a7416fb6390a1f00dd74d3eef5e93b608a137ba54c0965826c518ff4ce036e69

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2023 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1868-123-0x0000000000350000-0x0000000000380000-memory.exe
Size

192KB
MD5

329b2c7fde0331ea92ad0a699e842d84
SHA1

f8b71f0c608e1c50e5d3486c78c6d8826cd47b84
SHA256

a7416fb6390a1f00dd74d3eef5e93b608a137ba54c0965826c518ff4ce036e69
SHA512

3f5d467f4a81507102f47eeb2f647b623acc2903d06497b4e1a68204e50d327d7a6386b3237ad8dad1b88af1c4c1f1cf89750720e4fc87323aa5fc11c3fc6f9c
SSDEEP

3072:8UUEa9Te3JQBf8td3/oxN1ULH0tyc8e8h4:P7QRyi1tyc

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{63EA6C7A-8212-48C2-854D-1569D9779352}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F7876D8E-F06C-4E09-A16B-8E42F685DA0D}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E6A65613-B793-4D7F-9A1D-C104B77C976D}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E70E8D75-BDEA-476E-9FB6-D96ECBAD9AD7}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1F704FCD-520A-4912-9A6F-5465A6186FC5}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{6F147018-2E94-4656-9617-AEA38CE33C73}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{54C4A49D-BC75-4E3C-BA74-7CE918DE62D6}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{C26C5A0A-439A-4683-B13E-6925C627F241}.catalogItem	svchost.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230702032541.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\9ffcc447-d088-48bc-b29f-bada1edb2f36.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
1156	msedge.exe
1156	msedge.exe
2472	identity_helper.exe
2472	identity_helper.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 1156	2652	1868-123-0x0000000000350000-0x0000000000380000-memory.exe	93
PID 2652 wrote to memory of 1156	2652	1868-123-0x0000000000350000-0x0000000000380000-memory.exe	93
PID 1156 wrote to memory of 3696	1156	msedge.exe	94
PID 1156 wrote to memory of 3696	1156	msedge.exe	94
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 368	1156	msedge.exe	95
PID 1156 wrote to memory of 2988	1156	msedge.exe	96
PID 1156 wrote to memory of 2988	1156	msedge.exe	96
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97
PID 1156 wrote to memory of 1448	1156	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\1868-123-0x0000000000350000-0x0000000000380000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1868-123-0x0000000000350000-0x0000000000380000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1868-123-0x0000000000350000-0x0000000000380000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd80ff46f8,0x7ffd80ff4708,0x7ffd80ff4718
    3⤵
    PID:3696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
    3⤵
    PID:1448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
    3⤵
    PID:4244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
    3⤵
    PID:1452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
    3⤵
    PID:2152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
    3⤵
    PID:3660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
    3⤵
    PID:1836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
    3⤵
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
    3⤵
    PID:560
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
    3⤵
    PID:216
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff635af5460,0x7ff635af5470,0x7ff635af5480
      4⤵
      PID:416
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
    3⤵
    PID:5056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
    3⤵
    PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5451889183733859521,5562083160025546726,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1868-123-0x0000000000350000-0x0000000000380000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:3560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd80ff46f8,0x7ffd80ff4708,0x7ffd80ff4718
    3⤵
    PID:2756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:2208

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a9f76dde5876d055fc0a4a821de6d02

SHA1
3cb30f2ff875cff6a4e4be0c7506254e076ad4df

SHA256
323204c96cf3ed35bb893c2f20a444cd0c7aa0b44749174b7b22ab351b2edf1a

SHA512
b805309fbbc622f2e47c9d4397662713b37879d0ea0602675c0894e655b9dcd34d483a02c6bdb73b5c6ce084ca7523e038104bce428a5bc7be3569c0d18b9091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6abe43658387f0826ca6d505ba2a9b0c

SHA1
ba777e01296195063af3aef86ad61289215991b6

SHA256
2683def01b6ee96268c1ee356bee3d8540683e6c830f6860a903cffc07f345e7

SHA512
2ca9e4ef89bc9d518a08ead9420610b2c24574f474f03545a65d589a8ee01a926b7da3d344e227a7f056a004766344bbb57d37f2d0cc3dd0078ddd9eedc87b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6abe43658387f0826ca6d505ba2a9b0c

SHA1
ba777e01296195063af3aef86ad61289215991b6

SHA256
2683def01b6ee96268c1ee356bee3d8540683e6c830f6860a903cffc07f345e7

SHA512
2ca9e4ef89bc9d518a08ead9420610b2c24574f474f03545a65d589a8ee01a926b7da3d344e227a7f056a004766344bbb57d37f2d0cc3dd0078ddd9eedc87b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
93c5bbcafcf5bb0c6f5a69213346cd57

SHA1
83be2db3ee167ca94d828fb6b5c259dd83f1c43c

SHA256
bf6963b8e445330d682f6cc98cb90b97971d914dc8dfab0945a6e4d2feab4f44

SHA512
6df37202e72db7f2e711b82601bc4c5ec01a918dfece209e734473b826a4cbdbb12ddbab8232e03afdb695bdad14c5b944cc26de99d9b2bff678a3fc267d3fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
e8111336c9f0928361a2a1fd2f0329ad

SHA1
7a4180c1fe8997f05e4b728ed24910bd8437b212

SHA256
95a287d65ac1b0fbbda02be882db767115bbdfbe412dcfdbabf7e4be88550703

SHA512
d950b2b15eee2299343ce916cddaf131d11e9a5d4d827d90a055f841475d7a529004c59545e8f49322184e9fb53b6cd048c1f2f2ddb17053ff51a418a4517ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe56f736.TMP

Filesize
48B

MD5
055a9535467d2f04ec93235d1bf20b2d

SHA1
ba269b12515c177b39e4a7e013ecbe008d22e42c

SHA256
ed4cba2772115ca45aa27996eb651b2f5361a30249568e5285b837c34a05a2a0

SHA512
74c15fe846892e9d0f8462f0cf60301a5a2acde4e04f07f4a9a1a27cbaf355eb8b606645d1460b826194e1dd7c9782f30e0d514382001bcc4565d09a88ed7bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
1eb492b8963b7fd5c97f082d19b4b82e

SHA1
1c3580b7231da23e4c1f6767938b46738897e3cc

SHA256
4b93435bcbb4d716be334b9c95f191f24bf2c1dbbf5fbab63a8ea085002b22bc

SHA512
fcb39d73593adaefa4197ff9ee05b2b7df0f5cd02d43a2d25d415e84b5c275798d1dd85e215cf7b7dee593ef7d469df65a068a3a753332754891f170c4d54c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
346B

MD5
172a03f1e073cbc347cb5102d038fa13

SHA1
83a95a02491a4b046ea79fd04ccf6c5c24b29d60

SHA256
b8193a8bbd8d5c6b71977d040537ea555fc414cb3f7c2d4166e9bd3ac1ef4e89

SHA512
2a47a09a51fbf77f8b2bcc2d3e46db628d45ebabb9bb4033965b3409810e9a6c55c1008a62bfab5d3ca2a64d8b67f5c726f3682da0132738065c14ff77c1f5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
01b48db860f9f227ae84c43f974e9d23

SHA1
4f73e0616dadc7fa07f011c4d963e1a35ec9560c

SHA256
db7c683f335062bc95997a5f5862841c3caff539b74a0bd7af120cbd9508af97

SHA512
35d4c337fd33fad46bc078b5e34b0c0b841286034282a2678181eccbaa5c02c9c30f0923285aa804fc68f5157b69cf2f5695f7e9a1d29ffbfccf83a813bb366c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b18c4d605007e36ecbd34534f0621ce2

SHA1
7ef8a56ca7278ed48b122df388c51a58aa97de4f

SHA256
93999698d1672ea1335e67d9ddd3c30d51ce7620dc8f348447738bd1f1f07f28

SHA512
dd76ee587e7bd45b92fc7956da82435c90d242ce91bbda24a51a055daff0946d12e594c3a241cb3e488a3566e439d63f678f14f3cf5e2066be3a937c204bee87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38d3cba158508819460a7480c8b2a51e

SHA1
d5a3bfb1f09361b958ff3c6878d86e50195dbeba

SHA256
406328d1954595d73f9ffca2029834646e268ae8a911aadb641df3511b70444e

SHA512
c69c8b2707aa8c668a39023c1292d7a21790bad2d1310f88f3270d2f1f79c47b94233c0615157251595099cede1bfef70a7e408033ca5dfadfcfba20af29df12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3922931a21a66290ecb769f2d79cc417

SHA1
d72bc5af3b2da078125ce71512249f67765624c3

SHA256
0eb33cdbc3b30f2dd68d3e4de912b61c6f29f3ddbf17b8e83948e9243763b8d4

SHA512
e4b1c22b64afa2120c2ae1385374747b04ea4b509fef1a27384755d57cfd4a86008cbf9af7095a1955c9934148b38cf7aa32b036d08702cbaa0ec9f5f59c3987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b359167b3568d1b4953adefdef0deb24

SHA1
98405d3ec52edeed62f8a42bfe766ecf395a95b6

SHA256
177289a899357233597b059fde47b7e54aba35ca95e2a2201fd8d3ca68273578

SHA512
28efc3e9bb0350c2229ffdfc0578c0ebc8276405849480c1762c75d616998f6ff654f7ffde3cf0676b62b583b5ec207e514040de1a809b465bb9e734e29c96b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
55765176e8b56621c34332679b32d023

SHA1
11edc94e8b120fd4a234f46be147c3f46712129f

SHA256
087f2e34076aa1e64c050cb86a24858c7cffe7c4ba04b9c9bf47e37d0b7c22bc

SHA512
161237660f7d022e7740b9dc1ea4fe7294f27d1c28f1144dd7a49f7f58fbe019dba75ed2b8c8a994c03e3658f4829acf370bd46f28355093a091264660a2c90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
114f7a2900c315564c3eded5ce972f1a

SHA1
3701f67b7b00cc38e1fe49c34acc5e52fe457651

SHA256
34d9e4aad6ed961d692d29d6bed6d925054e47aaece9671d682ff6427ec763af

SHA512
a0030545b1cf83142493f2b60ae9ca190fac86ea9004aa8ba61b57273a65d34b2f41687845d51a476cbe590f8f5de071e6b18b0ee1d4a7adf2b3d559f0848f60

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
3494c66de51b93a04e2677ed8cd34019

SHA1
5d9a6c333b4d33f45af15aab7b28765a27eb2b0c

SHA256
0c58431cb9bf7f6dd9d84c80fe2529f9fd390c1a6a187214a0c0641f7001d76d

SHA512
3d5a61f288374590416974d063057061686dd9230f2ee2f27d60147cee8892f44a3442cf34357f56b60bedff3f60d11849247a74f13f75b754551a60f296f1a3

Download Submit