2726128c8c8162c0dfffc86880c30d39ff354ad02ad00ce120d613ee984e0b4d

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2023, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2726128c8c8162c0dfffc86880c30d39ff354ad02ad00ce120d613ee984e0b4d.exe
Size

790KB
MD5

1a160d8d04edcf1538dab04f3f39db02
SHA1

9d2644ef11071c846e571b2fac77edd47157842a
SHA256

2726128c8c8162c0dfffc86880c30d39ff354ad02ad00ce120d613ee984e0b4d
SHA512

398ef15db19f6a616a9e1018accdc256c9d975740225b0acf6a01f73721537345822fb370e67581c3e9b6f12dd31eef9346e288bf5f2dc63e26cd47b89eb4255
SSDEEP

12288:6tvs2ttd1PuZUiMqylDxljISy1G41To6lG4/ehhWXom:6tvs2ttd1WSiDyxxJTy44Zo6lG4Wh6om

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (877) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\abe29357-c009-43e1-b622-1d0ccad04053.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230307210506.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4108	msedge.exe
4108	msedge.exe
3248	msedge.exe
3248	msedge.exe
5024	identity_helper.exe
5024	identity_helper.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5100	2726128c8c8162c0dfffc86880c30d39ff354ad02ad00ce120d613ee984e0b4d.exe
5100	2726128c8c8162c0dfffc86880c30d39ff354ad02ad00ce120d613ee984e0b4d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 3248	5100	2726128c8c8162c0dfffc86880c30d39ff354ad02ad00ce120d613ee984e0b4d.exe	84
PID 5100 wrote to memory of 3248	5100	2726128c8c8162c0dfffc86880c30d39ff354ad02ad00ce120d613ee984e0b4d.exe	84
PID 3248 wrote to memory of 5092	3248	msedge.exe	85
PID 3248 wrote to memory of 5092	3248	msedge.exe	85
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 2448	3248	msedge.exe	86
PID 3248 wrote to memory of 4108	3248	msedge.exe	87
PID 3248 wrote to memory of 4108	3248	msedge.exe	87
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89
PID 3248 wrote to memory of 4828	3248	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\2726128c8c8162c0dfffc86880c30d39ff354ad02ad00ce120d613ee984e0b4d.exe
"C:\Users\Admin\AppData\Local\Temp\2726128c8c8162c0dfffc86880c30d39ff354ad02ad00ce120d613ee984e0b4d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oneptp.com/ax/?uid=507801&ad=16
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7fffc68646f8,0x7fffc6864708,0x7fffc6864718
    3⤵
    PID:5092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
    3⤵
    PID:2448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
    3⤵
    PID:4828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
    3⤵
    PID:4924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
    3⤵
    PID:2052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
    3⤵
    PID:2884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
    3⤵
    PID:1128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
    3⤵
    PID:4120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:3220
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8
    3⤵
    PID:1940
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:3236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff716695460,0x7ff716695470,0x7ff716695480
      4⤵
      PID:2716
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
    3⤵
    PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
    3⤵
    PID:3680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
    3⤵
    PID:5224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
    3⤵
    PID:5240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17407702035177989500,4412954367927577727,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4428

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
61KB

MD5
7a7b9c4a8624adbb3645ef99ba374353

SHA1
2bd2d23ddd06ab143ffaa54f29fbfc45bc18982f

SHA256
ff913aed84077f232791314df22f4d3eb0ab4b08a3a6b2276405ede624a26404

SHA512
b6a9496466b7b9f6af46886c1b5b0c888b071039765ed25e9837d858fcc110f13136c1a3a53a1b69ec30dcea28bacebcdd2c232cb72148afd290d8a7e908bb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
672B

MD5
9dd440d6fda4ceda7acefd016fb804e8

SHA1
1c044d2009780b81b3918c7e0b283dc21a942b67

SHA256
971d5ead5d658310f118c423d4d6848a91ea02e9861290f203c2603b4863cef7

SHA512
33f03eea41ff16eafcf1381b87735ed97f60ae20ec548e047b38dc0f85e822d01afd611bbaae9f21b50f346505c3cc90c3dad4cf90b5bc40111b7fba4e04bd90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe572d2a.TMP

Filesize
48B

MD5
8ee779899fd1710090bb48f13c56d29a

SHA1
197bf71b4870c94b3e9a01cb1d7fccf105694e94

SHA256
eacee22a6d42fcf47d7fcf0cf507db0a408bebdd7b3b1cc3eeed628db85679bc

SHA512
be144113973851a0d2b5622ea15ccfdbd0bb8b954be6328de4012d41490c72cfae4c2428315634c44f49b0be8f1e3dc69ad8613e8ab737537ef9782226c6dfca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
6278469b9e93310eca2105481fb13392

SHA1
faac2a1fc80794c8b48813fea80908d273ab0ea7

SHA256
7ae811570b19c936ee149862c7e717094ced1337c7b0173e71c28fbe61fafdb1

SHA512
f971eff988d86347e993a79d69bfe7508f3214fa6b6381bf519b3754bc63585c6f638d42a5a604cd6f06db6bea285aac43a74e1fe5195018cac8b2bf93ddb0aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
39a2ecafc29340b614953af1da2a3999

SHA1
791bfb3e0b904dc0f05a6678c43a1011b0ed6593

SHA256
c6f8fc4f91b43c220e0c1fc7a3141509263fd45d9b4b0be501cb2dd9a3d8f2c1

SHA512
30945c01217b01f630097d387c2860065bc22cd4e7de7cfde6084c9e98df6f5eca77d1622e1bfe870333bf86c36ed9a0d301a2a9adb7b7679cd699d4204defba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
97c86983ef602ed98e09519db89ec392

SHA1
61ba87521ae9640f1086a1dff94b7c3e9e1989fc

SHA256
149a785188a4c58fb2902c74e4ef309a8a381e1afc20018b9a9ee6d304e6213c

SHA512
f475c537fa999686fcb155a3208e2a11f4d5833e011d2a557d02974f171aee861be1e49911a7d3b47b3b992d0362a9eb43c4b561e88d2afc6f46a7e0658b64f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
edf52d4d7e63f9dec5294b4af7b30a3a

SHA1
db1cce598d18e9aee2f12efa776f52d8f93067c3

SHA256
4edf30e144e0e068fb5d04fa252fbb58ede56d2ce15bd8b95e2b8a7af54223f6

SHA512
2de889d1094509e861a8de7dcf196ef449748f37ac0f007770c71252171bbf4b9bbc7ac28ac6e9faeb124e0dfdb6a1b3c18bda02289b634ed20ad77119cd2698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
552fca56077f727d1e361b890fd4eb29

SHA1
695747bd2e5766ea7825d72f2b462f868dce2217

SHA256
8814f929ca759e0ab392cde4266c09c578c1fb5714c6fa496e54a2450af14cd6

SHA512
349e02bb8a2e01aacc1f345adba3d27db5320005b9f707559098c3cc7030acd60a097a878d21652c8aca029f7f20c663a1d2a7c6e9db0655190e0def45d04276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
00c5e154c808b7a1f8c6d4b1389cb3cd

SHA1
f778e8e02d4ccfc5d2f065c215828e8363d8be23

SHA256
01a844ef80cd52192a6c1ab0faa480259b80945bd3e14b591d1b8af299666dd4

SHA512
ed29adcaca4fd6b55e0e76e503e7b16a1e312bfdc92fefe93a858ff1c1b8054992d2b4dcd93b6e737df120f9d72f16131275be62b0002c64592eb19012a8546a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
df449e56dd42e8e8577c8db8270265c6

SHA1
f4976ecef187ba2c0a3c6a215a10295b464166a1

SHA256
d0d6797ed8e459390e2e167b73523e405c0b1d308fac5e321b1d7dc385f48be8

SHA512
9a68cf05eddee86c0ab2f7f4f2e2f22ef170317501bd89721f4242fba811d8196f7c0e2f4283fbf4aa735dedbf846f7e6ece1f72c7df7281a5cb0efaad50e60d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56f9b6.TMP

Filesize
540B

MD5
7f804d4cfccd51435ca3c069e93cb683

SHA1
d040a4e7d37a1b045c9030fdded3fcfdc76fde46

SHA256
a63d7329551bacf1bfe41dfbb866b776ca08ffecf24ad9275ce2c24b335b5755

SHA512
76995284b7da8702e438c978024734e6cfdcd5a8039e475ad35e0e8ae7dc6f3eb91d808f3c4bcd8b6218d9871f00cddcd8f7243c2492d2fe8f1f0fc2d7dc9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
99be88cdb6d79e39bdd3d2f4c802d398

SHA1
46dcbdd9abd5df71738282561eaafb860213a920

SHA256
91f1d63a189fb7035cbbb9db888a168983e6055bde6c10a2d1226c2173570742

SHA512
79e2352a522acdc0cbaf4a4b29e9882c4a957573dfecbb307e9024b4cea000f8e5326770ec3aa406cf788bed7f46bb3cc1d0dd4f960df09aceae841e5cd8fde6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f26897d78202fc28ad9bdc40442808a

SHA1
cd1a950584adfc953118833246a3b0a8f5b6b7f5

SHA256
64a11e3910b7a922a417c37c5d50964683d800792976e44e02dffbf333d9f938

SHA512
afb64484143bec79a08f8a2640e989d288779659077575872873ac159cc0644e835e5d3a3ac301e77e4892b5ca9f01d19c13144ccae38e7ae82b4285bc84e1b3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2d32e53236e1ff4e5af84947648380a1

SHA1
834c4dc3e6fea77856d17aa0e1f36bc7d85c70ba

SHA256
a209124e97ae62d31d148fe76a90f6b303f1d77d46dcbaaa8e3890c6e39daa65

SHA512
7f92807f96f1266f4b5d81c0095626e21c81bd522309881c81794bad2b9e671c5de3b51c3de6908e1d9955ad081f05560c9fc0c9c1c2888c376c6e934f755e4f

Download Submit
memory/2448-159-0x00007FFFE3CF0000-0x00007FFFE3CF1000-memory.dmp

Filesize
4KB

Download