hxxp://bing[.]com

Analysis

max time kernel
1440s
max time network
1445s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bing.com

Score

8^/10

steam discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 42740.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe
4928	msedge.exe
4928	msedge.exe
4368	identity_helper.exe
4368	identity_helper.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe
2476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe
4928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 2680	4928	msedge.exe	84
PID 4928 wrote to memory of 2680	4928	msedge.exe	84
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 2524	4928	msedge.exe	85
PID 4928 wrote to memory of 3228	4928	msedge.exe	86
PID 4928 wrote to memory of 3228	4928	msedge.exe	86
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87
PID 4928 wrote to memory of 1076	4928	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://bing.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff92db846f8,0x7ff92db84708,0x7ff92db84718
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6496 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7066735320841979364,9659645463229216479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\58d399f1-25f4-44c0-b561-64677d09778f.tmp

Filesize
11KB

MD5
a0e85fd1822e2b89ccac6b1b62c24102

SHA1
577d8394a18384483ac2b196ff13a8a960530fd5

SHA256
7a3ef8fba28b823e36bad8fb63d1d0cf39ffba87a53a381e40a5bb40e0fb543e

SHA512
7b717112f6245221e49fcc215353e6f90994df26a16a48fe5427a8a7d316c937e21a4a49da895ae06355c95131eb0b552f44ec0285c9205b087082cee1bb508b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cf610cd5950eb5d4d5d929c052e2a170

SHA1
79e50fbeaf2d973fbed4caf6f34901ed71bc3ce4

SHA256
bef93d416147c660494930da5f9e1f405d9200988d52d8e53c9c0bfcbb6e332a

SHA512
48738bfca9d9894b81f0ef524e22a6f89b9f78360029709c382d41c2ffa5bf36e323f62195ce7d2f61c838d56b62375425373aae57f0fb2636465542e7359173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a772e5ea119ced0aa92bf8a3b4edfc22

SHA1
29a909433de2ae97bf65de8fb6745a6282e45d3d

SHA256
842b3e579fd42e11c3d915dfe67e817a608393f57d7be23765b2104ee98aec6e

SHA512
38c132962f9db73fae1d6478c61432616ebeea77e79edc1f3fded0b2b994c56d2ed21d980cae00b1e6299bb9deb64f8dad193e2c4cb27a3a49b5b646a4e89c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
810B

MD5
3d98f610bc572741b1d760884fe152bc

SHA1
4740fb821a004730a1c7a0d749a76205194c6ea7

SHA256
febe37635755c6c04fef21dd93eb9f293b5853321c6cebb4d2554ae186d17b2c

SHA512
60084f99dbd563d5795892b30a95132b6c4d03a5bafa0b5dab0c3e2c5ff64ffb36b318df6782825255266613622790a48c482dd4172177673098d4d500e7c002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eac6a60a7b384d66e9453ffb69412cd6

SHA1
e1de6bc4064dfbdf3de490d2dfc8873c0b716eb5

SHA256
bf0a6dc5a5934c772f0dee1c7ecc4c0459598ed7179e371be3243b8cc7908b46

SHA512
642187955155809209cda6bc911475f252d47a1ab93866e7ec33427624a2f82f7a67578b9fc4ff634fe4bc230886f645412074a6c108e0c1856527665254631b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3e886c62bde8823cf2e8837961193098

SHA1
79c2f970c3d5c156a64ff539d504e64ccbbcacc8

SHA256
5f3ed2559f846748ebe6894f6e472b4204f81aefde5c581d2f988be5bdac1a47

SHA512
2b1b3b63d7d1e450cab2610d40137113de75ebcdef8738448bae5c94a4db59200d3f729c4eee631fc9b3cb4809412a9ad84f1f3b1639623cf64f4342662e757f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
254ae224c0819b5f4dd6c267b3043920

SHA1
baf1770945fb52afa6cd1f05037f3f79a3d01bd7

SHA256
c435dfe7395c43b67c4e9e93a7eac0580a62a788d36632bfc6f2317919b138ef

SHA512
b48dcb5a38ed79778658a1b64a70e517e0cff85df68d83859303a5dc3c07134c166d662732af109db59a48809471ca43b44ddc39d07db73d2cc1efddad701200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97d8f3b0b19b5725590f510c98aa3d58

SHA1
9e2b2670a3bc3fad5ecf92d43bc28164b5658e6f

SHA256
8b32568b7741eff4adb3ab48bc0c2a8f301df3965e36acaa45c08ae2e1b09b23

SHA512
6567e0cd0995a741c530673befe72a4ebe077bf1b7e69279b50f697e718dd95e2b82a419f45fb7b9699342b96da8ef42d12b3a2428cf8a833347e2b8269e06a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8a727315cc23f457cee210ae74b4171

SHA1
cf200aca1e82ab89bf4b3684257a4503e8f70bbd

SHA256
a1a3d91779c6bce6987fea3faa3db0f9ab762a424589d664fcb930b0b03192a6

SHA512
667f24f2c04eac66196065f4c54be53cfd5fe1ce40c738d87e2d22adec6a24c4052222b6b35b679d63f9983c6b811efa45eadf437d3f6c36336c2a8f20ba538b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e89584cd3d9d36402f306c3332eb3790

SHA1
936945c80a502aabaa7f2c992d22abe0e9314e10

SHA256
7e47fefb2542eec58c2a0cd3999746eddd36f094872cef95ba2c5c31ee4c1782

SHA512
f0f1e6ac0887abd3c1f607db7e7cdeb4babf8d184259d5453c4d4e543731e7f85c7bc50788914d9512e16b28deafe122f2240cb8c89029b71c51a087b737aa2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
372048bd3df2cc8b0a77350cb1f2c3a5

SHA1
3c7087d6a4afeb00e8ad5c7ee69cb9fcb6123f7d

SHA256
3883a19aa3a391fd6a3d89452bf2485d8521b0c2555be0f3ed9301ca960ef929

SHA512
4300d2aef94f7ee8447385db6e488445b464451a07b17e10177bf7cc31867fc625bf1e40546c925aff092220f13052f8bd282e983c7ae459ecaa5f3c1b681a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b04dc24bca6b45a6b6fb5337a5c09fb9

SHA1
98804816b2e6a363b1673a3590f8faa8cfe7eb29

SHA256
64a70738a180c9039101ab8488898b6b962a56ba23de5a866fb3ab86ac81d74f

SHA512
62b6880800a1c8a954aa702322f3328caf761f8ace64354d2c3d59171373442ba82e5fb3195af10aed2e3c7eca75f97b5d5b91cca2604a812fefb3a7509c629c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
4ec7c8d357e1fb930675f1c714b01531

SHA1
79a72e694c8ee1b7872ea50ade6633e96b8ccdbd

SHA256
ec7ef1f18517c5c05b805fe98bc27fce3f799eee1de7a1a5c36ef621e0e5387c

SHA512
f693c241a77a1e1403d1ae5e9c6528d51ee38121779ddca5dfb79f9391b8eb15edc6d83243f71ed98ec8e7dbaf8ecea0c61d59041ebba7741e3f199025deaa9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f2fb.TMP

Filesize
538B

MD5
efc2eff0eefa39b557647c6857d724b1

SHA1
3b8fd4db77383cc001adf51da8a4d7119fc1809c

SHA256
8f89be2c56917737c2830a909ba4f62d527befba5fc432cd2da647abac5a2d8a

SHA512
63906a87d7a1b708e19d1ba61edd4799040045c9ac37fb1a59f4abe216039bbe492e226b24ee14c239d7c66d856f0bcb00a8ca331eb415524e4b54e56a718ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
787b08ac124ab756c3b13ef0ac1bf9bf

SHA1
0250559bf04c299ac106c8d8a7b8ca88e1167f2b

SHA256
51d478d2a11773a343d29392838c5e717e326ebd163039993b88195af4b4f4c5

SHA512
3c40a194d3252ce5569a11bd7cd40f86a3ebde1b3e333f5aa628dff48f335ff3b52628d2ff2069b4abf84c3fccbad052851af0e8823a5e4075d35b8a0434f6a0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 42740.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit