512f84428c2a8556b04d31cbd672d42ecf76ed59094f1c32f3d56716c975602f

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2023, 21:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

512f84428c2a8556b04d31cbd672d42ecf76ed59094f1c32f3d56716c975602f.exe
Size

790KB
MD5

12e30f5250160f1bc59031da66af2daf
SHA1

0b856fbc5b99a4476e8fc2dd7a0325108f8b45ea
SHA256

512f84428c2a8556b04d31cbd672d42ecf76ed59094f1c32f3d56716c975602f
SHA512

b8001a413da3750f0d5dd4f07b510f27f073031bad25860df900cc05de6457b78f40096e638fbc8388084a6c69d8c24e30114a0ec7265e7801af922c5885dab2
SSDEEP

12288:AqzXbaUrzJRmKQiKyl+G7LdDy1GPWboTlG4Oe5IWLBwW:AqzXbaUrzbvQZyoGXxy4P8oTlG4b5bLb

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (854) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\5f77919c-d65c-4306-a3b4-85125458a31a.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230307211610.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
652	msedge.exe
652	msedge.exe
5356	identity_helper.exe
5356	identity_helper.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
652	msedge.exe
652	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2868	512f84428c2a8556b04d31cbd672d42ecf76ed59094f1c32f3d56716c975602f.exe
2868	512f84428c2a8556b04d31cbd672d42ecf76ed59094f1c32f3d56716c975602f.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 652	2868	512f84428c2a8556b04d31cbd672d42ecf76ed59094f1c32f3d56716c975602f.exe	88
PID 2868 wrote to memory of 652	2868	512f84428c2a8556b04d31cbd672d42ecf76ed59094f1c32f3d56716c975602f.exe	88
PID 652 wrote to memory of 1616	652	msedge.exe	89
PID 652 wrote to memory of 1616	652	msedge.exe	89
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 1672	652	msedge.exe	90
PID 652 wrote to memory of 3108	652	msedge.exe	91
PID 652 wrote to memory of 3108	652	msedge.exe	91
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92
PID 652 wrote to memory of 844	652	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\512f84428c2a8556b04d31cbd672d42ecf76ed59094f1c32f3d56716c975602f.exe
"C:\Users\Admin\AppData\Local\Temp\512f84428c2a8556b04d31cbd672d42ecf76ed59094f1c32f3d56716c975602f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oneptp.com/ax/?uid=507801&ad=17
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffe42446f8,0x7fffe4244708,0x7fffe4244718
    3⤵
    PID:1616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
    3⤵
    PID:1672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
    3⤵
    PID:844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
    3⤵
    PID:2696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
    3⤵
    PID:4740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
    3⤵
    PID:2092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
    3⤵
    PID:4960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
    3⤵
    PID:536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
    3⤵
    PID:2548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
    3⤵
    PID:4612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
    3⤵
    PID:460
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
    3⤵
    PID:4676
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:4724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff78d765460,0x7ff78d765470,0x7ff78d765480
      4⤵
      PID:5152
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
    3⤵
    PID:5368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
    3⤵
    PID:5400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14934732707853711803,690797046059125380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4112 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
61KB

MD5
7a7b9c4a8624adbb3645ef99ba374353

SHA1
2bd2d23ddd06ab143ffaa54f29fbfc45bc18982f

SHA256
ff913aed84077f232791314df22f4d3eb0ab4b08a3a6b2276405ede624a26404

SHA512
b6a9496466b7b9f6af46886c1b5b0c888b071039765ed25e9837d858fcc110f13136c1a3a53a1b69ec30dcea28bacebcdd2c232cb72148afd290d8a7e908bb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
c39e4943aad130014a9edf833dfa48c4

SHA1
9f7c742522f5898ef730967db59b54576ffe606f

SHA256
786edf4d4b529e8f08736d84538200ff8de45d443284fb35bd5f7882381397a4

SHA512
bd8da53c0b4d547ea65672eccfb4df429130a981838bf58ab073b778948c475aeaf0bfb3e2ce40e9c1b99643d65d6b5f5d74ce3759d5b0672f8a267997105a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
c794ec27614343cdae6dbbd065507931

SHA1
ff5c80b9315e269635314e57bedeb054f4d2513c

SHA256
ad98e81b1d40662f1a64a4697fcff69efe95ba02dac76ee4680b5658bc2238e6

SHA512
c55d53cceac377dd0fa66598bde7644943b05d9a99f0fb429f8875f477f0c5021306fc97e6aaf47b7e97671766735fe81fea45b5e7753de1a61848cefe7793e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
9994e6dfce3830cbd6c9a836da0f9df3

SHA1
789253de36cd688478a406aa608f10e7c44ad2f9

SHA256
639203b81259312ff8ccde88232ea7bc2bcfba6f4bcefe96e651bd8535019fdf

SHA512
d68f5f06a315680a579bdecf00ced56d1a5e10d72c611056320448cf8c7ad1bfbf1a8748dcefb053c5c31c2ba9b83fee11c34286c9df0bb7dd484ac9f0292cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5384177a797c07ef7b941af3a6edb489

SHA1
3eaf91630f46d5252cdd01116ec337182cfdddf8

SHA256
c193f2dbda305ab5d397f47441db31d04d03188ed4a84dbc77d4b39b5d8625b0

SHA512
8eb12c97dd8aab9e026c0fdf7246b5a28f51272ba64d7a17d553717ccfff098effe654d22fc5735933279552af0e289bc26e9d37858f763282aed91a36c339be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
0d99bd6db1599c951db0c03df048143e

SHA1
f778fce48956514a24682dfe3faa4af49a7270aa

SHA256
00fe2dbdb7b7e5fb7b3916b44c926ac5355a54ef69157d1e084771a44fc581e7

SHA512
b06c80adc51e1409d6eae51ba0037cfd921b751e398205fd259293642eec8ffd63bd9bf4e99c03c3d7d1a09e5cc30d834bf591d6c0cfc5c71b1fda2a47a105fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
848a2aa9dc7325f8cf1c58393728e403

SHA1
f97d73283ce973a93c2f1fd6cc23b91558fc42ee

SHA256
b98fa9211d2a0bf611689dd3b5ca0f5af44caf9d80a00fcfa26e5916a697fa60

SHA512
0ba9b90741a83c79ba48ad46a10777d3a5dc04feef0e9417ff8f7affbb198ec987f55cb525a994fdc6360aef2f1855b71061262c35fb15ff12350b6e4cea0395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
63480e62e768a58436c43931c4437c8f

SHA1
fbf15a72e913d5a161beb8767a9565e96c26af8a

SHA256
f2fe4e08be6c3b66c522f6a94afb8c7aa2333f6bf35d0c044d6cdda7cd51edfb

SHA512
4296169520b8f5e4854ef575266bd176d1681064463d2b19d110a6253a07dc102cd2acb4c0b23f321e8ebf8d0576b3341c2e5b0d4043c31c0ebde2fa3e7aade1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
77890011cf41800cb50024d8d10adef5

SHA1
cc71e42678f8c5ee54f3cae991f0f112e8442c83

SHA256
16fb4d55e04da3a5f32e9ca380acbe3906b8dac518f5bb34950feb289f67b464

SHA512
0e86ee2fa047f2ba87f2d67515007ccff0429b175ff3e3acaf2bd2e39ba4b2c39a7ada98b874dc699a0e47fa6a51abf6ccf143ac8e8e058d324a561e2290f13b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe573f4b.TMP

Filesize
538B

MD5
53aecf8a94f6d50b2709612973e3acc3

SHA1
0404690eaad634ae33a598bae7993b1a7dda711e

SHA256
397e091b085f8b23914e1619c3ca461df49265a867d440d563b1985ffb3bfe51

SHA512
4bdb940dc859e9205be5b10c7523452ac1b55430474b662e0ba52c65e20075cfca753a9aecac168139ad33bd682763b71db1ef13056e7a243fab290188167bb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
40b18d557349e254e98458f69735ef28

SHA1
06b7405b1f390f88b855424bff22960ab359ef83

SHA256
8dfd4262065b882d879e0d0d1b490c7138d1015502457f4f9b3fd8b5a46fafe8

SHA512
e71a2c1ed755eb10f1078f8219ff4ceb8940e6b4d2ec5fcf724cae1f5342b65eb0c2fafed4863b01297e410b5e76a823f505eefbfe1fc7d44476a391869baf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
daac50ad4f7525d323960cb0b664472d

SHA1
b28bd9136292fe975fd7c59f0af96d1bd400952d

SHA256
5b6a619c89a5b1583eac5a15a631e5fecbfcd61f6c5b48f4419d659e0260c0c9

SHA512
2f9387d5da825ca57ff88895666cc4b07c0d7f5aa02b06dbce8b8cd4c7a8e469c8d07612df8c9bdf9318888c641da8424cc7fe821a61381049244472700d76fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0007d2e89f745a1d78dea8e58efdebee

SHA1
2d0bdeb313d630e8ed9ab04c233333a3366de0f4

SHA256
0fb7c59157453c2a0ef3150fd775ca3c134ee972eace9f18e3b6887030109b2d

SHA512
1f518f7bf7953a968b9414e16361fb43bd534d46907d2f5f7a55f4fc6f431c84b7dc6d97a4d89de2ba3777386b823e93759aedf72d0121426447a7d57e89a9fe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
20bca125d6f85b0eca9d213df938b8dc

SHA1
c2ddb3c45d65eb61e8778e1735c9a0e875af509d

SHA256
9e3bbc336d3c0057d56fc0327efc4c92c3f0de3c323551a5706761637d838cfc

SHA512
361014c311e17c24d47f7d26ae540f5c59a0bb231342294e04a35a92aaae4248d03dc78ec72fd16c6deb3eea746c0395f72f958f013cfcc779bf4db6fe7b9421

Download Submit
memory/1672-162-0x00007FF802400000-0x00007FF802401000-memory.dmp

Filesize
4KB

Download