3a669e89f4527fc73048b3c232c46b2795b1f34447dd53505fc1acae532e1ee8

Analysis

max time kernel
140s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0395b5c1d15a98300d592c2c460a4f6b.exe
Size

319KB
MD5

0395b5c1d15a98300d592c2c460a4f6b
SHA1

4e71d6e5976144d75e06e87a8ed85eea07092e1c
SHA256

3a669e89f4527fc73048b3c232c46b2795b1f34447dd53505fc1acae532e1ee8
SHA512

11493323255c611f1c1e646f54979f581c5b5f67791b741d7d6ea5832aa20e9975c8a4709b69b0cdfd8fd818dbfb8a7f19dad240384405ba17781efabdc28851
SSDEEP

6144:FTs17KWkssSIxRWsYylew3UFfMSwhcFiiY4FhQciVLOs:+7KWkxxRFl/5obiO

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4060	msedge.exe
4060	msedge.exe
3184	identity_helper.exe
3184	identity_helper.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 4060	228	0395b5c1d15a98300d592c2c460a4f6b.exe	89
PID 228 wrote to memory of 4060	228	0395b5c1d15a98300d592c2c460a4f6b.exe	89
PID 4060 wrote to memory of 3172	4060	msedge.exe	90
PID 4060 wrote to memory of 3172	4060	msedge.exe	90
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 3432	4060	msedge.exe	92
PID 4060 wrote to memory of 4940	4060	msedge.exe	91
PID 4060 wrote to memory of 4940	4060	msedge.exe	91
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93
PID 4060 wrote to memory of 2552	4060	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\0395b5c1d15a98300d592c2c460a4f6b.exe
"C:\Users\Admin\AppData\Local\Temp\0395b5c1d15a98300d592c2c460a4f6b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0395b5c1d15a98300d592c2c460a4f6b.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabd2046f8,0x7ffabd204708,0x7ffabd204718
    3⤵
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
    3⤵
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:1940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
    3⤵
    PID:3028
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
    3⤵
    PID:1020
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
    3⤵
    PID:4992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
    3⤵
    PID:4008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
    3⤵
    PID:3496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
    3⤵
    PID:496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:4004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
    3⤵
    PID:3980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10087672493993523527,4770088488987934071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4440 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0395b5c1d15a98300d592c2c460a4f6b.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:3732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabd2046f8,0x7ffabd204708,0x7ffabd204718
    3⤵
    PID:1484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
ba507ee3ff56bcad832417c22d363f52

SHA1
aca3644d71a8cbb0b273dab5860539b4efe02ccb

SHA256
a5762670ee0c0a3c6285f8a873f2b64423b44e24e58b220d6788541b8a7f38fd

SHA512
057b3ed0b82507e7a5a52e6b07fe2a78d20b3fec2d9c8d1b9b5211b29b43537f7227897d958e0c49b6ed42bea75285a0e2b489c852ff36a80c54569d194d53fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5797160f2564a711e72b07f6462cb876

SHA1
ad2c1373577612f1e703848ac440120c8565e108

SHA256
fc938d5f2da9a92ab70e38591ffc0cca5e75468c6fc54051b2052970f2d6adb0

SHA512
fd4e6049db665a6f45031b6fd71cca5f7f38259c3ed2bcdd796d72fe55fdd01b6d81af8ca7d932ed0f9a8fecc181d6fb76f4a2c5c51f2be9f3c79c5933149696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b0c334148dff2b70d8fa406b5dcca3f

SHA1
acdaef40d1c0fbd5e47893bed3d04f6a291539ed

SHA256
5860870d1596ee9ef916bbd6db3652002ec62e3d841daf023a744b81a2c813eb

SHA512
2492c35e56999570ad9926d5c0f2f7cd8814842464583c67bac557dcda1e5bc7ccd6fb7180e023f98f965d54f5328997f79d4087806e1133f0d1c60ab0c988af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7f6e48086f73096f480032196bb5f7b

SHA1
56eba427a35bc0408e08266ab2ba2190425caad5

SHA256
0876c5dd42529c6e13c68c0273f394e47acee1c5e6de125bd06b46f6d96dae0c

SHA512
1cbc1c30b5ce454c8eec890365c754862db8f9b44f95ec5119f6f7db9967c03e6f25375466f68b985ecb2c3da935ac3c7321917941f1cbe32b673eb7e94a06d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
b91e49d45986fe0c4dd41afac43f4a8b

SHA1
5a01c7eec785e3c40c6c04d93e29221627a2e46c

SHA256
999db1433f032bad245472290deae4501ca627671020204e99a9500f63038cd3

SHA512
e25c1b454944a975fe20cad40ccdce17fc28060025771eae8772506a53ecc996c3c3f3ec39957f1df5ff905f1d7fca4ebe863a8cff18c926174d00cb2255c50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bfd5.TMP

Filesize
371B

MD5
372f33fad15a81ceafdaa85179d92317

SHA1
ec484ab192aba446dff43c735384f897b8ee6250

SHA256
b54b33850adea0bbdb01444b25b3ff3c759a6a49b8c2d710eb02dfadc49b1b06

SHA512
106d1a220f6cb73525bae1541d8026262ecf36196de0672bac26acd01b2a526b1734eb0c4fa3cc931343fb2e2390a8eb41812188b019013df93772f91df79e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
006ed1fa8f350caaeff8648586223c67

SHA1
b93077b1f3750e87ff2a0e909decf2362b4766ed

SHA256
39f151ef41eec0f4c8539ce62e9108a193c7948bd79439fb6bfd727c9b227989

SHA512
57930dbbbffc0d3a741d5a1110e692955b5f7a713e4608103348db2861082a0d357a67431ecbc54c9e7f971278acc5e1a066273e6d2e5ffa723204db68beafc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
54716fc8a7b13f2e3fad722ef3964917

SHA1
0c62148737733c7521ea61949b158f18ac31e77a

SHA256
bf6ac6dea9978700b460fda44aaa3c9d6bc9bc7255afd37091df1063bcaf310b

SHA512
a438c8c868d6a9a3d1548fea5c5511ce089258e0ecf5512d6a20be3e8fec488f450def87bfb3b52c8cc9ffa3c2e34122203afebf4a2195d9a1e3622a516d6e73

Download Submit
memory/228-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/228-85-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download