a80e0a1252243b8eb4c304445ab35d5dac2181c8891129d4ad8932910067b0e3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1936-123-0x0000000000330000-0x0000000000360000-memory.exe
Size

192KB
MD5

4b8427fd3f68c8414160058be05cbb2b
SHA1

3b8378e3e15a80e089acc3411861a1d70b85ece1
SHA256

a80e0a1252243b8eb4c304445ab35d5dac2181c8891129d4ad8932910067b0e3
SHA512

07d7bf28337960a8771cef1a8b3981762103bdeb9f5c54c2f971b0e258ce2a03950a43ee25ee941318d5440da86f18aaa4bddb9de6351cbd53e467d93ff72b88
SSDEEP

3072:qUUEa9Te3JQBf8td3/oxN1ULH0tyO8e8h4:h7QRyi1tyO

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
1032	msedge.exe
1032	msedge.exe
5100	identity_helper.exe
5100	identity_helper.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5476	svchost.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 1032	392	1936-123-0x0000000000330000-0x0000000000360000-memory.exe	98
PID 392 wrote to memory of 1032	392	1936-123-0x0000000000330000-0x0000000000360000-memory.exe	98
PID 1032 wrote to memory of 4468	1032	msedge.exe	99
PID 1032 wrote to memory of 4468	1032	msedge.exe	99
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 4948	1032	msedge.exe	100
PID 1032 wrote to memory of 2304	1032	msedge.exe	101
PID 1032 wrote to memory of 2304	1032	msedge.exe	101
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102
PID 1032 wrote to memory of 2472	1032	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\1936-123-0x0000000000330000-0x0000000000360000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\1936-123-0x0000000000330000-0x0000000000360000-memory.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1936-123-0x0000000000330000-0x0000000000360000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2e5346f8,0x7ffd2e534708,0x7ffd2e534718
    3⤵
    PID:4468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
    3⤵
    PID:4948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 /prefetch:8
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
    3⤵
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:3332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
    3⤵
    PID:4040
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
    3⤵
    PID:3600
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
    3⤵
    PID:1352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
    3⤵
    PID:5208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
    3⤵
    PID:5216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
    3⤵
    PID:5636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
    3⤵
    PID:5816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9577100540684684355,5979636690251429838,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4676 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1936-123-0x0000000000330000-0x0000000000360000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:5564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2e5346f8,0x7ffd2e534708,0x7ffd2e534718
    3⤵
    PID:5580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4624

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5328

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
840003da05808a151417d3ec9e6f49a8

SHA1
ad1e05690826d5566a8a9c41f11cd7e4b1c41112

SHA256
c5e7fc0c33a5a0ba413fa0245971d17a7eebfe3589f7221786818e52c9ffd15f

SHA512
c1c16fdea557978534ebc5b5355b8b05ed87eb6ede87dc856b816ab36e1391e970a21e18da805ad9d73b7ed2558743b373301c520940a8f204f5bed9b9a00dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2a4b62a471a043af9d09ba4ee2b1732

SHA1
d39dcb5ace55bd27679315171f4e6b449b7207e2

SHA256
16083e7ea2acd940488c6f33e865533a7a03e0ecd6ef07f1dfcbdcc89b1ac46f

SHA512
859b7cacb5e148f4f7faa7a88c15b24974cf659e3e8e64dafde437d14627d6dcf54e39d35e31268ee4d2fa3468ca0b616b2cf626de7fb3cb1461a889985479cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5b861a9722e53ae6c5171de06398d6e

SHA1
71c9e1cfdcea7b29d3c689b4c92beaa8953dc20d

SHA256
2f6bf29014087dd9eaa01fdf86d49b0dbb95a6807ce8ee03f0635591fb10d9a2

SHA512
0782dae8e4e243856fe8bc56be05c6261b910d18a133df5e8df253e65dbafbba47a1fa6e262f45ac9d4f244fe2b654f969f35f2ce2a983bb99e9735efd5428e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ffc77cfd255f9a9bcf85b9c11d336aa

SHA1
a3519f39f2439f49a5257f2e3193c890bc98afcf

SHA256
95af6ec72fd3b4dfa7a808e220c73eb47b1565dfc71ec72084a2383e00eb6790

SHA512
e1ee7a7dd219292b3c5c2d0ce83f975a18236f60aba6f532e260f3e03452a1b9b1a04f75a8b82d99b23befccd1fb8364a689f483645f359226a65826daa7f37a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
e50a2a41d77891256d6811b3e39dc381

SHA1
9914546d55fafd6b02b48b20b1ce27d60fb6a9cf

SHA256
52b68734b9b7b340bd552ffa535ed9d7a483f8c5069a3ddd9bcaca4a61b713e9

SHA512
901066fe74e7079a7e9bf600cc886307299468358d2461d5b8abe18d92aaf4d14526c767c7ecab1c713fced0a400b4759a9ce8fa8cb74f33c7782fd990bc4d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b5f2.TMP

Filesize
371B

MD5
ef831b47242543ab161d0bf317cd427c

SHA1
652859486cc25cceca392d77ab2e94ffae26fbc9

SHA256
cf9a4d4976110d3bbc123ddc76a9ba4f6118ea59f0f7bd5d3083d0d56fa67bac

SHA512
20f46f069857ec08873bce2a15d4578f4f21755a264e1c3365cebeb15eef0644a15297d25d6b7d3cea1eb56dc778e286fb13a2eedd5879bc65f24517ee7cc792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a8bca2f361531459cb2a2d545d081d16

SHA1
5fd9c2826b82dd770ea68d49be950295854b7f0b

SHA256
ed70e7cdd2c95a5abd199334de162dcbdb0c63a377499b2efff2b8ac96613af8

SHA512
df6f2981754c4fb2c2d9036fd325a26a8cf47f6809e0330eb1f07307c63e0ab518e4abaf1adf9526ed65c0e653ae300fa0a95a5016245490721bcad9bffc71c0

Download Submit
memory/5476-221-0x000002ACAD8B0000-0x000002ACAD8B1000-memory.dmp

Filesize
4KB

Download
memory/5476-224-0x000002ACAD8B0000-0x000002ACAD8B1000-memory.dmp

Filesize
4KB

Download
memory/5476-219-0x000002ACAD880000-0x000002ACAD881000-memory.dmp

Filesize
4KB

Download
memory/5476-220-0x000002ACAD8B0000-0x000002ACAD8B1000-memory.dmp

Filesize
4KB

Download
memory/5476-187-0x000002ACA5190000-0x000002ACA51A0000-memory.dmp

Filesize
64KB

Download
memory/5476-222-0x000002ACAD8B0000-0x000002ACAD8B1000-memory.dmp

Filesize
4KB

Download
memory/5476-226-0x000002ACAD8B0000-0x000002ACAD8B1000-memory.dmp

Filesize
4KB

Download
memory/5476-229-0x000002ACAD8B0000-0x000002ACAD8B1000-memory.dmp

Filesize
4KB

Download
memory/5476-228-0x000002ACAD8B0000-0x000002ACAD8B1000-memory.dmp

Filesize
4KB

Download
memory/5476-227-0x000002ACAD8B0000-0x000002ACAD8B1000-memory.dmp

Filesize
4KB

Download
memory/5476-225-0x000002ACAD8B0000-0x000002ACAD8B1000-memory.dmp

Filesize
4KB

Download
memory/5476-203-0x000002ACA5290000-0x000002ACA52A0000-memory.dmp

Filesize
64KB

Download
memory/5476-223-0x000002ACAD8B0000-0x000002ACAD8B1000-memory.dmp

Filesize
4KB

Download
memory/5476-231-0x000002ACAD4C0000-0x000002ACAD4C1000-memory.dmp

Filesize
4KB

Download
memory/5476-230-0x000002ACAD4D0000-0x000002ACAD4D1000-memory.dmp

Filesize
4KB

Download
memory/5476-253-0x000002ACAD610000-0x000002ACAD611000-memory.dmp

Filesize
4KB

Download
memory/5476-254-0x000002ACAD610000-0x000002ACAD611000-memory.dmp

Filesize
4KB

Download
memory/5476-255-0x000002ACAD720000-0x000002ACAD721000-memory.dmp

Filesize
4KB

Download
memory/5476-251-0x000002ACAD600000-0x000002ACAD601000-memory.dmp

Filesize
4KB

Download
memory/5476-239-0x000002ACAD400000-0x000002ACAD401000-memory.dmp

Filesize
4KB

Download
memory/5476-236-0x000002ACAD4C0000-0x000002ACAD4C1000-memory.dmp

Filesize
4KB

Download
memory/5476-233-0x000002ACAD4D0000-0x000002ACAD4D1000-memory.dmp

Filesize
4KB

Download