0d6ec01e96e0b0101f8a5f2ba5828e4a5547bc0dbb00a42ce1ea3280fcff60f5

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2023, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

952-113-0x0000000000270000-0x00000000002A0000-memory.exe
Size

192KB
MD5

9837edffae2281dfb3acf6261a3998b8
SHA1

0efd243c47e49e7e01751d6e2c9691d344b4443b
SHA256

0d6ec01e96e0b0101f8a5f2ba5828e4a5547bc0dbb00a42ce1ea3280fcff60f5
SHA512

04549b1346ed2af9c0d6b96013bd72f9b8736667dccd321329dcc4d2180a635c2bec916fe00573f1bea6ebc0b8de6a65f23dc75aec1d94dab1c35189609c5f89
SSDEEP

3072:BUUEa9Te3JQBf8td3/oxN1ULH0tyq8e8h4:C7QRyi1tyq

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8f93ba3f-ae72-4b55-9385-ae7ddee5c8ee.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230630200216.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1356	msedge.exe
1356	msedge.exe
1380	identity_helper.exe
1380	identity_helper.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1356	1932	952-113-0x0000000000270000-0x00000000002A0000-memory.exe	80
PID 1932 wrote to memory of 1356	1932	952-113-0x0000000000270000-0x00000000002A0000-memory.exe	80
PID 1356 wrote to memory of 1976	1356	msedge.exe	81
PID 1356 wrote to memory of 1976	1356	msedge.exe	81
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 2776	1356	msedge.exe	82
PID 1356 wrote to memory of 1724	1356	msedge.exe	83
PID 1356 wrote to memory of 1724	1356	msedge.exe	83
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84
PID 1356 wrote to memory of 4524	1356	msedge.exe	84

C:\Users\Admin\AppData\Local\Temp\952-113-0x0000000000270000-0x00000000002A0000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\952-113-0x0000000000270000-0x00000000002A0000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=952-113-0x0000000000270000-0x00000000002A0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb47c246f8,0x7ffb47c24708,0x7ffb47c24718
    3⤵
    PID:1976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:2776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
    3⤵
    PID:4524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:2668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
    3⤵
    PID:3840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
    3⤵
    PID:1928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
    3⤵
    PID:2276
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
    3⤵
    PID:1624
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff698465460,0x7ff698465470,0x7ff698465480
      4⤵
      PID:1544
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
    3⤵
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
    3⤵
    PID:4548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
    3⤵
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
    3⤵
    PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17318826982326938468,13133024107979275001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3752 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=952-113-0x0000000000270000-0x00000000002A0000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:4444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffb47c246f8,0x7ffb47c24708,0x7ffb47c24718
    3⤵
    PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2060

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb62f344ad026c624f757eeb452e2ee2

SHA1
69d135731ecd414f7f7b1ed5a6d4a6e4414dce92

SHA256
61cf4c2a79753705e6ecd28867b548115e83cbdb76a5a124849cd094635d2d6a

SHA512
50318f97a2fae97f9483d1eb87b4cb8ec3f22f22f21749f375ee3210ad8ad1c3929f8afc60fcaf19d5fc2c4a8420fb0da5787744c589b25f70ff763c6abfcb6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b72766c66a875151e79dfeededb697e8

SHA1
0f8f119b9dcce22ace21bb9687b608a3656b85e9

SHA256
9be61a806e4ced73e82d360253e02c1980e3e1a098e4bb4a6c16dfcca797e1f2

SHA512
2a62370c518c5b423461c7641326bb60ace892ec549aa1f45ca3e7d1ee52436920cbd72aeef7923ffe02cfe9a29c9f531dd45ba80a73b2c6950edbac99689faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4decfb0b-eb59-4b26-81be-91d27d6a4875.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
2ac0e35f21ad38f9cdcc91e81112707f

SHA1
9e65a6664313ddd57e7bd15ec00490d5c7e26a8f

SHA256
6c007045ebb2ca1aa2a2a79cdb1e9e44b0a43c59633a30d9282260f47e2b1d1a

SHA512
7c35c9eef5eb26feffd57e00ede1d97e7ce3c0f8b41339d8e5dd1014c443231c6f606c86c7e5672b6c6cf27a75f6f45a7d68bc012cefd7e1fd55290d64412dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57159b.TMP

Filesize
48B

MD5
e5c5ea22041527406f04c5f51f60904b

SHA1
c4b9ba2488a13fde4bfd6e9ca5f1885300b716e5

SHA256
406718e8faefff173a5517588ebaa280c170cd472ce0b7c60dee83cf3a176095

SHA512
797571d8f4cecc7c7bd99e933ab04c5e901ff2f430ab7094d11b501de70b50d7d9106fc0f159d05e3ddef819d0cb49ff19bc301f9e14198fa2b70db179805b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
44baae6f8259661419c92ab8deb9e0c3

SHA1
0f1ccc720fb11b5adc36d9cec5fbdef3edbae1e9

SHA256
3d5b697a2fbafdc563a7ecc68a17936c75440a5df38140de3c269bd2e25e365c

SHA512
9f9b7af8db657a430624e75022f3a763d5ab5c911490faf62e221278f61b17199f8dc8371074382af6e2323fe1d977ade345efabb7393c8718aee714b0c6cf78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
346B

MD5
172a03f1e073cbc347cb5102d038fa13

SHA1
83a95a02491a4b046ea79fd04ccf6c5c24b29d60

SHA256
b8193a8bbd8d5c6b71977d040537ea555fc414cb3f7c2d4166e9bd3ac1ef4e89

SHA512
2a47a09a51fbf77f8b2bcc2d3e46db628d45ebabb9bb4033965b3409810e9a6c55c1008a62bfab5d3ca2a64d8b67f5c726f3682da0132738065c14ff77c1f5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
eeeca1752b4f4adc36fd11916b57a73b

SHA1
27aea126eb7a8a322c2adbd02cbde4a4fe8f886c

SHA256
319a06c987de8ce8190cfec0d7cf2f11d44d845bf94b0f01075f417b80b4f6c7

SHA512
d1856fdb09923e5447917e44475f8cda0533538b9f620cff3cc333c589bc800de9703e03a50980d3aab7a9952a63cf237d25adb673999ede65762eb498b647cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5572145c35b7cc12d47a84feff908784

SHA1
84d26732b61847990b5f70655e896f380757f97d

SHA256
e89515d6dfcfea8a45cafaccd3d1ab887faf2071d36c7b03f28664f9d3119af7

SHA512
e818cadbdb3b7e38c1632a3c4343db8f39ad2c4a01f768d317b7cf8a57b5857dbf2e7870c52774a34d59d226f4075e00ff4fcda3246da83eb1d05d8befc2e6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21505a49589e8cea908fe6baf7a67438

SHA1
d08d9a59df9d4b85c59c9eec7ce25bac1a2221e6

SHA256
ac3f77899dcddb1c345661cf6fd726f25314b9af629c581282f9ada533b60a09

SHA512
9aad0af1c2fff0e58b8ae23d84f8e52d768565849177ff81e98d136abe42863b87731669edb17a5c98ca96f0fdc01d6175800b86b4e4fe8ab5b87abe2651c4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2babd6c48369403ceb0e62762ef724be

SHA1
2e656183c7dee0ae8ae9b5eb361cd5884f694829

SHA256
6e45b5ab488834284f859c30331156076d2429fbbb1c7c6bb8a8f47cec0fd372

SHA512
f4bd88b94e4dc547811448df8edbd2851026b33916fc80c8b1558511aa381fe5663c371c8c41e03e2b3171cd5c96c3fa0324f8cf732dcb352cd697cc22864b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4350790c5ce221003810409ebaf1ab5e

SHA1
5b6be3ea1e79b347d2d307ef6e74369cd224fcf2

SHA256
718d087bd1fdd3695ecbf02fbf119cd2f281a0e7ab03706b3fc5961d5250779b

SHA512
aa8011ac7260c485b7d170d5ee48251eb82e592fdeeff9fef4c90643a48c15a6a8caf7f2dd9c5b39e91bc730e1ab206538a94ec06a06dd87de6b96b6ce0a1ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
8bb33c2a86eae6b667a5fa94fa4b5359

SHA1
7377d37c7091e240b480ee00e7769f20db4cbe44

SHA256
53580440950e4ffe04cd161b1fed9a47f839e983980a2703de47a25b2ab6d1e8

SHA512
feeff2bf25fe70a20ee1dd2def4cd7129962aeb3a140007f6a18dc0a4e24191804442c932895f1230a8c5c165a0e05e2e11883b67362e42a8a05641a3dd0adc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56f7d2.TMP

Filesize
371B

MD5
37c809760d34b8a195e9e7281b706465

SHA1
1eac5cd5ea1e6062df04555790013197fe5ee9a1

SHA256
b39df22fc13db4f6d4f1f2b3d66bd6e974a13fa20ac6f83e52b6e93fdb3f8658

SHA512
d4f7e3c46ce58af533c54e75c84d2dc97be60232ab7099d9403c47061135d278ec4e5f6684deea790571f3116eefb939e858664dde1f8063361e2d705ca62b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
911fd0ed98afe17279bb14915bfb8c48

SHA1
4a6249e2363f1b27cb983d7b364af26de38dfcb7

SHA256
95d3faa832f8a0d0aaae4e5eac2b0db8be5798ca30d1726a33b89a3c98e913ab

SHA512
94931ea8b2541842a6f059341533a27460f819b70471604c3d3da7421332b996fd58876d5965beae4054e1ccd5486eb56b548e6487b4920032be77e38f4b02a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b42a8931-7ca8-497c-8383-37f0a5a5470c.tmp

Filesize
13KB

MD5
68742094f0a37a552059641405cd55c4

SHA1
9606ca6ee141b55595c3c872032a8125376dfbaf

SHA256
2f74ee8f7d645cc6d3e6532a5f0d1a9448af74c50980b563cc01508b7d577bf9

SHA512
0b36d638415330fa33078bf3b17efef098e5242434ec84f5305dc479c4081fc3b3ff3a7d96dc988c9350839b7134e7d71f3369557bdca86bd5e1867b297c3dc6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YP56B1ZBBF6I81DJLV6Q.temp

Filesize
3KB

MD5
c48fb2dd38bed438610db187aa77226e

SHA1
976b0d987caf1147d75f45ed35eb4c74c059042c

SHA256
25f6f1e800022e99dd1761092cb0bcf28a6fd208ce2eddf690dbabf80fae01d9

SHA512
20a95163212a2fe3f9ec653179d40574a1628b3763a26049921961ca9e3847f483204c5cfac03b0e64bab96cb6c018b64002c363126977022e61baf942697ca5

Download Submit