95cd6a43b1bb53ee6ba0340cde51b75dd67affb9ff27a4f4df80f164da4ff429

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2023 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95cd6a43b1bb53ee6ba0340cde51b75dd67affb9ff27a4f4df80f164da4ff429.exe
Size

790KB
MD5

97b013c041d43f3c255984663c84713f
SHA1

50712e00d13eb2c46e7445215bab712cc30aadc1
SHA256

95cd6a43b1bb53ee6ba0340cde51b75dd67affb9ff27a4f4df80f164da4ff429
SHA512

d4c5b0e8f0a1e0d3ace58c097f8a506561a9991fc004959007dba95adf376b01e1169260ac2f5ed6c6bfacceff9777e7b433d54c3d268bfbc743cc1df1433da5
SSDEEP

12288:6tvs2ttd1PuZUiMqylDxljISy1G41To6lG4/ehhWXoS:6tvs2ttd1WSiDyxxJTy44Zo6lG4Wh6oS

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (817) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f9d4d9f4-ed51-434f-8bbd-781577116915.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230307221130.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2404	msedge.exe
2404	msedge.exe
2700	msedge.exe
2700	msedge.exe
5132	identity_helper.exe
5132	identity_helper.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2100	95cd6a43b1bb53ee6ba0340cde51b75dd67affb9ff27a4f4df80f164da4ff429.exe
2100	95cd6a43b1bb53ee6ba0340cde51b75dd67affb9ff27a4f4df80f164da4ff429.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2700	2100	95cd6a43b1bb53ee6ba0340cde51b75dd67affb9ff27a4f4df80f164da4ff429.exe	87
PID 2100 wrote to memory of 2700	2100	95cd6a43b1bb53ee6ba0340cde51b75dd67affb9ff27a4f4df80f164da4ff429.exe	87
PID 2700 wrote to memory of 1188	2700	msedge.exe	88
PID 2700 wrote to memory of 1188	2700	msedge.exe	88
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 4060	2700	msedge.exe	89
PID 2700 wrote to memory of 2404	2700	msedge.exe	90
PID 2700 wrote to memory of 2404	2700	msedge.exe	90
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91
PID 2700 wrote to memory of 544	2700	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\95cd6a43b1bb53ee6ba0340cde51b75dd67affb9ff27a4f4df80f164da4ff429.exe
"C:\Users\Admin\AppData\Local\Temp\95cd6a43b1bb53ee6ba0340cde51b75dd67affb9ff27a4f4df80f164da4ff429.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oneptp.com/ax/?uid=507801&ad=16
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9a37246f8,0x7ff9a3724708,0x7ff9a3724718
    3⤵
    PID:1188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
    3⤵
    PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
    3⤵
    PID:544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
    3⤵
    PID:4684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
    3⤵
    PID:64
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
    3⤵
    PID:1480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
    3⤵
    PID:4848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
    3⤵
    PID:4300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
    3⤵
    PID:1624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
    3⤵
    PID:1508
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
    3⤵
    PID:4800
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:4368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff742375460,0x7ff742375470,0x7ff742375480
      4⤵
      PID:4392
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
    3⤵
    PID:5144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
    3⤵
    PID:5176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16041399209831749011,15475911651675684855,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7140 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
fb32754b8b5e1f33d3b6828de534ca17

SHA1
f39e001aa1b6d695205d63af78669d2a6043bbf9

SHA256
02198de23f69d7b0aab9dc19de385f45eb1ef66006ec77008e69aa4a4ee70e5b

SHA512
08f4b9ba2e0f61d9e63916e30f8212c1efd56fd171c69d02ec516a9b6a31abc37e8a7b3533dec383f3742cdc3466f7949727885edcc64c34cf4e41a481d3e865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
77f1a967a17f5bde2f6aa40828c36f00

SHA1
86685044d28d7034d0788f552b30271777535a08

SHA256
2733be9527859e44e1b3c6bb0b017ad912f3e6d1e1eca210d905a4f62a2c0824

SHA512
035368e19467f326adca5ca4dbc9ee3d292d7898f80b110799fc881371077ec7789a93a27bbba906930539942f399a4647ba544aba3a0717ca7e2ec8168250e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
746e59f62d65c05a12c2ecca2174f2d2

SHA1
b3a077c3fb887c859f59db86e89dc7f0d0a61730

SHA256
d6646c3260037b0e15f7d2f7b2e25297726ba45ba7e3e63205c8d530299c37eb

SHA512
fba3858f41a50173c037acac4bfbab5ec91ae5cee9a8e0f1dadded8808429d1db1ddaef7a4e746af97bedd4246dcd66399816596e9719c5a8d0b00c1bec444a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f85406222a03c2d28c1c2e482c8f7782

SHA1
80a5660757d61e85bc40178993ff00c01f7407fa

SHA256
e8dbddb32e3dc3d333c507049e6d509a957a12cdaa8fd9b4eb40f3e5d846cb35

SHA512
86f5ff3bafe277bd3fa6d959c18dd67c675ff8d1ff7955d85a568d3acee510a1591d4cf3c51c10a9f28d42f29bfce364e62bd132555be4bfe91f2abc0308b3a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
27f22db03eacc1d0f5c2ee86c72b9523

SHA1
ec9eb5ace3bb9214f637b3dedaea563474a7269b

SHA256
e4fb730efdd618afde415fe5a73fcb779a4dee5a5913440f5191ad0f734f88af

SHA512
754505271adfb9bed1e1e9086891f0caaabaa9f97d6b93e8f788a53bb1704ff859bbf7700472fa35714632fadcabdcb90b5d0788919de8881e44f943860dbfb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
526cc6a6ab0f5bd55511fc2961522e65

SHA1
a3a43780a232ecb3359503c13845cdd6d0284e1f

SHA256
760d53e20469ef5c73d17d36ff566bed3e101085c03e0a2f89ea2fe283439611

SHA512
c5f9b798025f02214511d8185a4b8c00bb0dccb1b67492b877394cf38bf97c7b7d8b5e7c5cb7bc4216faf2ad21ee8f47e634f47791f99184fe3f865d269c7c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
11b0806c1e47a4e07c1c1773c23da6d3

SHA1
79b4911bffb2565f4017e34688a0d75302f16d94

SHA256
23bf60ed9f2dcc0d79d451b063b02cbee0af6be8db0280ce772cf75594f7c9e2

SHA512
b0272f6098fb6f8d746d0311529c3f63317fe76a1a7a4e24c622e91a45858e6e91c2cd1aa53d2ec9bc0dba4d5923546c29beff0844209cb5d9ff15c58540ed40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
7630f717e224a1c0913308d08b5f7973

SHA1
523e13286c382f3bedfefb0493c18cc6750dd60f

SHA256
ce8010a69b7536a9dbe072c753e28858d3049195c8d5007f2509836e66a43001

SHA512
e100100d9318c94b4616b0bb708b5e28218be06e67204947a206d6418e05820a4db35e269d680ae177b1ecd17d2cbdcc96d96c0af018387968de3aeef15ba243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe573846.TMP

Filesize
540B

MD5
0ed30950b33c9cbf9ca4007a7fdf595c

SHA1
107e8f374a1501bba5f688a1d14255b35e4e8049

SHA256
c741f6fadae96df32babd21af520d4b8f1f75007ec42381cebce82c7bf5acf56

SHA512
586a7f2fc950225492fc0f7d2fcff64cb77a27f2f104091551581434afc42a033b4e12a5e378e4326e41f40b6f274b03680d4c6f61168fc8342483aa4fd5568c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
d0e537d5bf5d68990405428c41144dbf

SHA1
cb1e74e4dbe1f3768456c14ebc1780ee1d8acd34

SHA256
27c49c46ca369b0677c7cbcfda547ebffa7a5b51a978c1ad27ebc90a7386e9a7

SHA512
162954ef7f969f2bae25d0bc66a7d7dc5a62671eefbd4e045978f5b999b41c7d032af1f476572baf179fda029196e3fe9a21dd3e9dd657b0c8ebab64fa47bded

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
cc4270e984296dff113b64c78569a608

SHA1
fddc9dd741ebfde47b20faacf91d09aad68fe22f

SHA256
3d8dd739851de8a9433f11a1b4077d704064ccd2b668bb237afde698975eb31f

SHA512
660d3982e36d363fd70233605230ebe0adcaaed360104dbff51292e7c23d87b828338e46df566defd0e6b59133f0b3884ee82b9fc56c0e261e65c6bb3eaab9f8

Download Submit
memory/4060-164-0x00007FF9C0650000-0x00007FF9C0651000-memory.dmp

Filesize
4KB

Download