bfa6f5515c8de6aefb9fe2b859f5ee8d7c2d98bd16f68a86e14c21be9938b50a

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2023, 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfa6f5515c8de6aefb9fe2b859f5ee8d7c2d98bd16f68a86e14c21be9938b50a.exe
Size

790KB
MD5

a2c2810cb9b11fa6f8d2588702b74b83
SHA1

686ca10ff79d6fd8737dd2ce76cb39b8e3114c4f
SHA256

bfa6f5515c8de6aefb9fe2b859f5ee8d7c2d98bd16f68a86e14c21be9938b50a
SHA512

e58270d65dcdb688f8085f63a516c3e77c3a45761c3ae9aec325b0c4de7b513076d7d96a0b4c3a888e810d914e9b03ced885721f06b421c9ab5e68e407f1e4b4
SSDEEP

12288:6tvs2ttd1PuZUiMqylDxljISy1G41To6lG4/ehhWXot:6tvs2ttd1WSiDyxxJTy44Zo6lG4Wh6ot

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (923) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f3acd5d5-0567-4f6c-9e4e-c3eb8b695aba.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230307201301.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2384	msedge.exe
2384	msedge.exe
2508	msedge.exe
2508	msedge.exe
2952	identity_helper.exe
2952	identity_helper.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1996	bfa6f5515c8de6aefb9fe2b859f5ee8d7c2d98bd16f68a86e14c21be9938b50a.exe
1996	bfa6f5515c8de6aefb9fe2b859f5ee8d7c2d98bd16f68a86e14c21be9938b50a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2508	1996	bfa6f5515c8de6aefb9fe2b859f5ee8d7c2d98bd16f68a86e14c21be9938b50a.exe	84
PID 1996 wrote to memory of 2508	1996	bfa6f5515c8de6aefb9fe2b859f5ee8d7c2d98bd16f68a86e14c21be9938b50a.exe	84
PID 2508 wrote to memory of 4988	2508	msedge.exe	85
PID 2508 wrote to memory of 4988	2508	msedge.exe	85
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2304	2508	msedge.exe	86
PID 2508 wrote to memory of 2384	2508	msedge.exe	87
PID 2508 wrote to memory of 2384	2508	msedge.exe	87
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88
PID 2508 wrote to memory of 4700	2508	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\bfa6f5515c8de6aefb9fe2b859f5ee8d7c2d98bd16f68a86e14c21be9938b50a.exe
"C:\Users\Admin\AppData\Local\Temp\bfa6f5515c8de6aefb9fe2b859f5ee8d7c2d98bd16f68a86e14c21be9938b50a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oneptp.com/ax/?uid=507801&ad=10
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x80,0x104,0x7fff251e46f8,0x7fff251e4708,0x7fff251e4718
    3⤵
    PID:4988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
    3⤵
    PID:2304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
    3⤵
    PID:4700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
    3⤵
    PID:1832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
    3⤵
    PID:4176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
    3⤵
    PID:2192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
    3⤵
    PID:3232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
    3⤵
    PID:3044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
    3⤵
    PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
    3⤵
    PID:1944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
    3⤵
    PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
    3⤵
    PID:4316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
    3⤵
    PID:4448
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 /prefetch:8
    3⤵
    PID:1768
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:4344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6fcfe5460,0x7ff6fcfe5470,0x7ff6fcfe5480
      4⤵
      PID:556
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,13963432861350166400,11563458648237552271,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4220 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
61KB

MD5
7a7b9c4a8624adbb3645ef99ba374353

SHA1
2bd2d23ddd06ab143ffaa54f29fbfc45bc18982f

SHA256
ff913aed84077f232791314df22f4d3eb0ab4b08a3a6b2276405ede624a26404

SHA512
b6a9496466b7b9f6af46886c1b5b0c888b071039765ed25e9837d858fcc110f13136c1a3a53a1b69ec30dcea28bacebcdd2c232cb72148afd290d8a7e908bb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
938216b21d5d9cee0682b8dd9895b26d

SHA1
a6999c86b7745730308177af2f9aa059b4402f6c

SHA256
444bc39656cd0417cafb875fccf638c87495478ad9f18dd651c751742ea4e4dc

SHA512
1f17782c2690bd7dc40a1947f25eaba48179d9c59edb755013eeb5ee31a5c05bd0496a76c226b5250aa1ac192fb58e9a69435cc7f4db0cf6da321028524852cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
9d0b83b0e15248e84ae80f27fe586e2f

SHA1
afb287e2aa405813d4d7ff28786b301913f8bba4

SHA256
89cd5a4adb514a0acfec3abc1c61e4d3b5ebc838086d9d658ea5febd6f321968

SHA512
7fc25957e450f31bfc54f8fd8ccfbd0ce9c34d93700c477fb7ff6e13a3595f494e5bcebd4996d0af9a6e5ede406cb01345079440814c50f64a99400e012c97fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
207d8a7e99ef63057dfe107cb5aaf86a

SHA1
d062ce9efd7a689582aff7a417dde5909f1d78b0

SHA256
c6bfeacb35f873dbc3e424e622c8797af30eca0786f50dfbaede8bd00ce10163

SHA512
62b41061d135e7a492b9c0de1494711642ffc8ac68ae7444082cec17145eab4ae1de039b3da320c2e29189d547ace44eb72dffcc86d1e47d12101a7e16ff8738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2ea84c2699103ca7ca10130541b188ca

SHA1
2ede139292dda61895a87c4bec4c32200b4d744b

SHA256
73d23e21106204181870c61100f4acd71c419f5ee873c4a73edf9785ab1b434c

SHA512
537132ca9ee2adc2a9e2d82c3522b17c64bf7d17844d84939dc167ecdb771593c8538e5983a675057f0510f74661e19ee988bfb53888c791190576cdfc6d01f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
e405d860c52f30455bc374b8872ee7f4

SHA1
d9d42d12cafe1183c51aa2cd3f45f51277f7dce6

SHA256
104b07d66068cdf19c46666aeed2f93b4031127e299decac646b90a7ea9ada66

SHA512
546d80e0172f3a514f8e2dd0a1b7ced7279492e0ddb98c9a914c97cb83f9235d7b2194111352e78ee97695d068c2991df354ea3b80e48b36db0ba56b694be2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
de6f2233cb8701eed309dd03d8d0e84d

SHA1
3e6ada7ef0b4a6368ddce31fe150ce1e2ea92088

SHA256
e27418f1fbef4125247732d2912b96e679cec1bc345a60ce86b54302d43e020e

SHA512
3c9afa5c70133c73bd40f0bb6087dc189cee35b6b983ed262a6fe7e06a23db4e4c6cbb3ae7569d1c9e97cd70c7030c5edfd91630ada03819baaf8edd6a05ba7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b90455a9bf108ad9141c4e4ce81aee63

SHA1
71ec7d5756c8f906f3e9ea93bd415c051938aa09

SHA256
518612cf55dd11c53648a7e7208b5afdc181413d675f03ab8f9e6cc5bc5ae4e4

SHA512
9542039b17db951afdcbe353cc5516d9a353e8edab92a78c2be2b8de4bd591ad9ae02d0e520ac3d87fea8502d477018176f871bc22f37d1496ca3c707d13d88c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5f8b9e76e557c665c5cd1bd25290a33

SHA1
1b6aff6e847a59b78309f2cd45e73f660e9862a9

SHA256
de73f8b856543a9eefb47378fa4b8a831a060f4abbaf0cb7202b93b85e356b8f

SHA512
f5808a218ec02e2ce9b0d735ef2b4d332c61921d91b47bef19fa919b5e0b30120f855355add36378dea88a11b39c305ec21da13a2c0ca7c9cda0238303018902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
88c114a5964fed291f3e1ac40ba99683

SHA1
ea0f95f0eba181987663ed5b6e44b0122c7f8c66

SHA256
09a5daa5e3c9538ba023bccca324f7f3f6999bc129156fc3a308c494f8cf5b96

SHA512
1aa5c78720072102d382b1eeae9c68af77fd135f155f3975c5c7790efd642fc390c5fba093b249ecb689aaae1ae75182920d1222c9b7cbe2d4b8f2b64bd9fe2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe575728.TMP

Filesize
540B

MD5
6198662ce3fa77bb77c795c120982a28

SHA1
9b11171c22ecfaa6638bc74e02db4e89ff56611a

SHA256
764d6291ae4a866177fa98e470d592dea3547b38d9d78da7711a3be8a3534ad3

SHA512
13a595a16d007ef848e414918e10cbb174adae3f29a1c556acdb695c8f105c1fb9d9e0aa2a740ea789284c91721ccf0e7bc86266cb35c7fc904c276379ccea70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
eea6df9031b9c2b586b6366ced377d12

SHA1
09f6b5afff33f003b33f1b9d2d18b98db93d8fff

SHA256
a96ab5273c603ad914346f65bbf3618b2b306f4c2fc0344c4635fe8a98bf2ef6

SHA512
97afc1b33891eb8ba1d77a0d436457e1b618405ef3ad4ca9eac907908a1212975a82e83aa5d87b483b307d983db18c1825f849710790de1645c26f50a8f85801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85f98f5f86a07bebffeb520002c86864

SHA1
78785199d73448a4b727ff315baa0354926ae87b

SHA256
9d4bdd3f7948c15afd99a9917f897aabc13f0316aec758bdd1844d618b87759a

SHA512
2d1db0ac8ff29acd16198ad087560c9dcb0baf1d2e8370f8a14395a3a735205f69e25004fecce5b76181f6fd81c69c4b7b4031c6afdaa3caf95d1c0af9274a74

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
5ba59cfb544dabdc62991161d3d95ef3

SHA1
d1d5ea8db04547a9653fbf100ecf2a29fa8f79d2

SHA256
6afb888da349acc52cccaeae628fa492acb364a6d3d73b7ac3ac561ddf7d8b45

SHA512
de69d9ed9b2cdf734feab996156f62ba17534867cfa3857629a28b68be917cdccfbd57aaa43bbdf7609a4d2d6e4b418d7996554465f423ce8e07e8f6eb207e0a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
d4b0dd777ffd3f15d15d697c2caf3a04

SHA1
8799c1bb07271b561e6a101f59f2512180fce4f7

SHA256
0cc8a9e7d25d8366849ca54949cd9f385b4aa1b27e1fbf34476058de312104f1

SHA512
af52bbed5052e5e7e4aa55e7068f6e3fea2415cc427020da4d8a5a1ea89efebfd4053c13b4537cb435d382ed77468c5ba28a5a1ca5b8c688a20ae8f910451a3e

Download Submit
memory/4700-165-0x00007FFF41870000-0x00007FFF41871000-memory.dmp

Filesize
4KB

Download