hxxps://helpdesk[.]hilcorp[.]com/a/tickets/318067?current_tab=details

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://helpdesk.hilcorp.com/a/tickets/318067?current_tab=details

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1208	msedge.exe
1208	msedge.exe
3300	msedge.exe
3300	msedge.exe
1308	identity_helper.exe
1308	identity_helper.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe
1376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid	process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3300 wrote to memory of 4408	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4408	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 4416	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 1208	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 1208	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe
PID 3300 wrote to memory of 3156	3300	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://helpdesk.hilcorp.com/a/tickets/318067?current_tab=details
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffe2b9c46f8,0x7ffe2b9c4708,0x7ffe2b9c4718
2⤵
PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
2⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:2892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
2⤵
PID:1336

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
2⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
2⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
2⤵
PID:3684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
2⤵
PID:948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
2⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1300 /prefetch:8
2⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
2⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
2⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
2⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
2⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17092701507428681344,7789882170463443980,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1308

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\11ae366f-5300-40df-939a-956abcfd78ef.tmp
Filesize
846B

MD5
aa98e1476c14f689c47470c0b609fa7c

SHA1
0a5d62c5305d4fe6cfa4767e5a9d17cea336fe18

SHA256
ff8b20e4c1ccbed14fb9c2742eb963822f38ae3ba950b5f22a491b5f2f70d187

SHA512
c920a3e6cd12195c6d53164452bfd4b1cdc53521e00a9e0fb2006f802a28df102bf2ab4872549876074b2891261a4adae1a4819c7ec273956861e37f48e7525f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
45KB

MD5
204a8b9342a8696b5e2df59ababdfd7e

SHA1
1482e400f2db05ca2c82ac25bb19ca8c7ca37ee7

SHA256
f7625e543616260323d62c3fd46e452615df2595b5ec91927fb951cf6d4a0c8e

SHA512
29ae95eac9091032834745cf1e26111c833cc927d153ff0e628c509879076d031cf5ab9fb882d79f09fffa5e8684d1edbc9d98af54f404bace1072bd8cd5c4ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
221KB

MD5
bc13e0c76b18f21d53012b2c675f19f5

SHA1
61ee6cba5a557144a5f93af887bca440b46b4237

SHA256
5c41dbb0c1a68fa71699983c44c4c29e09ef68ed8103d6ff67d4b93145e18cdb

SHA512
fe2dbb2041019f584d235bbc8e59be80c156a5f4f5b9d861a98b11af52bcd27cc7d28ed01bdd588503bd488f9c451057f46d75cebaa239085d5c56659b50420f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
32KB

MD5
1e5b765b32c5f65973d835e9ee3ebf20

SHA1
2ae4b7b8e6303dbb2424730062c2fb1d752219b5

SHA256
d443b4a9f2542caad44e23d0d3917456e781bab47cd000cdab5a2aa571395379

SHA512
0ec798c3379d4724f5168a51e2bd8eba221f629ae41749b444cb1487b5b16a01e220857e181c710babd86c0201593aef9f8c21291f57bf14d5ebb72246958665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
f40f971ef7c6dd03dcb049f33d5267a6

SHA1
e96c91025762bfdc654fe24c81a7cbdaa7d6c453

SHA256
9cb491d97e26f7d3bf20a68e74f817600ee19c9646cb1fa36d1f3bf27ec461e4

SHA512
4c81eeb57a0c3137b05d8ff80e7947fdba1db3c06e253e5156e15414a67922a231402ab2e215a7c0efeb6c393b5c92e7062e1f11178943109cff16eff8a687f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
5805822e773128081494835b2ddbaae2

SHA1
c8f318dcc66e8e1f3b3780c9f2e0f916b8c03ef1

SHA256
7dac7a4e0091cda8dc0bc1fa396111daaf3f2c350601603b0016c4247d8faee3

SHA512
bb9fdf99d667ebcb6a027f4f6a145862b458947c8f5a9edb448b9eefd00f413459b86277e95a377b1b404d18281b7a8ac4fa633a30ee87d2d72385c951a07730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
bd12ab45629d42a1812308320273d65b

SHA1
8c1fa659ada7f34b45d53515588b52eb9778b9b3

SHA256
0eb59aa7fbd04f090dac8b7d9393c8c590d4c36da8043ea2bf7a268f3862426d

SHA512
d17468ff65b485019a2989bf040145c5961f6bbea77950a7160c698c85c705864eefe8a2a20de780e604954d12f26d2cd3bfa456d9978a62ee337aa736839a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2ddb6a05e2fe65003b762c2e276ce820

SHA1
949e1a20a900155ce6d6741aee3fa712bad3ccc1

SHA256
62c9dcdeef3dfc6b24a9e62d8715f08932672975aaa94c3ef08a2180f849e495

SHA512
11ab40a9eb98cf6fcdb2d9475ebf39be4ebff3b39c3328997fb8818dce67bdc5543c5e4df6e9ca103371aef3e7f6a0c13066f7a48033c917ff6b950dfb18999b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
9bba272a36dbbcb6f338b163444da6fa

SHA1
1c7f4eddfe5f9589d4b0a5422d37c430471083f8

SHA256
119d075cb0c7f0c1f578c4b7591aeafe949f2a60ec279e0e5bf9c5f5a09f97fe

SHA512
bc980531426fe23729937f14a8fd44e47695ed58ea21dc4e1534f7f225bc93bb61a61e25faaa2ed74381b9bd557779f53909587f46426006721676268b3e82f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
66bdbe0fbdd4118bae968aa04fc53514

SHA1
31c387a7cd6887e66d0bcc6470bffa283abf2e16

SHA256
9c64f5c2b49c3b85f02be864765fc93e9133649ddbddbbbc820d642962b31d98

SHA512
c4c8e8e4ed6b545ff7560d4a6e72b597c789586959ce3d427641f2538b33d3ae3cd10c131c86d6aa54685c659ff211d82492c0b66f21992e933c9e4589cf639e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f9d4f4805103cc9e943a2ee0f2025d17

SHA1
ff7a2f71705dbcfe7b0b25036fcdd901d98f99e6

SHA256
afe98cc580c6302f19681adc7acc56e4ac8a2ce55c043764845ca5621b3d5497

SHA512
c8da52fd6d9a9dcd67aac58fe521ace3104a9a9dc9bdba458929f83ab1c8eb4e74bc4ba36202e52364ec9e815a9f9a62db3bfb68b3a44c89537afd16f2d37839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ad684d6ea6957476272aeac125a0807e

SHA1
ba9df2627e518bdaf46d62fed77e41ce52bf673f

SHA256
25f72f57c339677ecc304ba6059f4627ee31057facace549d0c8d094c06738ab

SHA512
a62a36c6c19cc416cf5beea62a035ee16403cb11e905c4bb48b1b8fc6c86618110c2982f76d28f0c6cfa8af40ab603cb16673f78ac26469a341e5bde9a704e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
78e4483eaacaa300d27f191ad9f74435

SHA1
e17cd6a6c4473045fcf6cdd7c338a2ac0a58bfa8

SHA256
c8be4d2ed03eae50219967a5d068ebd3c88b03f4d27fa2b4aa3a4cc8349d57bc

SHA512
67d87ce62b00783b361d19d6db5595734a2e8330bb179bb5a4f4f5df1751e4a145cd8cb0b685e9fb4dd1b9d8195428481cfb016d4c06b21b762bd1404917dc88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a45e.TMP
Filesize
872B

MD5
24c98ee50b68277a3cda12489e306c69

SHA1
b0b9c4c33f74411e8ab4475d7fec44ac25653a78

SHA256
f307dacdd511f056e3512bda4d5cf713dba2c7d9143d121e091d6f6b50c19475

SHA512
e764c18678bf8f8237b6c9ba5888ca02797a921618a281d5fcc81dae2c887959f412fd1ad5539700a2ce09f12b4bfddbd835028f51faf94ae4028879fd89ba43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
73c51c650ab537e76409048682689363

SHA1
e05a336278f6c0bb807d4840aa0d70f7274d8ae0

SHA256
0ba3ae37957a2957681190b36b1c84a79db75ba4556e7158bd0482f44590f090

SHA512
96ab0fde40a4be49217bfe3274b51279af4f2d33736efbdf2798fa40fbf477cd03a07e3f8472e27651eebb8df8e798efa4fff7c5a5dc412224598988f745bf25

Download Submit
\??\pipe\LOCAL\crashpad_3300_BWYWGBXDBXNVZRYD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit