5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4

Analysis

max time kernel
137s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe
Size

151KB
MD5

8c3e3f803b9d4ad07e2aedb1e9c49562
SHA1

f69709942f3a9c5dee2e3a6701e08c4dec188f8d
SHA256

5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4
SHA512

b46b1bd1197984cfe21a0bfcfd75fabb4f0d854fe72ba0479e0e31da8efd54fab24b868133d7e275da9ea1c4ffd239a3e779e11753c32fe32445632d5d789026
SSDEEP

3072:x+q669TOtPbQPkJqoD21d92gGb4du5A/n7Eyd:xvTOtPcPkJqoDCDGb4dP/nQ

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3044	msedge.exe
3044	msedge.exe
2532	msedge.exe
2532	msedge.exe
1600	identity_helper.exe
1600	identity_helper.exe
5484	msedge.exe
5484	msedge.exe
5484	msedge.exe
5484	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exemsedge.exe

description	pid	process	target process
PID 1908 wrote to memory of 2532	1908	5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe	msedge.exe
PID 1908 wrote to memory of 2532	1908	5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe	msedge.exe
PID 2532 wrote to memory of 3948	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3948	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2852	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3044	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3044	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 3272	2532	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe
"C:\Users\Admin\AppData\Local\Temp\5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff8b91a46f8,0x7ff8b91a4708,0x7ff8b91a4718
3⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
3⤵
PID:2852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
3⤵
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
3⤵
PID:2468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
3⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
3⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
3⤵
PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
3⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
3⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
3⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
3⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
3⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
3⤵
PID:2276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8b91a46f8,0x7ff8b91a4708,0x7ff8b91a4718
3⤵
PID:1840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\95f942eb-a9d0-4ba7-83d6-5beb9ce11cce.tmp
Filesize
11KB

MD5
d2856a6326f29b9d21bbca7b255104e6

SHA1
bad9aef86577a96e0bf7460fcba0c863ab76e9a2

SHA256
e96316697f04077f7e0b2b9a3b7a9e6eb132c11e29fc60618161585592c9fb59

SHA512
3bbe846bf6224d3b8b9ec5edfa73c4f7d8f2398ff1943bc1ef00120d7973e44171b9d7b0f7ff236ac221126c3f468cb5ff6e40bd0da201dddc58e5665d153b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
19faa62594ffae211b75857c5963e6e9

SHA1
7a35ed7fbe2f9aed5be9aa8fbff270a391103774

SHA256
bca0a58dd8c9c383795b0437c96a39c5dff6e119a71f33d223ff1474211c7654

SHA512
418df0f1cc487efdaafba936c5271d3a27a8ced9e59b0ee0c31ee6e1cef07f75017110de16727387d8859275b2eeabc211ccb95aa435331610f74736b438fb8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d3166b16a7393df591538cfc1cd95589

SHA1
c0ee1150998caa11d709ec70796e36cd055ad5e9

SHA256
202c56acc685c2618a626c5a875ffbc3fc07d0e69bd4ea7d94c969758e0ff6ee

SHA512
7497206a852b3c1d2adbc5ae16f95e25ba9ff4b695ebad460ffd019540faeaacf1e399bffac506cf735a1fea6eedd52844cc047bdadeeb3cf68f6ea462d159e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
9663b4312fb706d85be2b576cd03b350

SHA1
df9d6d37e1cb221c4ee27085218502734cdf5e0b

SHA256
a5dcaf880e2dc1dcbe492730701046321b2b863a9a4a5045606cf2e1de236bea

SHA512
351c257136931a786b926f8002b9047d0b31de2ab7a003e1c2d3947c156fa54fe5b1a43644817e7dc66254a440a76f648e5fdd833d58b369364d80c58109db6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b703845ef3c2aafe7421a5c61c7c41ca

SHA1
c4af22e027a4fc4c64892a20a7ef1cd0245bc6bb

SHA256
9c1c595829fb214127aaf07d70f7d901653e6ce74aa16c3fbc788caf5bfd4f66

SHA512
81654b170c70cd6d799b07fa7c14afd24bf07689a6e0edcc4090bd3150aebc2144cf4fa90e65ffa7b70f13447b3920a5a229b2461f37eaf7194828ca3c56918c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
a4d57632f2ca5193eb739057b023f23d

SHA1
6fc7f6d587a45af3b5ee67c0c32f14528229d374

SHA256
b754426ff94753d35f251e78cacbe6f8f848e076e643ad43a3064f321c7f3a8b

SHA512
dc83f17a3992b14c28033b6b5dd6305006782a066c68c924b4c8bf2e04596de24ae104e83814aeb8810e750f54dc8f0f08d4bf20463eff71b9d06c995aeaf7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
2172b13aee9b92402344551ef19337bb

SHA1
851491ecce5a792ae8964224dfc443c7c6618888

SHA256
0602537133c1524f5bfe564ab1b590b7ff1975c53e179f098aef539fd2a7afe8

SHA512
a94e49c1b2de6d4b8b765c51102a68ace6291f53817eab09b6d69b2527a23ec5b60791d76ab6e20d09bab3e937abe8826618ba8c3886f57e3bb3da35f48ea6f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
\??\pipe\LOCAL\crashpad_2532_DXJRPZCAQSASXMDB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit