e8b305ff4cbe5a3e9935100610c496ba92e86375815d5dc5ebcf0abb042c9bf7

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 10:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17d555f866d36349706fb05cf89643ef.exe
Size

13.6MB
MD5

17d555f866d36349706fb05cf89643ef
SHA1

31cd10a25916ce1b4138444497c1108aecdd59e1
SHA256

e8b305ff4cbe5a3e9935100610c496ba92e86375815d5dc5ebcf0abb042c9bf7
SHA512

bf9c4207d623254e6f85b7524e0e4854b927973341512bcdfb3b0e16689aaf601b9bb867c09eda087f45e4d5660329f077fcee0645d7cb577e94607d58ee8432
SSDEEP

98304:nAQUazgRVVAKsd37w4eGEhaxT+GXPDiT30m66NuFSsj/FnM4+IJOS30O:TUM4w3JjW8+GL830m66wd

Score

7^/10

microsoft phishing

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4188	test.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
5008	msedge.exe
5008	msedge.exe
1440	identity_helper.exe
1440	identity_helper.exe
5228	msedge.exe
5228	msedge.exe
5228	msedge.exe
5228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 4984	624	17d555f866d36349706fb05cf89643ef.exe	90
PID 624 wrote to memory of 4984	624	17d555f866d36349706fb05cf89643ef.exe	90
PID 624 wrote to memory of 4984	624	17d555f866d36349706fb05cf89643ef.exe	90
PID 4984 wrote to memory of 4188	4984	cmd.exe	91
PID 4984 wrote to memory of 4188	4984	cmd.exe	91
PID 4984 wrote to memory of 4188	4984	cmd.exe	91
PID 4188 wrote to memory of 5008	4188	test.exe	95
PID 4188 wrote to memory of 5008	4188	test.exe	95
PID 5008 wrote to memory of 3492	5008	msedge.exe	96
PID 5008 wrote to memory of 3492	5008	msedge.exe	96
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 1372	5008	msedge.exe	98
PID 5008 wrote to memory of 4136	5008	msedge.exe	97
PID 5008 wrote to memory of 4136	5008	msedge.exe	97
PID 5008 wrote to memory of 3424	5008	msedge.exe	99
PID 5008 wrote to memory of 3424	5008	msedge.exe	99
PID 5008 wrote to memory of 3424	5008	msedge.exe	99
PID 5008 wrote to memory of 3424	5008	msedge.exe	99
PID 5008 wrote to memory of 3424	5008	msedge.exe	99
PID 5008 wrote to memory of 3424	5008	msedge.exe	99
PID 5008 wrote to memory of 3424	5008	msedge.exe	99
PID 5008 wrote to memory of 3424	5008	msedge.exe	99
PID 5008 wrote to memory of 3424	5008	msedge.exe	99
PID 5008 wrote to memory of 3424	5008	msedge.exe	99
PID 5008 wrote to memory of 3424	5008	msedge.exe	99
PID 5008 wrote to memory of 3424	5008	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\17d555f866d36349706fb05cf89643ef.exe
"C:\Users\Admin\AppData\Local\Temp\17d555f866d36349706fb05cf89643ef.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c test.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4984
- - C:\Users\Admin\AppData\Local\Temp\test.exe
    test.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=test.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:5008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd69a46f8,0x7ffcd69a4708,0x7ffcd69a4718
        5⤵
        
        PID:3492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
        5⤵
        
        PID:1372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
        5⤵
        
        PID:3424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
        5⤵
        
        PID:3556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
        5⤵
        
        PID:900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
        5⤵
        
        PID:688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
        5⤵
        
        PID:4804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
        5⤵
        
        PID:4304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
        5⤵
        
        PID:4720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
        5⤵
        
        PID:448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
        5⤵
        
        PID:4988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
        5⤵
        
        PID:5412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
        5⤵
        
        PID:5536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,933588037047123016,3408909672943743655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=test.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
      4⤵
      PID:5324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd69a46f8,0x7ffcd69a4708,0x7ffcd69a4718
        5⤵
        
        PID:5340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcaf436ee5fed204f08c14d7517436eb

SHA1
637817252f1e2ab00275cd5b5a285a22980295ff

SHA256
de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

SHA512
7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
943fdba5b97b5527b22a6f1b1df3447b

SHA1
9a2ff62e79644de96a16fa86a8677581473b6420

SHA256
68938a345c2afb638e14a0fb3bcc0c0bc4f1c51cd8a61431fb0afba32eff0a8e

SHA512
baa583ce4b3655eb8e21a8ef41eb48778cf85ab31dc9e3f6b233b5c67864b9918b953513858e1cc90c7b06d20b973c7c637c9b2c5893536a91c1378a9fe4f5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0bbbb20f70fa1ec2cc7a0afee627e97e

SHA1
27e45a60ac596a620abfda4a41731ab5f13b4854

SHA256
88136cdda6b1a7b80b690337c4659108a0c058bde6217e01c69f7faa63444406

SHA512
7aa843006542575b4f3235e1db35d95a7f9d62579d698b14b3e88c1b1cdd6c30e5d2b55ea8e42d509ed3a6d4bf6bcbed79e8663deb84b12eba3e5b1a5276bf24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f6ea202b85d6bc487ab990e93f9c260

SHA1
ff61ac1cdc245631b358f02945a66af7b00826de

SHA256
3f5b146a6bf16916aaf04568a37158f6a4569cb4db85b98806492a9e32b1b442

SHA512
0f9bb2ba5362015981e3a8d721c181eb88b812f4a7759edec2325d957cf0f4bd7cc90e8b6c61096ab9fd8dd83f89a60e9f480f72a591072087d0aab65ba8fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
183b6b919781ea9dcff5baf4ffbdc5b7

SHA1
a59d028db229905e4995ae07e64957cc480af7f2

SHA256
8fe8157c4a4a4053019aa31c8e503e2fb45c7d37820ec366c0c6e99e6db34f9d

SHA512
30e39f191d178ceb80ce961955c6d01c29b78287cd033413ac299635f8102bbe447dcc9e7d579a177c855a80a114ea2b5ebeb8bf3ef7afff9e2515dd8a2a8ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b0ba6f0eee8f998b4d78bc4934f5fd17

SHA1
589653d624de363d3e8869c169441b143c1f39ad

SHA256
4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

SHA512
e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
280a3705fc6f89b8ed182793208ddd23

SHA1
35c5bd196b8e7caf947a8a930d37c1fbb55f66a5

SHA256
3ae181469e158f6cb408cf400f5867070fc99cc3e79a3d1f15648eaab18da68f

SHA512
c77d8c79ac3b0d511f40147469a054e9f3ddf8e83bd8799c7852b43bbf88923829259111ad5c80ac2a9150383156d53714be495c12427a9c505bb53e3acc7ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ca45.TMP

Filesize
371B

MD5
0f80b66c54a671a87f8d753e762c9e71

SHA1
7a474d0c812d41441f13cc5bedb74f3bda8e6533

SHA256
845c44fffbf7b788512ddd12c2ed004c3e4b33d17cb221841b61d20b5717a470

SHA512
50107aa5e134b2390b30a80af0fa6d33f592ba34b7a4f1de0c1809e6943451c178d5cd215cfccdab05e78ce8333fc025df632d7a890b5d0d6a23cb1a749a13b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb285aabfd380543373c8e2705c3198e

SHA1
c3a8d39e73965db577507181f92067f0900cfa78

SHA256
5183aac850dc3b48b23fe310b9c6b2464fefdb2074c0e66e054eda7f3e6cae34

SHA512
0a55ed709fd1f97a29cca35bd9b105b69c946337a0a5b9c132cd712c4a7194976a2afe4a8da08933878e50c2976e3f1a05f915f7aefc2c607ded6f0f139f309c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4edf773993840b9386566dd4bb9fb89c

SHA1
55ba9f233378685ebba4f74982c594746a25dd39

SHA256
0c072c0fdd3bd5b3d0b91e80119aed44796238c4434bb1d4befb4ff9b626ecbf

SHA512
e0e2e1ac555192e826eb3a6becc265ecbf63ef2d502f2600bb6800f5342bd534275dadc61c409d7cbbea2e2ca4cde5744ee64ebb3507ee5d1cdf1ad9c2081dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\test.exe

Filesize
445KB

MD5
6d5f064a115bad41c0bce40229cdd8ed

SHA1
22d54170cdb402ffae365d5dea1202a351f4d8b1

SHA256
f4337cc3459884f6c598894afc7f70e446556860e0a407e37a2f250082f730ac

SHA512
b3d314c25b21420e819baeaa60ec154f0a3cc450b499d4854fbf6d2af40abcbc127fa10f21bbb358490517a174bd1ac41fa59b9c9528f7e86978abebf61dbec0

Download Submit
memory/624-104-0x0000000000400000-0x00000000011A2000-memory.dmp

Filesize
13.6MB

Download
memory/624-58-0x0000000000400000-0x00000000011A2000-memory.dmp

Filesize
13.6MB

Download