hxxp://marketplace[.]visualstudio[.]com

Analysis

max time kernel
111s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2025, 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://marketplace.visualstudio.com

Score

8^/10

microsoft discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 648255.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2296	msedge.exe
2296	msedge.exe
3856	identity_helper.exe
3856	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2712	2296	msedge.exe	83
PID 2296 wrote to memory of 2712	2296	msedge.exe	83
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 840	2296	msedge.exe	84
PID 2296 wrote to memory of 2916	2296	msedge.exe	85
PID 2296 wrote to memory of 2916	2296	msedge.exe	85
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86
PID 2296 wrote to memory of 2720	2296	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://marketplace.visualstudio.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac05146f8,0x7ffac0514708,0x7ffac0514718
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3752 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,12373203901025895216,8886598785078490487,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
396KB

MD5
068e45271fc4477a9d9e1603b34b2db7

SHA1
745061055a77cf1ce4308fe0f491492777a45fe9

SHA256
79b68e202ec475405a48f78d254af8dfcd3f3e4fc13231c2a69e23e21b77b06c

SHA512
3567a8b62ae3d3065fa0aefde6bf14536cb4fc050606432265fe6e6772f7bb7191b60440124ce4633c46e60f77db877c4a1ba75de527cd87706d7389b9ba0bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
16KB

MD5
ae53c61ca738321f4e024b4c5dea05b7

SHA1
ebef3f9a0e93efba9a5f3f10a0683d93e0b06ae8

SHA256
191db8fd9736101b9ed08d603d1573c412eb358470dfa7f8fbdfbcfc6519f758

SHA512
b0142b41f21daf3a7e8ac7003ac73ef11051511d81ca14696d7498ede3c6c4bab11910506d9b44a8fc84c0890662936919ec1d1cbe49df70955a72e4266aac43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
40KB

MD5
ea62a2a2f95d8a1c8a1caaa664b8aed5

SHA1
4c5aa8fcdbe52d213b33ccdd1139ee1253ff65f4

SHA256
38a56ac97e63d35a5d2d2b835e9ae0e52b0a430c2bec3b21341ec5f310cbf75e

SHA512
0bbdf7114c1277bc8f1f35af5758ee27a8dd0e7aca3daccfa95b1db3bae51f9960ffaf445b479c225f1b8f8d70ab5b2e99ff06aef3aa8c0ab390ed5409d806ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4bd245f64026eea476e07c93e21eced9

SHA1
5949494477eda413cc6160c5c5912a48577e29c9

SHA256
eb77fd4a31d66f22aa8e55246ab4192ae4f84a92d121cdc25c4e25e5d87e537c

SHA512
f7432fbdb9abc7337d955455bf34b15d8b26becbf0f4adcae454d031179b4e535daaf9277d605a92e8d5b411a157153a717a41b4ad1cb05da4a4ca195c9a4388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
10d968788a9337415cdf329284a7fade

SHA1
321676dc7299a4bcebe1ebfa96d44e207465392a

SHA256
5674f70d2122af8e9bb98a2bde18f8c9c168c0c6ca4a623a8a68c25ea4461aa7

SHA512
a746314eafa93b7524b365e590882b457ed8e1446d3ff61dd84848d136fd601847ad0145f44ad2cbe83962c496e0475b5d2778bea93b0343a334dd73433eaf35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
352B

MD5
5fbf570fc7a8dfa2c60c68795e59b274

SHA1
4cd3c82d42ec9ff73e0bb40857b6e4b3f32677ac

SHA256
db9ec5d765212c13af527343035c55b8cfd15ee3fabf868699aeddd2b8e93536

SHA512
0b6cb31efe772b5cbe4f7eb85ab331ccec1c6f2124000577ff0a840e1469f2fe955a6da7f91cc8a422df25174feec62ceaf77897a61a856c142eec10a95f4eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da619a4db9f5840ba61e931ea732955c

SHA1
e330f980aa9cc155c42b425a110c51a36aa8398e

SHA256
25aea975a9b37776197c0230f8e74164da694fe521377f5b34c7a58339ef6c3a

SHA512
b0c263d5b2e3ec8ecc137828e2aaebe6d69d576e0e2c8e97d25d325d520d5ab97a3f6a5ffdd101f335519a13a84114d2dde47071ab285de3cd02054d6442abed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a039041af76b6c136ba3abd819ed67a

SHA1
1a4925bd3db6fff4868779ba179ee490c057e6c1

SHA256
174480a45ff978381ad553f29f5815e438336b0df3efdf1c3a32eaf802084cda

SHA512
a5234a110867a3ff9f688424851e6169322f86da8823117fad66181f903efc0a33f4585bfb48c06afbba87ebb1ffeef1574b5fd86313b86679a59c2b5b1c987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce0bc9de395422be6df8173ca955ad6f

SHA1
cf424fd58fc6fae154ee1161dc3f224c2b987d53

SHA256
f7c822f8bd092dff78f53189fb37621596f428a3cbbb971df46956806ad6dd41

SHA512
634398af057271cc68ef4950932a3242031d4fd72329e3cc17fd5526390945445c5920a531dacb2db688106d6408f8d01236f2259c7289d1ac189a82744ab3cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94364f5a4d840f9aadea150a1c525f39

SHA1
3661e594cac632c45d2000d31918e82cb38fac22

SHA256
623f906e7aa7793a287dac8f5543568d67b4cc2aa34c17d3e055b8b2b899f66c

SHA512
f5563d13b23bc79e49e55da6e57c79e355e30fef52d31daf2e960fc21b22ec2ea5c3665904ed8d8e83f3e66a957e0bb0f5fa75b48bcec72bdceb6c244f113592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a8622e1db6166e1a75663aaa391cb2f

SHA1
86fabc7fea8d647fa00e012f57bf14a391450fa6

SHA256
54a9733f1ea47e669f2d5dfe0386f61f8551cb7562d09a6a95b2caa21ceefcd1

SHA512
c3b147463fb87c821831407f2aa9756fbde887cd781d220298c21b67197c8f355cfe2c2ff260e29fcb6955dabd8d784ec5021aa98b866f35c624810bd1af7111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
606310e0cc9d6c4a47282fd24e2db985

SHA1
db3f9a16a56f3ce648f81d3c7b07c21c5390b317

SHA256
484460b6a36b1e062af25acc7f1879f3fce601b46048b7b30bd5597af1be15b5

SHA512
f5e6c0ae6f740dc6fdabe712861b28e90bae870c6704d66702169b3ff09daa82f79750720c7d8f8010fa3223443e7ca2dd737a6af3cdb8043ee5991c9d59181a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
61595cd6e9906dc977ead1699178ade6

SHA1
0772c57a6bb47d12a04db45243f82df93b327b03

SHA256
69861b27cb3e42cddf5132ee7e06162eb8fae1dffe4c0f90b34fd3bd90229c13

SHA512
3990a3f1361524f65f00445be7011747c3b7bf9341051077cf0e5be872f96a78d74f59b479cf6e41a8be841111f6f7872e3bfc12360de2e22e90ceb733c4a7c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
df5140041a82f88eccdb648fb8fe33c0

SHA1
3db62817b41fd21e49884c86304c15b0e667ebc8

SHA256
6fa9b6bd2a214298ccc1e271ed256684581eb1fe05a8dc379558ef1d67009a7b

SHA512
d6a486db92ff5dc05e1ba764ab21d2a0159aff45eafff4cda47c59658fdd91cc894b99cd1ffe997e287cf6bdbedb7e9cd9e4e5f057f61739fef33262c8691f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1ec18491abc6292c9a2ec87211adcaf5

SHA1
f36e2f917a9601add70838bc58bb5940e81e00e2

SHA256
c1b6fd9c78b5aa25bfba9fc4ee9565735c96eaa13bd1c681ca77107718b47afc

SHA512
50379a1568316098412e19aebdd56fe01b05aa8e0d0fe16559f859f402f762ba368f5795bfea1d7875b04e301c4de5298f222d20ff6408845039a36eda24a99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1f8198ff32949c9489d521246060755c

SHA1
4dc01214ceb814f7df4ba9a06376f676713bb81a

SHA256
51f076650b600152a46556f5c91ce2f127509d8c624483a1ae9936235413b988

SHA512
39a7c1911d61c9800da3651d3a1154743209d5fed51bb81c7e7c216230d86f7b78e25cbaa6025b87d1a8c83e2b025545c16cdf804dcc41e8565aa6c5396aea37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
78c7693e603f5368cfd32b4901d523bf

SHA1
a03e099d26c9194b68148f0ce94259f57541f305

SHA256
612ef064651f2bffec46fac735f80710e052d274c2da6f076ebf52f8d4ce5452

SHA512
f661c7ee167b242d754ad3a8618d2dbe638a0334c0c2ce21758fa5fcfec7a15695fb73a66ad3c8403812cd57c36bf339903aaf621a35d0afa8333c12ce1b94c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b4b2d3754151e7ccff2ecd3a02c4c1af

SHA1
592eadb16a1f73f7eda19c7a8e364face1396ab2

SHA256
8cbdbac6f18c99a86fc7197b6ba77a71ec8dde04a8a6048d2514a70b2bcd57b3

SHA512
f4988ebee6d5c914c0498da9549f0043f01bb48efb90e7500c54c87c3dbb5720d4b38459967519f178f0a0de41f21a34c22423923ec51407a657767c36bfaf6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eadd.TMP

Filesize
367B

MD5
3f389d9c22cbbf06fcf240716b589818

SHA1
ccfb6545533f75091c802d559310e1a967c6355d

SHA256
a8997ac6984885d3da16f4fddedc450b69b0064540515d189d6a343639836f23

SHA512
f66e12cb42976ef73dddecac4fd8f9d135c691e352dc72bb1d7563af64322f7f15c951fecb6ed5a6a8350146b5864208c0372de2e0685b125fc33b101ad2457e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eb8cec8ee6cb8ba3cac33e5c20c76544

SHA1
4e956442aa4e4f61389ee84a46bcecd234438d65

SHA256
e0d3d5dac9ac1e90341d0966e5a1fdc89e3eb07197e50ebde61f1a43af0c2a51

SHA512
1a3ebf2ffd957bff81e48cef394fb015e35b97e0bfb5a23711c7d6e2af41279edcda62afe5384c9243f689e2d4e0a40aa87d18479d2837343b4dc408b50d27e2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 648255.crdownload

Filesize
4.2MB

MD5
9a182736c6a05b278077050ace955273

SHA1
4c5960766d6b04f1033735b35425f3060ba701a0

SHA256
34034409368d666e4ba88d94269d084bcbc4c7ecda5c55529fd134419b1c2437

SHA512
82b99c47f19c675848d9f226c1ad571eb147b5a0bb1f4de530d06b26d2fff584b1a4a8a00c1aef8710f32fa55b1ffb5c6102857f388538a79338d503c97319a3

Download Submit