a23322a362aab377dc6479c8f93c5df6bd36b1accb9ad160024047613bed228f

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2023, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1700-36-0x0000000000240000-0x0000000000270000-memory.exe
Size

192KB
MD5

c93131ede25c4b998051b8a43cf0a849
SHA1

bc1b45d771aa55955174350bb9c6fca1bfcc60c4
SHA256

a23322a362aab377dc6479c8f93c5df6bd36b1accb9ad160024047613bed228f
SHA512

6e33f880fa82928a0b02d8783f225b6d73a193e80aa6e8690fc8c0536b76049a174f3654dd0241e17cb2d55029438a3d61b2e954aaf4589b9baaa8121b114351
SSDEEP

3072:8wIwJp8A/xdimI06X7vV6OPEsUc/W0E0ilHPgM1J48e8h3:8hzAmmI0k7vVe0E0YIM1W

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
3516	msedge.exe
3516	msedge.exe
4900	identity_helper.exe
4900	identity_helper.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 3516	2852	1700-36-0x0000000000240000-0x0000000000270000-memory.exe	86
PID 2852 wrote to memory of 3516	2852	1700-36-0x0000000000240000-0x0000000000270000-memory.exe	86
PID 3516 wrote to memory of 884	3516	msedge.exe	87
PID 3516 wrote to memory of 884	3516	msedge.exe	87
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4024	3516	msedge.exe	89
PID 3516 wrote to memory of 4968	3516	msedge.exe	90
PID 3516 wrote to memory of 4968	3516	msedge.exe	90
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91
PID 3516 wrote to memory of 2204	3516	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\1700-36-0x0000000000240000-0x0000000000270000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1700-36-0x0000000000240000-0x0000000000270000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1700-36-0x0000000000240000-0x0000000000270000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xc4,0x108,0x7ffa21fc46f8,0x7ffa21fc4708,0x7ffa21fc4718
    3⤵
    PID:884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
    3⤵
    PID:2204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:2932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:3728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
    3⤵
    PID:2684
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
    3⤵
    PID:3132
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
    3⤵
    PID:860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
    3⤵
    PID:4292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
    3⤵
    PID:1996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
    3⤵
    PID:4400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
    3⤵
    PID:1404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
    3⤵
    PID:1520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1314587073699286481,9627083908479877122,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3108 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1700-36-0x0000000000240000-0x0000000000270000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:4684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa21fc46f8,0x7ffa21fc4708,0x7ffa21fc4718
    3⤵
    PID:208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
acde2c5587c535946ad017fdc70bb832

SHA1
49d9995605bf6a552f7a129f4dd479b8db235437

SHA256
c8367f371d753fe1498a51e4094a54628737995c1b52f89fc8d44a447e8c3f55

SHA512
2c61477270624035a8bdb723875bf8fcea35d90f37bca4a8aef6a386c3bec944a852cd6e7b559a7415f9382b9af4133c96925aa9552dc7d5e7003b99475cf012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8732e7914f79d3f29c8c73ba98c4021

SHA1
e65aebb92e7faa8cea509745752aa1516490eb2f

SHA256
df3d15e233a8f01cb8f61b75bc488cbd0c766484d27e574b973a3d6e3dffd9ef

SHA512
a28ed7f7992c6c483a9d161986450ec70084bce48e96331e01aa395408669c2465a88f8ecd011aac00938f3a3d3ba6c56c869c3095ec0d9b85ea42c48bd463a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e07718c7ab15330d54b0d69517b24528

SHA1
becc69c5533458ba5fe52e664fb3eb405cefdc25

SHA256
7da33772e303172f0626e1125d410daca18284922faa399bbf5b63a3daab3a4d

SHA512
fe2660facd5dcbf20e176279cff894db772a97d6440d45ba15645720320b1ddaa92d09a564b41df324bb9e7f2c1abf1d644ab9babd18aee222cf772b077a4fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
3b4e88a14c5e7a70c62db70c9055a267

SHA1
a2c093268309ba6093342b4c3a53744004f7cb7d

SHA256
2eaac47ac70e2c7e4a617c864899981503d3f3c774c9ed637184d0b8b69ac434

SHA512
36ed1e42210180cf50842d2b2573e5c756874fc0747bc88cc53d8c1524260990285f19942e774c3f61b25cf8a1eb62ce227b836d6b6ddaa93c1b7c3d99d6a9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586caf.TMP

Filesize
369B

MD5
9c125c5636f56692f5867c60c5d5acce

SHA1
64827abf8e70195738ae4e58e713fa78624c087f

SHA256
3a99da9f732e6fa8261beecbbe908a5ef697a22efcc3ff47062b2790d99b3ba5

SHA512
c89bf12c107c525cd2079a30add9648f3552a04f89350ee0fa80e2b8e7fd8181883f6df96bd0a81750d5baaf6d689e1a1d9924000ab69c6b5f158bffdb90bd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c2ca4c1476952b5f1763881f9d189f3a

SHA1
bfa912b33a31c65a27cde4665c592ec351cf40ed

SHA256
a77db629b108644ecd7452d6715eeb2033e5f912768d78e8dab34e1740064967

SHA512
93ee1a0fa21a30a4a548c39f9dfd8cad3d46a4924fddb428cd59a41b47c59562b83123306b9e411dbd9dba2333d74138810d6c392978c0dbbad5de43e25f9ceb

Download Submit