40e2ce2f1f3e8537292a28ceba4fb98cde503aae65242ed2688a713c6fc2029d

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2023, 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40e2ce2f1f3e8537292a28ceba4fb98cde503aae65242ed2688a713c6fc2029d.exe
Size

790KB
MD5

fb358658b35ff684b2ead6afb515a4ba
SHA1

d82523fb1c0eb3e604d722374499e6917f2f2f51
SHA256

40e2ce2f1f3e8537292a28ceba4fb98cde503aae65242ed2688a713c6fc2029d
SHA512

0db66ae110c7f21f2b5306f55db5dc4f0cdd32a9ed621cabdc5be2edd02d94a93026876741c2762fdbe47fa8e71bec14a3a239ef235d5109637dd24b51af795b
SSDEEP

24576:KAl8wPlxqIyLzoaAkCO54kco8lG4/GJH3:KAl8wPlxTy3oU54/lG4/8X

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (783) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\b665c23d-068a-443d-8621-43052c8b07f6.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230307112906.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
3140	msedge.exe
3140	msedge.exe
5344	identity_helper.exe
5344	identity_helper.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1456	40e2ce2f1f3e8537292a28ceba4fb98cde503aae65242ed2688a713c6fc2029d.exe
1456	40e2ce2f1f3e8537292a28ceba4fb98cde503aae65242ed2688a713c6fc2029d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 3140	1456	40e2ce2f1f3e8537292a28ceba4fb98cde503aae65242ed2688a713c6fc2029d.exe	86
PID 1456 wrote to memory of 3140	1456	40e2ce2f1f3e8537292a28ceba4fb98cde503aae65242ed2688a713c6fc2029d.exe	86
PID 3140 wrote to memory of 1108	3140	msedge.exe	87
PID 3140 wrote to memory of 1108	3140	msedge.exe	87
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 388	3140	msedge.exe	90
PID 3140 wrote to memory of 1784	3140	msedge.exe	91
PID 3140 wrote to memory of 1784	3140	msedge.exe	91
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92
PID 3140 wrote to memory of 1460	3140	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\40e2ce2f1f3e8537292a28ceba4fb98cde503aae65242ed2688a713c6fc2029d.exe
"C:\Users\Admin\AppData\Local\Temp\40e2ce2f1f3e8537292a28ceba4fb98cde503aae65242ed2688a713c6fc2029d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oneptp.com/ax/?uid=507801&ad=1
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8d59546f8,0x7ff8d5954708,0x7ff8d5954718
    3⤵
    PID:1108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
    3⤵
    PID:1460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
    3⤵
    PID:3800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
    3⤵
    PID:756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
    3⤵
    PID:4084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
    3⤵
    PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
    3⤵
    PID:3372
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:2644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x200,0x224,0x228,0x118,0x22c,0x7ff7975b5460,0x7ff7975b5470,0x7ff7975b5480
      4⤵
      PID:3068
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
    3⤵
    PID:5356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
    3⤵
    PID:5388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15385299294808060803,1620814607568178490,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4148

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
437375fc0c902eca9a1175eb92d208da

SHA1
5824a600a94b374abfd363d40369776f0c0234f3

SHA256
66652379e651ee87981b150d3c502c24de84e66f592ed3af0fa155c856711480

SHA512
8d2bd262435f23ab3d77320daa4a313304f7986c1c262e107a4c82f80913387e576b42a9a3b386cec6189aa113b7a7b7d73d271c57d1b9cfe94e8305e51bec6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
217f45f4ecad1de6c85785f6adbc5adc

SHA1
444707da00e48d12f422860c39577d96014cf6fb

SHA256
d1d6f026ed63204d21aff73600cb8531ce1e9418561c02f80fe6fab716e2b834

SHA512
6e4ab2f2d129580046090b8a2da0238159e72ca370d79d901a5a52077b805e6603800c6613f55e96aeed80802fb7125e3affcddc5e413571045ef390a19a47d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
85c0ea78d9d0f7ecd52fdec67ab8140c

SHA1
936e51bf6e039c9913234f39037973a3e9fa04c1

SHA256
edc4e061c83b9515efe427c14f2d5560425e98c23a88fc7761bdbdbc435dc104

SHA512
a53473c37c9f7353985c6784d35f594a69001efc92076618bd30ee315d0c8d6006ef395b7901ca42a45c0510c74444e7c59f16defa2c38e0415318065a78741f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
48c39b9d2594767e2f2d09006c9a1ad6

SHA1
6a2cd0e45d844aed58b509c9315c3413f190892b

SHA256
79d2083dd0237e8e847caf648612f201c054b073dfc4f0483a169de314725a3a

SHA512
7a23ec6c66ee9f61c0b17dfc26d21aff7da5ba6442366dc289b5ed8db2e0305f1888d4b7b3e5a08efe408b14df5817ac2f4186d75f5a838fc89b5b058939e498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
247c33b3c2aa6c01496181371bd76c71

SHA1
0d08578db59a1f63dd80504a09bebfd2d3eb7fbb

SHA256
4fc79909d9e8d5ca67fc18d211bbd3d48e9f34baf411b194d6e8f98d7e7031a3

SHA512
43c829d06b3c55bdeb7e46cd59f5aea6f3cc7b45547c94c0531dbf5f4947109c72069eb0a6d54461f76235baa6d2344a3b0e76f68bea2f9c6f3c7207d8c9fe91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59d6ffd0e742772b658b03ace562ef01

SHA1
2bea1b8231806736906ae39fd09b862273ccd8e1

SHA256
da89acbe756d61084721d4c4781b8ae43332846a59b167ef6d7ed32fd1982302

SHA512
e52d4d8572ce04c4a2e3ed165482884a130a4983d202fda128fcba0194c54307196a783ab9f2b85a5ef385f31f08ee450786209ca0274a6637b6c9a070ea2fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
6691e06e67494ba1be02cd5cff579215

SHA1
dbc7889bfe0c1772466ff0e58796d9660739579e

SHA256
9525d019810a09d8c658e40490b531911d2bc72875a7aff8006617e5f1ea5898

SHA512
12354ab46b42cdb48ed379969b3491f69b3243e81d0be294ec47ddf1cc774dfb8b96d1b0bc1ea4b80445a9af8a38bf56f34df0f2fd9dc2518226f9ab310e12a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57372d.TMP

Filesize
536B

MD5
a7de44a176837cf83b182750fa87fed3

SHA1
5f76d1b17f4aaa6f79a40ee8cc3c5ce2f9d0dfd7

SHA256
e1f85fe067502f3d9d22a5f47f6468a67e5c26387e1dc097bbf90fdad44cfbf5

SHA512
5a759b8e6fc35eaa3d77cbf4e636c3b4478758ab0d3671c7eedc3765412ac8d058c599a6bfe081977e37904971b01f6430a8a78f832db07a5950b74df51855ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b74c0384-fc9f-4e7e-8384-15e2af26a6dd.tmp

Filesize
1KB

MD5
cc2f6b7aa56c081b1371fc301eb18cc9

SHA1
4814d0b7da36baf162650a459633fb5748ceea40

SHA256
a9c927101cc933ab9ff32c989d37e6a0dca6e6d49bf5ef3ce15b71f87465de30

SHA512
ce54afc4e5bc14ab8f45ea8eed79f7e3759aad5a781203f0d106b47da1cf1fee66cef48fef0bf2efdae7bb78c5986d263c7cac04bc3d341ada324b747c1ea0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
6505535f9171aa15a13b131b6f44b84f

SHA1
952b133c4f8008919380fca4116110f8c4bd123f

SHA256
b446b9e64f4cd0f2ad587d8a7b8d92157e8d00cefaf9d3cd9bd07bf8f56d85d0

SHA512
ea1f402de2dd3097eb87725501cd7482a5a5002dd0211424e6e61fda6ffd82d91a5976009b6dd52be1a513b67b490318f50b849fb2404953f2f851898ea1a40c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
82db87e6855caf23ad8fd779b20f4246

SHA1
a509f86e5965e3d77d7407c05444f5fdf28b0739

SHA256
6d382e779bc0fe289c950c616e6a7953d60055a4fd3b1309f8defba5580d724d

SHA512
e83c9bd879fa4bb71cd96efa101a805928e9c097eeeda01b1a420a0708bc18bf0f78dacef74a66a16527a20627720c1b2d1204ddc236d338f1cbd0c6e093a669

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
e8213320dc0c196dcd99bbd84204aeef

SHA1
b8fb1609e2a2bce6dcb76b58cdb9707c83036db5

SHA256
87c398da03353ba63caa722e36afa204abb8910f1632d7b53ad9cbe2298fa7ed

SHA512
22501b3b424a96b4d271385bb53bde063f7b0417128c8670797a7566b9437a1731b6102780fb431619834f2cd752b242a847b32279ae96023bef6ac1f0523305

Download Submit
memory/388-162-0x00007FF8F39A0000-0x00007FF8F39A1000-memory.dmp

Filesize
4KB

Download