bbd8d5c6b71977d040537ea555fc414cb3f7c2d4166e9bd3ac1ef4e89

SHA512
2a47a09a51fbf77f8b2bcc2d3e46db628d45ebabb9bb4033965b3409810e9a6c55c1008a62bfab5d3ca2a64d8b67f5c726f3682da0132738065c14ff77c1f5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
7b307a8a5580f9e0242391d6c44208a8

SHA1
e6267508306902ad7646ba9284b48f46d651bbee

SHA256
4947a2a444768abca5b77870c086cc2ed97b0f39cabd338938dd265358c1736c

SHA512
ed00a716aea5437f0504b60d4682819f9f12d8c6e36c63ca3ebab4ac6d751d48ed2b70b0b7d2fbfd97ef2b7cf784e9e75a7a51b78c2ba137581337fb8867d92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
173fd1454b5c1df8533aaa5cbd945843

SHA1
23f2560a0e9ea703c5a2cb1c0dd8e58b874e199f

SHA256
e388d19bb8aeeca34a23788b1757d8522e3c53184d632e3910517d948083d0b2

SHA512
7daa58ef925295c900ff0976606c50fd324f8ab224692c3305ed38bd01d463d87075c0393b48a4038b87188fc091e2e9dc3867da1d92ad78df756420a135b6e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55d69c8d9d03d6dbdf1c5717c9e55224

SHA1
5404040fe275f07e4359ffdedb76433015a60e82

SHA256
3003f3046dd9202de2c0a0e348afb1142a6ec12c617d47ac72c6aaa231a51857

SHA512
8f6beb7f36cabb9ae349fee14e63379432c91a1f858fe48f7d9d6db1b75deac36a5e74f8dd1bd7cfa5735811b1964344eca1aee38b1ac6e2ba65953ebda4d25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4350790c5ce221003810409ebaf1ab5e

SHA1
5b6be3ea1e79b347d2d307ef6e74369cd224fcf2

SHA256
718d087bd1fdd3695ecbf02fbf119cd2f281a0e7ab03706b3fc5961d5250779b

SHA512
aa8011ac7260c485b7d170d5ee48251eb82e592fdeeff9fef4c90643a48c15a6a8caf7f2dd9c5b39e91bc730e1ab206538a94ec06a06dd87de6b96b6ce0a1ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2babd6c48369403ceb0e62762ef724be

SHA1
2e656183c7dee0ae8ae9b5eb361cd5884f694829

SHA256
6e45b5ab488834284f859c30331156076d2429fbbb1c7c6bb8a8f47cec0fd372

SHA512
f4bd88b94e4dc547811448df8edbd2851026b33916fc80c8b1558511aa381fe5663c371c8c41e03e2b3171cd5c96c3fa0324f8cf732dcb352cd697cc22864b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
dd8f0440598f34489dc8d225780e43d6

SHA1
e8b54d3b9b69f046cc3c6813f2152e5579414406

SHA256
bdb79987a0225b26893db65b61c170ea65e643ffabd1b5dc31d56696ce74d7ea

SHA512
bd4ae16c30c9fbacde96b3e255ff4ac39909ee0c6b248d2b01d9bf9ff56ee419a335b752fac566a0dca52b97d112cc7ef1c0faa6adba8d7b2905797a03665f66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5703d8.TMP

Filesize
369B

MD5
dd2eae7e0486fdf20e7649e9f5345544

SHA1
c385c809d31dacdd7bef60d74e819316e03bf683

SHA256
3cb224ac018da267c475faee773a353a9497ed1f962cf76c6fc1de217dc3efba

SHA512
2fad5892f6c90294317b6a1bce83cb8893485ffa3c01dd5d52787b1c05ee8c26eb4973d669c38105d698969a7d8ae9a23a561d8268da36edb48f5c9dbc035f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
c18d14d91502e478b059c71f92963c3f

SHA1
ddc0b0c07bb64d59fa469179693d9833d48b4368

SHA256
759721400ce154c45810eb0edd661c147b8102aa0bf03ac4f1b0b7be5cf7dfde

SHA512
5452246791228c0487ede980c1a241cc28bbf4b1faad993a0a7090c783e54a6ed4ccc3c84d09463ab5aff5ad1a6b6c8a072a121652982b8b653fb0529a00e58c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
1b4f0923c5060861312bceb0ffb1dd80

SHA1
c38320592ef88cde36842b2a55d3c721bd1c9402

SHA256
79bbaf22254a96c6c7e2d9ea01ef91fb07e0767e595a7baf42239a2285602c63

SHA512
9a287dcf333474f06b30c6f01c2670ed605cc9fc58e7970dbac1f3ef5772856084f62425cf7fb3d617739f81cc28b76478574dec7c1b45e2f5c67cbf859e2ec2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6015871b3d5b7ff90df8438009053fd2

SHA1
6ae522df18cd727203b5b3097ef74231c4cbbb3f

SHA256
f6e1cfc0b011367dc3acced8ae234baeb7cbef364c043962ff131dd1cff6dcbd

SHA512
83dadc12b37d2b4fc9b09683ac78abe0dfad184efd1bfa58c417c5f384ecb0d8f733766cf69b7ec9e5f8d51e3df1965f6d08d054be724791c28a47f5b6f88eb4

Download Submit