Overview

overview

7

Static

static

1

sample.html

windows10-ltsc 2021-x64

7

Resubmissions

13-12-2024 16:51

241213-vc4xwsvlb1 4

13-12-2024 16:50

241213-vb8vfswnhm 7

13-12-2024 16:48

241213-va6cyavkgt 7

Analysis

  • max time kernel
    96s
  • max time network
    97s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    13-12-2024 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.html

  • Size

    267KB

  • MD5

    013e0b981d54f5a9de5a6cf632d01861

  • SHA1

    318906e3b9d2ee91e8f2f5c77fc71a0dea6b1730

  • SHA256

    6d5b854ecbc462c71094568fda7c8825e6b3d3fb6dac1df8c5812d8381de7c16

  • SHA512

    139867456d28bb98457e90c29f5c1c669e2a827fef771a51490fd6214c8f0e99988406aeebbbbd744f7422cc78e6c1fff10ac4ddd5a7f6a7ff796b176bc2b3d8

  • SSDEEP

    3072:IfixOi+0joZHnIbOGlyJzh4BgEJwPBIsgUAwtN+Tl/jah:IfixA0joZHIbYJmgEJAIBNah

Score
7/10
microsoftdiscoveryphishing

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: [email protected]
    phishing
  • Detected potential entity reuse from brand MICROSOFT.
    phishingmicrosoft
  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 20 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3700
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x40,0x130,0x7fff6e4646f8,0x7fff6e464708,0x7fff6e464718
      2⤵
        PID:2812
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        2⤵
          PID:2020
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2112
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
          2⤵
            PID:3224
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
            2⤵
              PID:1852
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
              2⤵
                PID:2512
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
                2⤵
                  PID:4464
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                  2⤵
                  • Drops file in Program Files directory
                  PID:1156
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6e9325460,0x7ff6e9325470,0x7ff6e9325480
                    3⤵
                      PID:4992
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2092
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
                    2⤵
                      PID:2100
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                      2⤵
                        PID:3264
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
                        2⤵
                          PID:2976
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
                          2⤵
                            PID:5868
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
                            2⤵
                              PID:5896
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9636037124247031616,14804814963711867822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
                              2⤵
                                PID:6360
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4624
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4056
                                • C:\Windows\explorer.exe
                                  C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                                  1⤵
                                  • Modifies Internet Explorer settings
                                  • Modifies registry class
                                  • Suspicious behavior: AddClipboardFormatListener
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  PID:3092
                                • C:\Windows\SysWOW64\DllHost.exe
                                  C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                  1⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:2512
                                • C:\Windows\system32\wwahost.exe
                                  "C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
                                  1⤵
                                  • Modifies Internet Explorer settings
                                  • Modifies data under HKEY_USERS
                                  • Modifies registry class
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of SetWindowsHookEx
                                  PID:5288
                                • C:\Windows\system32\SystemSettingsAdminFlows.exe
                                  "C:\Windows\system32\SystemSettingsAdminFlows.exe" EditUser S-1-5-21-1798060429-1844192857-3165087720-1001
                                  1⤵
                                  • Suspicious use of SetWindowsHookEx
                                  PID:6252
                                • C:\Windows\system32\LogonUI.exe
                                  "LogonUI.exe" /flags:0x0 /state0:0xa3a3a055 /state1:0x41c64e6d
                                  1⤵
                                  • Modifies data under HKEY_USERS
                                  • Suspicious use of SetWindowsHookEx
                                  PID:6400

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  b03d78ec6b6f6bfc8ce2f6e81cd88647

                                  SHA1

                                  014cb7dc4aa1bc5d2cb4ec25ec58470baf5b6741

                                  SHA256

                                  983928a84fcf0791614cc3d17d92d62ffbed0bf0f141d7544d0cc762977a3905

                                  SHA512

                                  4699916bdfa5776d72ad2643fad072a7a19783900608290bd1246a19624d61b58a1d80eceb74215b7198aaf04c526fa8703d38f3c5fdcc1add19b87508685ce0

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  95ba0df0c4c417ae5a52c277e5f43b64

                                  SHA1

                                  7c3bf3447551678f742cc311cd4cf7b2a99ab3be

                                  SHA256

                                  fdaa82c65558793b81117a66acd5645d4072f6b71f164ed2717a17cab6e727ea

                                  SHA512

                                  fcb35a1949664f218ae40c25fd6eaefc4ba6417034a522f0800c50ee78e530c33080faa73ff9ea82f35749d404d6b9c94fc7e8e224689503e699a5ec2b0d5abb

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                  Filesize

                                  70KB

                                  MD5

                                  e5e3377341056643b0494b6842c0b544

                                  SHA1

                                  d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                  SHA256

                                  e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                  SHA512

                                  83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  1KB

                                  MD5

                                  590456d94eca146ba4f095e171ff2c0e

                                  SHA1

                                  52de3e3b5d30e6a8636dc75ed178b21ffc41964f

                                  SHA256

                                  a83c4c089970880811e63a9537b36273941359572008353084b3e812a8bc0c29

                                  SHA512

                                  9c8d236b3182788efd42e93788cfda292a8128ca8f405ba60cb55b04aa6ccf1eb778adda22dce1585a8a652df42171728a52bfa7e5b443e7c5f01f01abdf193b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe587dd6.TMP
                                  Filesize

                                  59B

                                  MD5

                                  2800881c775077e1c4b6e06bf4676de4

                                  SHA1

                                  2873631068c8b3b9495638c865915be822442c8b

                                  SHA256

                                  226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                  SHA512

                                  e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  d6ab8550479fbc0f50d96c5f5125541b

                                  SHA1

                                  35e100b40f556272a1d1d28ce59d2f1a5473bbcf

                                  SHA256

                                  8337ebf83bdec43a2813572af97fd7bb185e01623b72e61d4278b7e0bf27a7ec

                                  SHA512

                                  c95adb9fe2cebd59efffe27ba7058747fcffe0c8740240cf555aa879ebfba5df0d6901f54c02a14e1b160d0954ec42b77c0c6f45f7ceff65d1312395510902d5

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  efa8c9ce1d16274abdde57304cf940a3

                                  SHA1

                                  06196f5216fc471e11d6344724de891ce61dcc47

                                  SHA256

                                  dd9f4a0009c1f56a96aa303d1c8190571d8cb755f6b99e6201b49f2a870fa342

                                  SHA512

                                  0630f12cd362f7dc196980552dee3b42f798ea19ab97b4d795977467fcf9aed212fff56a7e20475a8c61877ca83a30ad5ccb06d88f4d9fad042375467ec5912b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  0a9410a7e2d703df52a25fde06dafd32

                                  SHA1

                                  410dfedc538a887180d3ed22f8bdd5a33dc44a61

                                  SHA256

                                  4725ce9994dfc6d613b566b5a68841f89c530308795928e3b8b312a799cb85b8

                                  SHA512

                                  b470a485d5fc75859f846f970b95ca5027f89e9c2a6af35c76ea3d8b78d0b83d5151e2b5216b9355a202888e1fc5f67d9f522622c2081bed97435c0f39ba28f1

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  7f95f5884f2c87b24c2ab51138ec0296

                                  SHA1

                                  16a172e8eeeebc43fc8aaa6d5a95ae7a62245c71

                                  SHA256

                                  d1d678f8a3deeb1f8b707215298a9d57f3acfff2423d07002af5606247451a2e

                                  SHA512

                                  e05b603e5d6eaee8a734f018139bddba0a089f9550bcf0544b7a09e2c33d563450cb95d0930b2cb20bf5a80f57d89e622eecab13e078d3598e085f83d3d0ed46

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                  Filesize

                                  24KB

                                  MD5

                                  0493f44576fd7d9b6216b7387a26543e

                                  SHA1

                                  47d35c7f2990ec4668ecf1c01e0e5f623153a3f3

                                  SHA256

                                  0679b6900e2118e17164159f449fdc1f6bf20c0cc0b056cc9aedfae42a830ca8

                                  SHA512

                                  a519962ffb281d471bcf63c0bf75bed19d4eeac591cf6bf8565af14dde1d57fe8cabfc05bec52b2087ce8c6f637dbefb438ce22054895dc116b31bffa18e9cd3

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                  Filesize

                                  24KB

                                  MD5

                                  1cc3bc2b1c52831cc0b972d856888e8c

                                  SHA1

                                  9ffa8cf55aa29f6cbdd5ec39b1b33938b29e9990

                                  SHA256

                                  a8f894b23c518e04d94f1bb51343443de8121366171d2f05441283dbb1cfdd2c

                                  SHA512

                                  85bd6789da57c911f9cc35929ab302829614a4f03b3de30e28ab16558279ed02200a7db802c9bcd6b2e5886ea3c323d6a39eb8c3ee309d8b5702be65dab7c3dd

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  206702161f94c5cd39fadd03f4014d98

                                  SHA1

                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                  SHA256

                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                  SHA512

                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
                                  Filesize

                                  41B

                                  MD5

                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                  SHA1

                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                  SHA256

                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                  SHA512

                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  ef303fdd6c9aac567b19366f754ce108

                                  SHA1

                                  7be862271cb63c2bf979bc3d609474d4934a0227

                                  SHA256

                                  4630aa1dbfe896758b16712792c60ad1597666488269e9805c665044099c68d1

                                  SHA512

                                  045697f62cdc722a69e01652963432ba779ad66bfd260cfba202c94922e2558379878f7a8841a3a8f11a725fc1cc2c29b8969ed0625b17e15a657898b9ef9ecf

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  8KB

                                  MD5

                                  bed93ef44ce44e9eb3ec052a38d60dcb

                                  SHA1

                                  4b09b4a2755de81ca8713c1628d2dc2847caa1da

                                  SHA256

                                  f4ec8dd57cc61368a9494b25d536e47e36a977b309502111ed57037a44ab2522

                                  SHA512

                                  ac7b0712d378079583130107136456d0b16b869da4ab0d84abc5e876b659a02687f98a9d7c32afa01128362f14d61a9f180a2fd7186bdabcba5eb1599093e759

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\3WNWTSN8\account.live[1].xml
                                  Filesize

                                  13B

                                  MD5

                                  c1ddea3ef6bbef3e7060a1a9ad89e4c5

                                  SHA1

                                  35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

                                  SHA256

                                  b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

                                  SHA512

                                  6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                  Filesize

                                  3KB

                                  MD5

                                  58453e4f7b7c11b76c53d23a374dff83

                                  SHA1

                                  6ee415bdae4a4b50780e7ebfdd9c07efdce7c0ba

                                  SHA256

                                  be97219140a7b7787c53029b972a06b0f85b6075f7eed22b82dcdb1327742385

                                  SHA512

                                  a02e1cbadf67e5239b1174ec36c1818cd4fc2a5946c35cc01a29795b5744420f98cacbea5d5046411464dc150a1b4303fbd25da0936254a6332092d360e5bc6c

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                  Filesize

                                  3KB

                                  MD5

                                  3d92f8861189091b937370be6e275fda

                                  SHA1

                                  0e3e480ccb851ed35dd3523e97463b0dd1fafe04

                                  SHA256

                                  1569b9bc5f1d1caca80ab8974b383b00011fb1a34d81bbcaf702dcb2e92a960c

                                  SHA512

                                  a82d0bc099cda767efee3cb9f5c944b5d05178433c9e6cd83d7963556d2b5de9790e829403e4cb33ef9b855dd87c01b49546ed3352d7dd0e151d2e7ac7376fa5

                                  Download Submit

                                • memory/5288-529-0x00000244F6AB0000-0x00000244F6BB0000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/5288-506-0x00000244F6440000-0x00000244F6460000-memory.dmp

                                  Filesize

                                  128KB

                                  Download

                                • memory/5288-604-0x00000244F71A0000-0x00000244F72A0000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/5288-710-0x00000244F7880000-0x00000244F7980000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/5288-724-0x00000244F87F0000-0x00000244F88F0000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/5288-571-0x00000244F6AB0000-0x00000244F6BB0000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/5288-515-0x00000244F6720000-0x00000244F6820000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/5288-514-0x00000244F6720000-0x00000244F6820000-memory.dmp

                                  Filesize

                                  1024KB

                                  Download

                                • memory/5288-428-0x00000244F35C0000-0x00000244F35E0000-memory.dmp

                                  Filesize

                                  128KB

                                  Download