hxxps://modsfire[.]com/download/NeW1dYe2P1vRP6j/55777

Analysis

max time kernel
1049s
max time network
1051s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://modsfire.com/download/NeW1dYe2P1vRP6j/55777

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3712	msedge.exe
3712	msedge.exe
3872	msedge.exe
3872	msedge.exe
1400	identity_helper.exe
1400	identity_helper.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 2188	3872	msedge.exe	83
PID 3872 wrote to memory of 2188	3872	msedge.exe	83
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 4192	3872	msedge.exe	84
PID 3872 wrote to memory of 3712	3872	msedge.exe	85
PID 3872 wrote to memory of 3712	3872	msedge.exe	85
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86
PID 3872 wrote to memory of 212	3872	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://modsfire.com/download/NeW1dYe2P1vRP6j/55777
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe26cb46f8,0x7ffe26cb4708,0x7ffe26cb4718
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15372167784527935121,6964738120675425858,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9b26c42c-ebcf-4289-844b-35a8acd62ed4.tmp

Filesize
2KB

MD5
5c7e33c8c16ab0064d9e985750699db2

SHA1
cabfa586b8031b472a8ff7d3d3ef60db95f3833c

SHA256
e0dcad37ef444df2edb981a73146e3115673345b5490619c803d23db4bcf9eb7

SHA512
9c7d2ec9abf76678868136f78a4f02ed2beeeb3a08fd45538bdc86c97dacc5b0ab564dae339aa01950a98a6224b834789b69545a5ce8ea35e36059eb7a641658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d54f09b01c35923d7507def672c0d881

SHA1
f6b13e8cb7667fc85108e2d3d1f800414201287f

SHA256
7d30cd804cddbc75a307a904fbdf09ee9976eae5340a28606938f49c41131ac1

SHA512
4cfa5cd382f546b03763dd79312df0f94b53ec889df6969a5c779409de20e0d54b895acb879209c479d72587577108ae8d62e81109b1e8b18f9c60ec90d0469f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
e750893319af44d7cc27d7a373a66fe1

SHA1
0dbf38a7322e8fa1a80e17088601a6130d27471c

SHA256
84e3dcc7ddf3f8c02efd5784086be20d47227fa20c6585808b1e5dba90ed6354

SHA512
64ac2467a3186716cac8955f85902d844e01d371231840fe2d8d24a73d689f9c766a72e95e76d06dc01bdbbac01eb34c85aeb8aca20d60d1666dd03d75f4b2ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0eb3f71fa45e0e0770ea7a29248c9d70

SHA1
f81908ccaa91e69a52b6c15f219203f2d634dae8

SHA256
8f96c7f0371c09ef0cbe33ab481727ec43ba2b5bed92834afa98027f5b9f7b3e

SHA512
05ca899b7d4336d526f3e265af9bffd900e41a213f6b294b44c246869ffdd3216bed647e866f31fac39886a4bf9beb4319603247d11bf75576db1106c15adb47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
78015b4036393018082f12271588bb89

SHA1
c4005d44736d5ba2e866b937b1f9d45e7a2ed98e

SHA256
506c0fe83ca08497a69f854984bbe071a958dc67cb037688e24780dedac89e16

SHA512
9a78e7a57e6e26c221ff0141b9442687973184b02ade70dc444d90933b0cfbc7b794f34d51f8373e79502eee3789e43e85379c2c53243acd37a5aecb64846e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
44b3f60afe00fcdd23882e65d3dc8d33

SHA1
42b61e5e416e76ba8803181c311f065a7812b315

SHA256
c56fb883a304e4ea6d449b45f1b6c440a76bf901ebcb6fedbbc5124a3be0bf33

SHA512
ade9fee65659ca310d9e22b88937da1acc17853603a79a5511e375c98e637b2608db3b509e43d9b875a8037a0c40e99711433b7864e5f8f90d67b396d3143983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
acae3780b127b087071221ed7e13be62

SHA1
8820597f5a21589aaf6581dca807c9e20da32ce1

SHA256
b1a56e5af3d1a13d5f4d69143f078f7f4421afcb2dcb9fd793e7a9bfaaf2c16e

SHA512
93a86612dbfa182720555493631979ebaf46c9bafb18942eb7500234d924c0a9c97e1952041b3b734566b11d256b6b71564a3a742d93458a6d919e2c0f0cbc46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2a1f5a4e93e54a3e035cefa10d966ea7

SHA1
8089fb72526b674286b64e5e6d43370267be0fdd

SHA256
6610e367f4a65b92fb94583d0ad8f6373dc1b5fee78b35dbb7329ca42ae1891c

SHA512
8a06d70e671010b773d6a91b6ca445c961bd05bb3c847a1c266f965cf25f8a4bde166a08f1a01b20a41d076e87b1c135b610ba1741a954c42e204e1702f87c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9dd65f4a1f4735ed499d596314b56e13

SHA1
2a19ba53545e8effed9d3f6e8f20a2977689f5ab

SHA256
d3ce6fe08df323fd946fa7c17898f2d9d8b0da7317a5273cb27cdfee253a4f05

SHA512
499ebccd7e4b17c49cc27e5002593ed9522b0aafa9fe98b2454b5968548e2acb9304ac3c34ea59e8fd36a56d28bb457a0513aca064c944eed785ef92c38c51e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f0ff79eb3893d3947b205b65a5d99ee2

SHA1
c8e73cbf67dfa7e2885cc93fe4505890482706d2

SHA256
1992d6b62c007580b96f40441a3bc9b5a04e8a71f4deaeaeaf9e7a1f79205305

SHA512
4a2240e1594dde6b251d50488858aee64cc92f5f02a32565d7b3b4bc09044cd9f1ef6568d8db414f515feae715d34accf76df2f0f2cfa28c4fa69dfa95255535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e510.TMP

Filesize
873B

MD5
0273ac0bae22b6d0ae5306ae3ff48405

SHA1
77ec46e5b8e996a96a63368d87e1886152d0d7e3

SHA256
0d19cae7c79adf0107e7c9e3522037856581d4e35fa286b255d2101dce6f8341

SHA512
f895e4aec7e8babed91c6bb29fe59ae7ca44537a75c71785847246c0547e1970e66fbae9217dd6d308e9e5116699c0bc2d7cb3dbc46a88c283e4e3238898de08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f75b3f7b90d2f6af2b57136165a435e7

SHA1
5ee95f4319a10f8d1f2654e59009a6c25046026a

SHA256
31fdfe734f224b10e018cf8bb5c86dc882816b142fdeceb93a1b09708cd4a975

SHA512
535b38a962e497b29a7b316c4fb5b20ecdbcb2f51a393ccc8d08c24c1d3cd2b5f87fc55fc1553c9947b1e848a595303f36fa3bd3084ad9df18e2e9b906b4ee1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c8c4f2b71b0ed69d39cb2148bc3dc75c

SHA1
47a31d782d20c6d8c4b5b8c3e1c5d2777c08373d

SHA256
bc3240eda75794a73fb4bc95a854395d921834e5b4fa0f403def13da194c33d0

SHA512
f27bcaeac0bcebf5649843ef979ad8e2dca19b3c94dc77ffe238b149929e6e6b143ed3e39aeb5754334f54b2c1672120c64a18d1d5fbbe7325e4fbec494971f1

Download Submit