631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe
Size

300KB
MD5

4990d5be4b737ada6ac3b70ac9579054
SHA1

1790ca8f04ff2cb3ee92c6a1d29855b30343511f
SHA256

631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525
SHA512

22d99a81e8ded9923101864b715eea3cd99a81a1ef19647eda18de711eb5e4add61d6fadba2a36887af6802ba75d0fd8ce26a92fa59de73d30b615e9e7469703
SSDEEP

6144:vmhwqSIB8yXHtcoFa7XcM4qa3IB0H1V2xiYq42FrcsqGJlmYb:vC6IBFteXJ0/EAL2GJ

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3876	msedge.exe
3876	msedge.exe
5148	msedge.exe
5148	msedge.exe
2012	identity_helper.exe
2012	identity_helper.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

5148 msedge.exe
5148 msedge.exe
5148 msedge.exe
5148 msedge.exe
5148 msedge.exe
5148 msedge.exe
5148 msedge.exe
5148 msedge.exe
5148 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe
5148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exemsedge.exe

description	pid	process	target process
PID 4748 wrote to memory of 5148	4748	631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe	msedge.exe
PID 4748 wrote to memory of 5148	4748	631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe	msedge.exe
PID 5148 wrote to memory of 5460	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5460	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 5608	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 3876	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 3876	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe
PID 5148 wrote to memory of 6000	5148	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe
"C:\Users\Admin\AppData\Local\Temp\631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad38946f8,0x7ffad3894708,0x7ffad3894718
3⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
3⤵
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
3⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
3⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
3⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
3⤵
PID:608

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
3⤵
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
3⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
3⤵
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
3⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
3⤵
PID:4308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
3⤵
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
3⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
PID:4064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad38946f8,0x7ffad3894708,0x7ffad3894718
3⤵
PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2396

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
6c7fa2ff97105e45d921804eb52aeebd

SHA1
7a46e781ddb336d800ea59bd992c087658672fbb

SHA256
7022d7b62da65ae892c8b511236d968d3ff818c078d2e609cadf9b15e8c6ff0a

SHA512
ffe09a99b6d8fa06f9b497860a45993cb88c18b29f6a9472384b66b5bc182342b6409d5443c89b49f7020028fa4368ae076d9c9ed413029ea58a2844d4346b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
9825cbfff3cecceab09d7aefce7d88ca

SHA1
60f3cbe215ddf4ff7649c5f0aa4d9b11e8eb7150

SHA256
3d6ef6d44ed19db04a3c148462e068689611e391884ba7448d5d082d2f726561

SHA512
b99553307265d2bf0184287630e4943808bb4fb5f10916ee4dda55420ffd48015e67913a741dd93a849a879c167d09be0c59b8887c8184b198cb235df9d87197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2af48689f4211d78cd6cd5399db29850

SHA1
f859877eb940fb5f4b299b1b57d8efa41094f8cc

SHA256
5477b053396d603032ea9fb2392e85bad79e247e7e201104b4a828ffe0ae7b9e

SHA512
990dff01288e2b1418180694b31dec0fc6667b1b2d16b09267ac9bbabeec5871be5be3d7fece9dc14721581e4181f002010e2fec3c683483a8f5453ae69a11d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
cf30a6796c4226615b5dfe5d3e406a05

SHA1
72c054b3e243327a8760dc5143062a9297f2b491

SHA256
a048c5c948c4ba53a5ca790e1febd0d01af4702e4efee535e7731635c9418494

SHA512
0c894d14ca07fac5bf7dc9b8a23a08198775cf599952bf5c2370944f15eebc14403db2d7d6121eaaf520ea103c49378b2f6e16848a89c88107410a893d27b998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
367B

MD5
bbdcd44cdd89e612f1419cc641180518

SHA1
3dc4cdfb8f6c0788081f90ce0ddee4d3a3987c2b

SHA256
f16faed05ebf6b032367f3b411ac683af897648cc60e1d71f3c5df450f8b25a2

SHA512
7b118373c6ed2d2f2ecb00f2c9a3167c7850d124da1384d3155f709fae0ab2019476964bb4ba7b4416b0c0e901587b96a501595278f4369be607700a035071ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57aa59.TMP
Filesize
371B

MD5
483cfeba2ad6ee07c44a2ac225247060

SHA1
6d2ebfbdc0d9d2157514c807ab86dc82b91ad3a2

SHA256
88fd3b3e234aa3f93e7d39cb992d284246fddb2545298670c52cf80d2f96383a

SHA512
d4e4919fe0466905eb940f97e0d9191760114c8f7b38c63c521b2cef689844a8ecb26eab43bfbc7ae2176b7426448b17d00e9ef51dd6627fd43d73192f020372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a9773ea5bd979bf456aea7d3426324ef

SHA1
7347964621c3fd7c25eaa0d43a22e341fa5f07a9

SHA256
8fbad08e7f30248e13006c254694a1a4a7f369f55d680b84d1f5738511e1c46c

SHA512
bf98207476c9eea711e7902ae17dc70e894878207b02f5344842cacbc99cfb199816bff5261a215c0a4a18243cc58eef815fa1e66220747cc1c71ccf845daaa8

Download Submit
\??\pipe\LOCAL\crashpad_5148_YDTJFSFGEXVXOMKN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit