97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2023, 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da.exe
Size

790KB
MD5

83c89709ab484ce2fcebdbeb5fc841b7
SHA1

b10e23cf877bf499cb6684f05c8a022b512d813c
SHA256

97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da
SHA512

78a1d552ad01243ffbcc0ec41d84df7f9b69cb0286a8491204481ad2e9860ea21e271b0aaaa528389403d0b8f6599c810348939c6201ff4a329066cd318d99c7
SSDEEP

12288:6tvs2ttd1PuZUiMqylDxljISy1G41To6lG4/ehhWXo5:6tvs2ttd1WSiDyxxJTy44Zo6lG4Wh6o5

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (819) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\26b4b483-3802-45a5-b678-9ac38045a308.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230308003752.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
116	msedge.exe
116	msedge.exe
2916	identity_helper.exe
2916	identity_helper.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2248	97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da.exe
2248	97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 116	2248	97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da.exe	84
PID 2248 wrote to memory of 116	2248	97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da.exe	84
PID 116 wrote to memory of 4296	116	msedge.exe	85
PID 116 wrote to memory of 4296	116	msedge.exe	85
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 4412	116	msedge.exe	86
PID 116 wrote to memory of 2376	116	msedge.exe	87
PID 116 wrote to memory of 2376	116	msedge.exe	87
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88
PID 116 wrote to memory of 1060	116	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da.exe
"C:\Users\Admin\AppData\Local\Temp\97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oneptp.com/ax/?uid=507801&ad=14
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc4b5846f8,0x7ffc4b584708,0x7ffc4b584718
    3⤵
    PID:4296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
    3⤵
    PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:1060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
    3⤵
    PID:4820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
    3⤵
    PID:1432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
    3⤵
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
    3⤵
    PID:4780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
    3⤵
    PID:3680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
    3⤵
    PID:3660
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8
    3⤵
    PID:4980
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:3908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x240,0x244,0x248,0x23c,0x24c,0x7ff78ba95460,0x7ff78ba95470,0x7ff78ba95480
      4⤵
      PID:440
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
    3⤵
    PID:736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
    3⤵
    PID:4228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
    3⤵
    PID:5488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
    3⤵
    PID:5592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
    3⤵
    PID:5924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,16355478187745037304,9824853685559638924,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3556 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:672

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
61KB

MD5
7a7b9c4a8624adbb3645ef99ba374353

SHA1
2bd2d23ddd06ab143ffaa54f29fbfc45bc18982f

SHA256
ff913aed84077f232791314df22f4d3eb0ab4b08a3a6b2276405ede624a26404

SHA512
b6a9496466b7b9f6af46886c1b5b0c888b071039765ed25e9837d858fcc110f13136c1a3a53a1b69ec30dcea28bacebcdd2c232cb72148afd290d8a7e908bb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
e71dc0e495e5f9008849dff7689bac54

SHA1
9c8f3db2abde4ab01d11311597a0b4ed670c0e5e

SHA256
ec273f7a1c051b7a5c355cd2dde63c8b157cc80baba0fe75c8e8e7222ba75d65

SHA512
683a001f9e87cb5c7c215d9782bf46f3e1069fba0ad346a7755d69d2240559e079a69c86fff51dfe6e063a354d3d4bb15c64563d7432d02ee2aa1b57e4f57162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
eabe8a590d23ddf424b8b21270cd2e51

SHA1
b01634671ba228314e47765d0570b99002de53cb

SHA256
9f56567b9c8ab4e88a7fd63e6924943ad40040aecce80306cd339ab18023ddee

SHA512
965907cfe850004cbbacbe7eeb7f1cbb785823ccfb098defeb843df841e383a1d367ce14e05dd64eae24312a974ae345ff0fb6c1bf75550ab97a387199fee45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
9d2459e20edf88bdd9da88cd49d5fb6a

SHA1
7df44ef36c6cf19287dd81fed8084ae33025cd75

SHA256
1264c40658d03d9a832939c24a01af0fac461d2ac2ee5e27cafa873d72ac6075

SHA512
cc4d0da38d64f27d337885541668ecf1b160cf41da19f1ec9b1215b73d11a8e5342c01d45bf60ebed90d8a5d8022706c995f0b574ccc1ce07a02570a72bbb5d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8ab9350ef9415e283540ad04af6a6b74

SHA1
b117dfe658f618bf156a1dfb8f5cd30ed4f2c2b4

SHA256
64c4d10ca02d1b8fe64a9464fe65282b3c6ddfe1fa00e5a39ef60956955b96cf

SHA512
959b90eda896bfeb376b1348212893b30ffaf9e141e92bdd8dfd12e4ef9854b623bd922b051701184c6acb6dcdaf862b15e895b5226846d8fd2accafc1988a6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
c9859cca18a55e52f7d72ac1fcc3eaeb

SHA1
d96adc1bcf637b3dcc47ee7f6d44efde7fbfd7f4

SHA256
ac7697ac025062374261efaf341c28b9e7c0406ad1edd008ebbe03edee4b7987

SHA512
d03f9ac62a348f5b2274d1e9bd59f6e37c3913081cb06981f99f10287f40a0d0a87174c0cddefa5b9da33ef87239daa54542e4a56dd4bc2ecab343493bc34934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58a25816c1a91214815083f0bc2b54fe

SHA1
d84df9972e48a10761d98016d04ca44babd29c47

SHA256
60371d83e05e8ae19a90ab593ab0297b9614e510a8e2fbc150c4416f723f9b35

SHA512
bd51f36b5b44e3af234104253c9bd7a58293b2737262c03f160e20afa1f6a2077d72b21aa7f18fbf48eb5c741c2d8450b107609ddeb2839855475bfd71f5d0d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7eea96221add5f5f5289db4fbb9948d3

SHA1
887eec02cedf17e9616b5f050f753976f7b77f27

SHA256
82d5cea2552c6f813b7c4e075ffff85eec40669406822d9e378d6be6703736b1

SHA512
384bfa86eda710fc904a4e3f6eae14647814dd3a8667e4a9bbc7db80de1446d48d04ef7aec39a1578f99b664a89890f9f5f72ebb8a0d95e98256193ec9c959e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ccb82b434296d9b58147acbd7ae504e2

SHA1
3f2303d9c7cbddb56c8c0aa0042c65f38e05a11b

SHA256
40faea6a29498275103e89813b400c7000816a0be8d12a66b4a9781cb6d9069e

SHA512
bb49aeb00759b056ed358f03204689ddfc6cf1a6682c4190868f69a56230e5aa63f8a6059e45e38faf84d9c48120236a686fcb0a9b54740b14388b8643a1500a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
2663dcfe476f56fc080a42d466a825bf

SHA1
0fda66c9de52dc915502aeed377389bfe2a7f4ff

SHA256
e012ad4ea47dc5cf68b719a0943c654d442bb33843455642a66d191696d30612

SHA512
e9fbf13d6be9b2ee9e612f8b970e170810fe4862d03214430328bee2ee2ee8ec0471c40136adf63229d20f5fe48edef70429392f03bfd11e0e7de887d4a4a1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56fc37.TMP

Filesize
540B

MD5
9a93e93295dc35ece06e128aaf454442

SHA1
27fdcc01b3c19dbced49ff5d65633d52418fe7f2

SHA256
482cefc65d135e134c7b283d1cb2e380bca47f9fb7cc01a8d88902cb20c28d92

SHA512
e2d31bc4760f123d99e03e0e90112cc619a910162597485cfbf0427b27275184ae976a85d4166398732bca35d84b54fdb678789d9934c7d063bcc9855eeb44cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
41646cfd053c6b36ec7d6f8056641455

SHA1
6198e9a52d5a9954059831e0f8a67b3899aaf992

SHA256
b0e45505b607f27fbe9d1fa617ef022d7aee714505efb44fd9600fb7ac2d832b

SHA512
c8e75f1d3bf321f7b6599e1d824b4a98a7d67e1bb1ece796b16bed6c6817cef4d2f198226c0655a7f7c567e52d6d4f689d652da143f2003ec7e2a9839b4b32b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
98eecb38003bbd7f27f69fb57ebb946c

SHA1
1779781e96fceaead1c414f5296de3c8cdd88aae

SHA256
85e4e945fa5de65fd0798b30b447666970f4f16c3ff79b292b09f82a053a082d

SHA512
2a69005bc44678649cc799a461c462128bfd8d46ba36ddac02f568dfff701d759df635b5798807df8a726a3e2dfaeda9865e27ed10f2fbc60d72f865e704c688

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
dbcb30b7773191b6505cd0628eba0e79

SHA1
98f800c58cf24485359d8340a2b87566d7e193b1

SHA256
89b8c70f6d6c259804df76093529a3344849342a1a5fea9d3e9a2c60b008485d

SHA512
f47ff4abb223b15fe5af8ba869cbbf7490ce61b7b1d806ebdaa1928a9f7d3b3d4c34ae461c70b6a4a685000f0dfa4a9f1ae7e55ef44a51aa51cc4ca5c2bc43fe

Download Submit
memory/4412-150-0x00007FFC686E0000-0x00007FFC686E1000-memory.dmp

Filesize
4KB

Download