4d089982326cd888404513da15d94dcb1fa9595dfc3566815f04207817696431

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2023, 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d089982326cd888404513da15d94dcb1fa9595dfc3566815f04207817696431.exe
Size

790KB
MD5

cd6492db555257f63b5c8f3149fe60c0
SHA1

22613a5ef6128624f3fbfc97ac101b2f021b0d8f
SHA256

4d089982326cd888404513da15d94dcb1fa9595dfc3566815f04207817696431
SHA512

4c039a72a40ac065f92a2a573e24a67a984ad33af4a40ac8dfc927224339817009000bc3339a8dbbf492ea8a037bb0dea78b657e8fbd51b5c36ea5df557b2897
SSDEEP

12288:6tvs2ttd1PuZUiMqylDxljISy1G41To6lG4/ehhWXoG:6tvs2ttd1WSiDyxxJTy44Zo6lG4Wh6oG

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (915) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230307201546.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\729afe0c-05be-463c-a292-94b7ac72229a.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1080	msedge.exe
1080	msedge.exe
5068	msedge.exe
5068	msedge.exe
4396	identity_helper.exe
4396	identity_helper.exe
6088	msedge.exe
6088	msedge.exe
6088	msedge.exe
6088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1496	4d089982326cd888404513da15d94dcb1fa9595dfc3566815f04207817696431.exe
1496	4d089982326cd888404513da15d94dcb1fa9595dfc3566815f04207817696431.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 5068	1496	4d089982326cd888404513da15d94dcb1fa9595dfc3566815f04207817696431.exe	86
PID 1496 wrote to memory of 5068	1496	4d089982326cd888404513da15d94dcb1fa9595dfc3566815f04207817696431.exe	86
PID 5068 wrote to memory of 4540	5068	msedge.exe	87
PID 5068 wrote to memory of 4540	5068	msedge.exe	87
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 4068	5068	msedge.exe	88
PID 5068 wrote to memory of 1080	5068	msedge.exe	89
PID 5068 wrote to memory of 1080	5068	msedge.exe	89
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90
PID 5068 wrote to memory of 4208	5068	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\4d089982326cd888404513da15d94dcb1fa9595dfc3566815f04207817696431.exe
"C:\Users\Admin\AppData\Local\Temp\4d089982326cd888404513da15d94dcb1fa9595dfc3566815f04207817696431.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oneptp.com/ax/?uid=507801&ad=5
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffc4edc46f8,0x7ffc4edc4708,0x7ffc4edc4718
    3⤵
    PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:4068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
    3⤵
    PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
    3⤵
    PID:4464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
    3⤵
    PID:1396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
    3⤵
    PID:2668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
    3⤵
    PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
    3⤵
    PID:2352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1
    3⤵
    PID:3396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
    3⤵
    PID:3040
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6876 /prefetch:8
    3⤵
    PID:3244
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:3644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0x7ff604ed5460,0x7ff604ed5470,0x7ff604ed5480
      4⤵
      PID:4000
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6876 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
    3⤵
    PID:112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
    3⤵
    PID:1276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8325797186268407137,15751251552092971062,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2656 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\86e50195-90f5-4bfc-aeb2-b0bc1703bad9.tmp

Filesize
5KB

MD5
b7ffeed029688165268801c83035893d

SHA1
e06867f84f4aaa3c3c2371690c2234bb4b07f55d

SHA256
a5440bccd7382bda66a61faa70932b750aea7ee63b76f0caac04b6df7acb03ba

SHA512
7d6819b5e2e3aa3ff6146e20ce33ecd3510876098e1c0783bc683d7afedf8eeddb3a2270485b0e3f6a8a2252a89c9405cbc6b7580ff0bdf19f097b1744e65ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
61KB

MD5
7a7b9c4a8624adbb3645ef99ba374353

SHA1
2bd2d23ddd06ab143ffaa54f29fbfc45bc18982f

SHA256
ff913aed84077f232791314df22f4d3eb0ab4b08a3a6b2276405ede624a26404

SHA512
b6a9496466b7b9f6af46886c1b5b0c888b071039765ed25e9837d858fcc110f13136c1a3a53a1b69ec30dcea28bacebcdd2c232cb72148afd290d8a7e908bb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
35342c0c521c4269fd94c81959da69a8

SHA1
0a6f4273356242cf07ec32789e811a8498a824c8

SHA256
423769cafe2586884870fbc8bf93b6559ea45c0ee8e8ca033d73214c803a2bc5

SHA512
8a2a57a98ad3bed9b62b824e93fc54e6d7b1bc18530ff4978ce91e740cf5217f46c4d0527a5fc8a8b12b03040ccf8e815230917ca825895be76be485c9a303e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe571443.TMP

Filesize
48B

MD5
d442269e87fa7c8ed367a54ce25b381d

SHA1
a1d40f78a95db4b71d27d700bf17b1a840a1488a

SHA256
f8ef582f4270a0853ee2cf4d9a2da65283352534b557e900333578b1088b106f

SHA512
0aba95038b7d0a0ad2a19444560cfc03c12a9df36d107a0cb77266e89d102440122d81f784ed6cc03b336073d336ff51bf2643fa30af9636a5091fec5e0a6b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
a5fe95089b6571a9f8c0da35922a02fd

SHA1
c677982ebbd03b68ea99f96071fbbe8bc22ac4cb

SHA256
d72241f0bf69130a4015b85b3330e9349adc96d0d43cb7e0e9a33198183a7661

SHA512
01707a139e81d1827529d71e9fa2a64cd51d7ed12ca4513daaa3a229a5f6deecac244377707c0cfe42d7210a7a379ecef2a3aecdc86897e045bd9c4ac468d382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3bd71eaa7cd7c4622a3ae9b523d783ec

SHA1
45969312a88da38714472d9214a8a0b92e6f703d

SHA256
92b7ee05555240e77a4bfeb3a5056c72a8f657428872a98d621e970341725144

SHA512
8f063c739625a1b7276bcf83c7876be6d1d0a8077463621e57704e3d6644523cb60ded10b9dae85025962bf1f8ec9f68e636fd3e53462b68c7fac4f6fcebcff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
a0b5eb7775d476a9d1db3ac1556eb805

SHA1
0fa13df07a3836e406e2c499f10643a8f1a44982

SHA256
a92085b1c973a0ef8e1e9ff14883b2380087545a2d5c3ecde9e1fbe31a2c2c98

SHA512
bbb1234533c0c0e06099e53e2cba81f7c8583897970eda620f6d78bdf9b156143baa53f5b661cf06a7615f2ba9281d0e03d2fbda9350a86095dc4c2830ac7447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56e2c3.TMP

Filesize
536B

MD5
f01e02647c9bdf1f024b0d625486c619

SHA1
af9994dadb3cc1c3e6d6d4c87a0b622b03bc5862

SHA256
9f6293cc66e985506d89e0dee202d4c4374729dc77d762ed563667b4d6063b47

SHA512
a32d2b9503b8591491a6f319ed00f29822f73143312bc57266bf2d68b826e0d4bd5ecd3c501863d66946dbff1548a59d71476f35c7fef948b1bfacd9fe0d4cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a3da843d-eb95-4f6d-817d-b21f2860067f.tmp

Filesize
1KB

MD5
43478f4d36a3ce8825f9d46cc97bcd60

SHA1
30b0412f5de8ac710c75b7e0871bfe59bc536475

SHA256
3756ded277d82e668784b0b8eadfb87746f5ad4633e8bb56d80fd2c92f0496a7

SHA512
c937da9420b2bff30cfa0bce528ae302e9fca33b7ba0e72f1f3d83c251f002b48062c0cb22ab48d354193ddd3c886063c49bc0fef2bdc40312e63161848efd87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b3d77627-c3b7-4cab-85b1-1318512b058e.tmp

Filesize
4KB

MD5
791a91af35e25ec4d92e6419df8ef9f4

SHA1
931c1c975c4cad18856aa5a87aa54accbc6330e2

SHA256
aebd13463a905b8011edfc3e38e15fdfef9edc9980acfcf4ad78e0db8c59a3f4

SHA512
df90609347a5ee0be2932e85ec0b7521c5aaa8e667200d4fd971955f2f87665d6f10ec5577fb9de0310e371d1788836de783c32c4e3afaa328e989fd9de3e0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
cafa9b73ad7a6697110e4be84dcb1ff3

SHA1
d98f7e93bc04ff1e6648a312348dbfc088ede9ee

SHA256
2d03a98aeb9f37522ee86589655528631516e19f0c5956ca06d254c35fd9fe55

SHA512
e7a61e13c5353d96c5e36780cf096536021c036140b2e7ecc4f8d0bc253f409348f6bdf0697aa7ab6bfba28c731ed1549c697ec7655cfa4003eea030671b22b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a97530ccf7fe98e32b68669e3d2f820

SHA1
491b14e5b66c4db9cd3105ef299d59e4413fdf80

SHA256
fd4e1e35845a38c500c2e190632d26bd47074101973b412116e1b84e331f70d1

SHA512
ce4e51194677bb6338a83a20c3d3d9fb00445f118ad6980eb73c214c5fcdc263f9ab3b7902e5806e60d42be68d6efbc40c0d9388e8748f90a2a5479858db6ed4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
07831f1c19789ee0cf92eba040998479

SHA1
b28a9dede232f323a10cf9af866cfeb3dbefcb9a

SHA256
348194882bbaa15cfbd111520469257d44a3281e2211656bacb504d974adafda

SHA512
fd4d6c8f1e60582e7a6a8093a0a23329caf50bd7c88f10814fdd43012e801b2c8f67bc3f24a4e13950369c57dedaec8d4efa3b0c723c160dd0049127ba38455e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
76af65daf62a2f23b83bdd500cfcebae

SHA1
f100534f4b56d1de2ea30cec319798de594a5cdd

SHA256
a2ccc1399422be5e36593225351477a948d3f215cae1281a7ec72fd590cf2d9a

SHA512
24d58e2ad0724fccdaeb3debee451682881e1331f85aa2196da78b3ec55a4eb28daf4f4f4e6b9c611d1da7b737420aa2b7f6244b9060af64f1a74d48b455cb27

Download Submit
memory/4068-156-0x00007FFC6D560000-0x00007FFC6D561000-memory.dmp

Filesize
4KB

Download