1178fe599056abf5efc411be45e59bdd4b62c4aa51215cc1d849016be4ed8379

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2023 08:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1178fe599056abf5efc411be45e59bdd4b62c4aa51215cc1d849016be4ed8379.exe
Size

790KB
MD5

b45ac156c51366b0e5ec74b503fef714
SHA1

b0f58a8e3ae19e3bf05b8b2371fe7e251b9ce297
SHA256

1178fe599056abf5efc411be45e59bdd4b62c4aa51215cc1d849016be4ed8379
SHA512

a81367f7f09de3360907c4bef73e3a584b8f83e622078229cd554df3a347a34c8d367e72017c7860af8c0aadf67e4b180162b09d080b6f74d3f16f0926ea58d5
SSDEEP

12288:AqzXbaUrzJRmKQiKyl+G7LdDy1GPWboTlG4Oe5IWLB+:AqzXbaUrzbvQZyoGXxy4P8oTlG4b5bL0

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (881) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230307093627.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\5f52ae36-ed51-41d9-b828-3beb5d241baf.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
3180	msedge.exe
3180	msedge.exe
5380	identity_helper.exe
5380	identity_helper.exe
5276	msedge.exe
5276	msedge.exe
5276	msedge.exe
5276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3088	1178fe599056abf5efc411be45e59bdd4b62c4aa51215cc1d849016be4ed8379.exe
3088	1178fe599056abf5efc411be45e59bdd4b62c4aa51215cc1d849016be4ed8379.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 3180	3088	1178fe599056abf5efc411be45e59bdd4b62c4aa51215cc1d849016be4ed8379.exe	86
PID 3088 wrote to memory of 3180	3088	1178fe599056abf5efc411be45e59bdd4b62c4aa51215cc1d849016be4ed8379.exe	86
PID 3180 wrote to memory of 1932	3180	msedge.exe	87
PID 3180 wrote to memory of 1932	3180	msedge.exe	87
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 3904	3180	msedge.exe	90
PID 3180 wrote to memory of 5004	3180	msedge.exe	91
PID 3180 wrote to memory of 5004	3180	msedge.exe	91
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92
PID 3180 wrote to memory of 872	3180	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\1178fe599056abf5efc411be45e59bdd4b62c4aa51215cc1d849016be4ed8379.exe
"C:\Users\Admin\AppData\Local\Temp\1178fe599056abf5efc411be45e59bdd4b62c4aa51215cc1d849016be4ed8379.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oneptp.com/ax/?uid=507801&ad=13
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa7cf046f8,0x7ffa7cf04708,0x7ffa7cf04718
    3⤵
    PID:1932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
    3⤵
    PID:3904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 /prefetch:8
    3⤵
    PID:872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
    3⤵
    PID:4984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
    3⤵
    PID:3052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
    3⤵
    PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
    3⤵
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
    3⤵
    PID:3244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
    3⤵
    PID:3408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
    3⤵
    PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
    3⤵
    PID:1244
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
    3⤵
    PID:3036
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1e8,0x22c,0x7ff736535460,0x7ff736535470,0x7ff736535480
      4⤵
      PID:5156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
    3⤵
    PID:5388
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
    3⤵
    PID:5428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6106684039441580889,2171814219371443239,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d6b8c6f8f6cac977f4b8323fa97fc382

SHA1
a73efeb5229dc639037cbe7f216b69e6b465bba4

SHA256
9e42d9a69913f497a716f6b8f213498c3e155f108c272cfeef7478f18f65ba33

SHA512
8f53b072e0208f17789ff224b71fcc8a9eafab09b989fa450a15b69f72e8cd06c0b7267bd04fbb4e70c2699e8e5e587a74596781684d9a266382397a57689753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
939fb2f9d77957de76746f0c89a5987b

SHA1
b9a8bd9ee46e9d5b9af9169703d5635473325a10

SHA256
cd49db3c39e4a52201d896d1e19588ad8093a66655b2d70944851ec432c79de3

SHA512
adab15e3522df34b53d378098d20548b8514811d53451a036eec24cd12f09780dc5cdeb771957f506dab1f05953b50a5113df4c08f2c2474a0985ed37c0859c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
ee06188953f824b2c1a6411f89141802

SHA1
3037d4e350edd3a4186bb27668348276fb01ebfc

SHA256
0b6b366c4e63a90dd67eda6162c6ba94b9f4d825845bcc4000ff08c503fd7b14

SHA512
ac38d2b7c0dac946f4f5ff516c66f6cd664011846f264d728f6e886d2644cc49cb11e7aa3004cb7737bf3b1dc252e57ffbef0b0e57b0e18d1d04b76d57bea076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
451c9e39e7244152fbe1585873ff8572

SHA1
cd35617bb076bbc5d3ddf828a8856f6f8fc5134a

SHA256
c70bf17c5a731f34dd78aa79b54d6f1ddf2817b11cdc4b69bf25e1238b1fae7b

SHA512
493c6d01c8a9fd8d7e19a7c66401ef4380d3edbd1b8e3bcef8be2c03f17b45114aef3203930243a953a52314d5e5b389d2117772157ba0e83c7859b03945b506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
982dcb6547c7cdca31b60ba760b4f872

SHA1
00037eedae6585088f12aebf01e0f8f877bea49e

SHA256
e39103c5258e0eb8e7caa3c60369c2791b741f620ca9c209ad854bebde70591c

SHA512
deae38e7fcc9d7abb6792c96c67aa7ef5cdfd61f48f6ab4fcbd3cd69ea81420cea64df7c55b0c0e9f20417f847782afb537773494401da7e3d4ebc67c829ed96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7de323221061ed6a1a6c1c10010d50b7

SHA1
f3d66f87408b02f7db72d108214f86fdeb31fe50

SHA256
c6d9265dd0b4903155c13c8ff471b0e0d926fe710c7d51ba6e7b9d3ecd7c51c6

SHA512
197e5e084ea30957eda0b1d8830583a2dd0cb534628989207c9a5d65590ce436818a6f34d46d165f2a190e98d62abec1846528292075248009d4127edbe263c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d908a31588e7eb771d81dce7c5555eec

SHA1
2959ab8ccf4cd9e7233e96cdc57ada121365db11

SHA256
5c23c5c3d7591ea430e7be2658592231494ef365c493e62204481838d8e75701

SHA512
c94bf8579ec2aeb0e47df920f787cc31780d576dfb7d9826cc8a83f299835672a6f6ff01417aa2ddb16f232d3f9466eac2aa9c98ad9e772ba220a3492dc6541c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
9ec532614ec8913c937064e8000eb9f4

SHA1
2aa892b92075a4a0b9adae586e55d15d9e05ce62

SHA256
2fc7f06296710783b79ef09485e33b7322f932e570640a8bb3b5f398d43c0324

SHA512
d4f01ce857648ad9db85a075de95e8efdcfe15332c4c78d47941d0e410d6ad2cc5038a876e26e90a976120b1e82221bae43a6a26d7d8d434abf5512bdfd607b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56daf3.TMP

Filesize
536B

MD5
9fdf708aa292dc04da3fe065faff64a5

SHA1
a068e0cc0ab3c3303b5e4529189d1bfb00e0ea7a

SHA256
ff450947f49faf07ed46c878187359d5fe0e24a5dcb2e072c976c3701f547b1b

SHA512
305f8906d3144fabbd9843eb6f0fc51c013284c11a72d5645e00103ec868ad7241b5d86de8c8ae7062a1ae487246fcdfc4659b5e569f06bec0cf794aca026c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
ef129b002066dfaa1ca68f653b574af2

SHA1
29f24c936a2d5be8fbd23c8d765e842912cab240

SHA256
04ea84acb58e0d4fad15fba6a8e7f066e3ca0563a8cf29925666a3b1661959ea

SHA512
8b6ba3cd3c5e053be0f208af09a361a40d1e69062cd523d94f437fb08fde75a019d524fc1a196786e950eb4525f85cd8ee0a2a410e1142192640d78d69b8443f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f3a34685275a131a7b008d3c33c86b67

SHA1
73fa5a5a3a89214222eff7b760820c2cc8985977

SHA256
32a8d9e81ad757877c6fba99a515acc61dc7dbbd8f394c78c3abea082c70e91e

SHA512
1319dde0d72f6f66ad79eecf810f160c01cdde767174d87e5bce40beb3335a3f945c94c34b589273410dac69e3c6e964cbff01bb5b79d2c6488d6ffb2c6f6b47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
94162363392d88a38d606bbfd9e59929

SHA1
afcbc5c5493b00493a9324b2c738babe79e4f458

SHA256
8b946e0ea2a356340b9a69504063d561f2b82bfb5c8d45363a1e75221cd907cb

SHA512
4bc72f8d93f93c7ead4f7d2c988005ba7a46889b703a4839a0211c091456f6118cbbdce78739acf549f8c3d9e216e85e47f089af760a544429c428204c847476

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
e649ee1bc342bd570cdec9bc3425feae

SHA1
406d68b5696e0ea23b488cece33e2f2247ea5de8

SHA256
ce46ca033bb4dc3f70943be5d01726f9bceb875517a75c5f16f76e7300503f39

SHA512
2a1344be2fbce69524406bf78e18473b0103770796500a3cfd389b96a9e12f85fd03a98bcff5209f4d1f9917d54d80c4374e24172e74fae92fd88a816c839a3c

Download Submit
memory/3904-159-0x00007FFA9A080000-0x00007FFA9A081000-memory.dmp

Filesize
4KB

Download