f8c1082d0477ab53e1015a66ea83b9d71f4103477da94b4d29106a6a2031b974

Analysis

max time kernel
5s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

256e6a61111dddaf2065e1e94780dd47.exe
Size

16KB
MD5

256e6a61111dddaf2065e1e94780dd47
SHA1

307f224076c2f1eca6208154a3ccfb13631eef87
SHA256

f8c1082d0477ab53e1015a66ea83b9d71f4103477da94b4d29106a6a2031b974
SHA512

b841cc447d7a21a2df20ab4ab189bf65a0b882db426658ebfa29a6d0da42c20ca57ae1899cce6da9782f84d7ae66350cb0be21799a755f0356f1af0c763a0a2b
SSDEEP

384:rk0UkpzZryPPGVmVukJC5+sfhcZOAxQr6+e9Pfqbn1:Jp8PbJkHWTxXha5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2360	msedge.exe
2360	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 2828	4968	256e6a61111dddaf2065e1e94780dd47.exe	91
PID 4968 wrote to memory of 2828	4968	256e6a61111dddaf2065e1e94780dd47.exe	91
PID 2828 wrote to memory of 756	2828	msedge.exe	90
PID 2828 wrote to memory of 756	2828	msedge.exe	90
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 4092	2828	msedge.exe	95
PID 2828 wrote to memory of 2360	2828	msedge.exe	93
PID 2828 wrote to memory of 2360	2828	msedge.exe	93
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94
PID 2828 wrote to memory of 2648	2828	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\256e6a61111dddaf2065e1e94780dd47.exe
"C:\Users\Admin\AppData\Local\Temp\256e6a61111dddaf2065e1e94780dd47.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://charges.uol.com.br/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
    3⤵
    PID:2648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
    3⤵
    PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:2736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:3300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:2120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
    3⤵
    PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
    3⤵
    PID:3576
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
    3⤵
    PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
    3⤵
    PID:2284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
    3⤵
    PID:4080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
    3⤵
    PID:3356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
    3⤵
    PID:4140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
    3⤵
    PID:3636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
    3⤵
    PID:5124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
    3⤵
    PID:5132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
    3⤵
    PID:1292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
    3⤵
    PID:5488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5960 /prefetch:8
    3⤵
    PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2668 /prefetch:8
    3⤵
    PID:5820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3598297887756911288,10502260569735106783,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6296 /prefetch:2
    3⤵
    PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6bbe46f8,0x7ffd6bbe4708,0x7ffd6bbe4718
1⤵
PID:756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c5ab232b36de5f0b8493aab773de0d03

SHA1
af90fa51ed98f404ed11f2bf88bdeee364dccca1

SHA256
04245769a0ff4979157ba85c2178fe81eeca0c262c5d6db99700cc5b6df4cce6

SHA512
4a7a44f1d81b70fd016bc304271ce8b388f86b2050286962d284764d8d9320c2bebb992f38ae2668c195592c9042897394b7ff98bf177d084ae40da10a7b6b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
cdffbec2372eac45e1c85eaa8a5dd5b6

SHA1
a89f20d17f4a521eb60302b28cb3392cd211bf2f

SHA256
ab5c16724d93949797a3eb43bb4490c9f5cd77245857e688c045c1694080f20e

SHA512
5b2920624abb69686664512be4291f3f87db4e041a9343285dd3d7f021c54e304728429186911127e8245dbb08f07a6ecc5006ebfc6d8ec01708eed2157d68e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
82af446f7fcc481e524ddec741deb9ce

SHA1
6aa66dc1fde8c81a47e8bb45169fbfee5849a59c

SHA256
6dc8350105e7f2fc6e1a2daccb0bc0021664c5ceea4820733e02f990232c9a2a

SHA512
caf0603967817d5fad0105c4a7aa14c0a71e3dc90ca705de5e9c14248c94fbd318dc4bdaa876b1ac093635500374cd2ab78f99c377401d2de0879a039463bbcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
51284654a992b8b61a6fd32e8a491795

SHA1
ea72b844558cbd996293a08337a942f9d1a4693e

SHA256
f97ea907df4e79b8059a91bb76a8c9d0d445fc8e28e598965caf5b26337c5a39

SHA512
cc4b4ff96f0c214a3460909b2f644710f8054cd4d4ef209cdaf0b9a842a825b3ac7f4ee2492d7409af155e7936ccf4ca3f0ed3c6d6a701b3f45ffadd9f43b37e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4b211e41755998f545b4622f66a118dc

SHA1
45832cbb797d8c3a6602258f054e0dc1b8224a83

SHA256
c7c1c671297a30b4eb3f773838d4f22dd2e28dde0b6ea16d28716be83e9c1458

SHA512
6d424bb1d0eee8fa6ae83b3c9d0edb1e56cb79754399762bcafe7991ff67c88da7be88756e379b7d37fd916502af229f691a543ef5e6620331a6efa73930328a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa4da3e20b0c36e63f861682333ef3b8

SHA1
be11294d19691922b5071cf1c9c6639977167542

SHA256
2dd9a4f167118428315a5dfc05b7e92e4265d31fed851593e4aeb5369511303d

SHA512
4d595e5cc9d64a0f4918ab4bcf50ee79071b9435bed57b18424d18d700432e1d7267a7ecb5434a2beb3e49ffea0540deba41919c5535763060a8a349866bd14e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db50ab897d454e9bc9c187fbb4caffed3d59e8c0\0062911b-0604-4350-b9f1-c2dc8fc6fbe5\index-dir\the-real-index

Filesize
72B

MD5
92f3ca0c2e0f0720a6e33b36b593db28

SHA1
41490cd6f379b1272a7ac3ec35d9efb95382173d

SHA256
a197f8696bc6571f0e89d463034cecd903ea2d2a22f9f97f5a24c626bc6da582

SHA512
59cad100862975498259b863c9451caad561b6b64fed5fe49ae9ee2c0cd1b09582ad0f05537ddda1b415dad76cadfe4b082a5272b69088fde94265b29154a856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db50ab897d454e9bc9c187fbb4caffed3d59e8c0\0062911b-0604-4350-b9f1-c2dc8fc6fbe5\index-dir\the-real-index~RFe588e22.TMP

Filesize
48B

MD5
8f527e142826d06635ad9a70ddf91fe2

SHA1
a59f38c49b6e716056be918c43a6d919fbf7bf18

SHA256
f2ba385511a25d90c95836df9b99d562d9bd87932a3ab35e35470b10dc95300a

SHA512
7f15ce51e90c940e5edbd6ce741f342791d003391154e72b57cc5f7203c47673481ff9f18051022cdb81e74ad86ea0e07cfddade43288da5accf252cebd9715f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db50ab897d454e9bc9c187fbb4caffed3d59e8c0\index.txt

Filesize
124B

MD5
d4143311dd1ff9a456830b9922d20155

SHA1
5df12f1623412f619c5e1a14c4ef8fd9ee96dd31

SHA256
92e4ebf3481631a3d31bb524dfee664c15a9940b03c1e31cd70ea47493383f4e

SHA512
71ffd9c3d2a886a865e64416090a232649b7f5deb14bf3c822ec2869f86f1a26798d6f35d0e5b3182c545643f5e21e02f767bea9d68ba30c496711c17d7f98b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db50ab897d454e9bc9c187fbb4caffed3d59e8c0\index.txt~RFe588e22.TMP

Filesize
129B

MD5
ffe40812ef5c4c8f922e2cca72a6c236

SHA1
31da6d3998ff40e1c94c6288842f233f8412b222

SHA256
9eddf84b0a599b8f684d1c4e9c4d50e41ec9349f3d32ce51788e7ec5de694abe

SHA512
96a217e1565618a606be25d79703bf708abf44e9a9daa60fa9f0331a1e1a08fc2744504b8fa0dc32de6bf84bf924621f9681cefc63902f92b09880796e6ef932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
312B

MD5
a8602b78cdd4c610a6c13b5fa9c300d2

SHA1
07bffbfb20790d34fa677fc18df644b3dcad059d

SHA256
49d1d28d943db43c1768061ae1a7438a40b6fef99733508c82dbc155b41f959d

SHA512
66fccc1ba4c9fe9d520a873f6558e8c26a232050cdddc857cfc55a1fd4fd81c9cfbe12aa9b555f525c8546821336e12da502ffe93c4af576db5a7560bd8f1932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5887d8.TMP

Filesize
48B

MD5
93eefa94fa30ea0f85da9ecd0d91044e

SHA1
2fc671a0a02594ac453f00a17077c4c6b74a11e2

SHA256
60704e10741a0ad94bec17650180a1a4468b8ef1291fb131e7b6baa3ac54789f

SHA512
31eee94408deedf037441137a734410e8343d94c070337caa13f47b50f938e2f2eb82e75a10340aac547278fd7f2ac46b851ff9fa75bd83a85603e1289e4b5eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c4d08ad7fb9f05edfbf6d941bdea1aaf

SHA1
d6b1ca0922a80bde639a7c80e5d79510cc9a2444

SHA256
0e8b9013797241b62192690286927b55fde77ab4fdd4292845a00d3ef7821e25

SHA512
d0c327efe1d2038f7565d30f102e3341a96b0021366b6a9f744dbcf4eb86056605c231dce1adb197226ce40fd8181abd89a5cb0d9d62b2f2faf63144b42fcd97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58607a.TMP

Filesize
2KB

MD5
7ee74d570de1e80e93bc28992d69efad

SHA1
06d9c64ed24c6a9800c81e8d01159a95551bb3a3

SHA256
d2795644aac9b65ad79001f0e579fee879e64f3bb5e6640750c2eaa453bb53d1

SHA512
33909a284a245d2ce74b022b82e81ed47f1c5d399b6f41833d00947c76b9475cd5975f16cb6fccfeea1457d2756a1d30fce37718bd68e156ccd0af7aae294d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a467b2c370e53ab68a958940545dd98c

SHA1
dc8dbe8d62918249a8e96d800ab44779645ee9a4

SHA256
1738c442185517eaea66d84f28b1692437997c72b659e1638c4f9c8adca4bcac

SHA512
8630dd7145e1403c9dc95baeee648c92d21daa33ae12191b0c5c916b8ca144d2d74fbb58019ddf4c2ead66642c0115385a905bd3c41465577b2e95b8864b3936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c08603328cda5267b7fefb6ddf933163

SHA1
7e2dab4b9a94262e6870c1ae1e6a733920f1d6db

SHA256
6abcd46fed1f607716647d2ecf077e0615c7552d56713065b0559c314620ca1a

SHA512
bf93a3d250ec36f237acf374ec2a6c5f3c6db1c9d4c6f086a7fdc71582976b2d3434bbe97be8cef9b905ce76f011fccd160f64d77c1aeadafdc275dd4b60fcb3

Download Submit
memory/4968-155-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4968-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4968-37-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download