533c988de19e1531e2829e0c62c4437ad7b8ba0bccbb8086b3e3ec4ff54c97cf

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2023, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

533c988de19e1531e2829e0c62c4437ad7b8ba0bccbb8086b3e3ec4ff54c97cf.exe
Size

790KB
MD5

a75ca80769362da3435fdd009aff4f30
SHA1

5280c8dfdcaa45c8f3c55231f905c04853cc9f70
SHA256

533c988de19e1531e2829e0c62c4437ad7b8ba0bccbb8086b3e3ec4ff54c97cf
SHA512

32267b85a705efd672d0af3a5ee991059467d9fc63671b8826574dec8fdd4247ae0d43f31653e464d55283a9524510491cb1dce491ad6c2652f33b804b14d073
SSDEEP

24576:KAl8wPlxqIyLzoaAkCO54kco8lG4/GJH7:KAl8wPlxTy3oU54/lG4/8b

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8d1b0850-5169-4a3c-a9cc-151ed66ef230.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230307220038.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1016	4840	WerFault.exe	82

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
2708	identity_helper.exe
2708	identity_helper.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe
5592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4840	533c988de19e1531e2829e0c62c4437ad7b8ba0bccbb8086b3e3ec4ff54c97cf.exe
4840	533c988de19e1531e2829e0c62c4437ad7b8ba0bccbb8086b3e3ec4ff54c97cf.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 4124	4840	533c988de19e1531e2829e0c62c4437ad7b8ba0bccbb8086b3e3ec4ff54c97cf.exe	83
PID 4840 wrote to memory of 4124	4840	533c988de19e1531e2829e0c62c4437ad7b8ba0bccbb8086b3e3ec4ff54c97cf.exe	83
PID 4124 wrote to memory of 3872	4124	msedge.exe	86
PID 4124 wrote to memory of 3872	4124	msedge.exe	86
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 4564	4124	msedge.exe	89
PID 4124 wrote to memory of 1692	4124	msedge.exe	91
PID 4124 wrote to memory of 1692	4124	msedge.exe	91
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90
PID 4124 wrote to memory of 1728	4124	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\533c988de19e1531e2829e0c62c4437ad7b8ba0bccbb8086b3e3ec4ff54c97cf.exe
"C:\Users\Admin\AppData\Local\Temp\533c988de19e1531e2829e0c62c4437ad7b8ba0bccbb8086b3e3ec4ff54c97cf.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oneptp.com/ax/?uid=507801&ad=15
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffb605046f8,0x7ffb60504708,0x7ffb60504718
    3⤵
    PID:3872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2376 /prefetch:8
    3⤵
    PID:1728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
    3⤵
    PID:896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
    3⤵
    PID:3780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
    3⤵
    PID:2660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
    3⤵
    PID:5084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
    3⤵
    PID:1472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
    3⤵
    PID:3948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
    3⤵
    PID:4268
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:8
    3⤵
    PID:3720
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:5116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x12c,0x22c,0x7ff65b815460,0x7ff65b815470,0x7ff65b815480
      4⤵
      PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6988 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
    3⤵
    PID:1208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
    3⤵
    PID:4532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3826998517594815712,2017578614229281783,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5024 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5592
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 2800
  2⤵
  - Program crash
  PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4840 -ip 4840
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\347ae987-be0c-48af-a48c-ce56a0dccce9.tmp

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
ab9ca9b904eef995c7152a042ac2c20f

SHA1
09548a933777758bfed2187a356429b4ec10d9dd

SHA256
b1e89a2d7d9a7876e08c0d94a4199e3b185ee27715491920444c197f74a5e8f2

SHA512
11bfc61b5a2cd47701fb3a28e92e31a09a45f383da69d78781e70dfe51af600950d810d88d6c877537b33d5bfaa8d93853f1a10bce8f981ae2fb24f5b6cac997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe573fe7.TMP

Filesize
48B

MD5
0058e50df6f68aca601b82e1a5c99a96

SHA1
a118d7cab7e7aa629261721c03870727d4d009fe

SHA256
2eab51b0e87f12bfebc090a1ee51092bcb45a2f55b32bfbbe6f07d8b17a8ce8a

SHA512
738aedcf5c151dc3d2b510e1c1d5c238c2b8e4e0d62d6d501373fe794cc8a5ddc038f87f3978aca1f4df919da4210abe06ac35f082d416defd1a363ef68d06c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
83ff1e62f18ea801cb97807af06d87e1

SHA1
92483404b64a5d1556e643ab4f0d4d3f8662a37d

SHA256
9e5e32a73629a0aa866b853c7da69b9f0112e34973c2a05e1a5ef328ed00607d

SHA512
c24dab8e71288e3c0f5369640c2b56e516b286c8292f0d67604df14cb59dfe8ec26908e61d7df974abfaeff18cd842f1ccde52b1dc699fa3bc842ebf787191a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a15acc47012c28f600ba9783cb2ced29

SHA1
8f12bae2d1c6d014aeb24bd2bd0c9efd2ba392a5

SHA256
ed4ce52edb7974a24a2b6aa0cc4bbe12341b4ea8adb33e194edb52efd916e623

SHA512
171ba6a662826f2df8197af6da857640db78f94bb6ab69bdb44fdf155677bf6fe604e94888c34ea4e54916add9b924ee19bc3afbb0f9aa9d20241e3c4773c491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
2cb33a22b5659c6094d93c8297e07087

SHA1
5336fae62302d775327d51c5cf1c952954c126f7

SHA256
2e06fee4dd84857e9824ad39238c85b59179b8bda9aad7b00f1f20d090a11da0

SHA512
0258c5950d6c200cf396cdd0d5e47051a61818009ef6e3e10ddb7b2c7a42a4de334ec765d4aac36e6505f643515650b4e88d249f758cdf497a0363e385e94d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
34f427bfb6c90de5355233b29a9019da

SHA1
6374787fab8e5b87ec6c4d6fb13d478c10a7e6e7

SHA256
ebce840d972fa33cfc6604e8952bce0bf4fd29b716c676bed1f3b557b97904dd

SHA512
7ddfe5277139bfadf987f5bc857d8737ef295827a43af0d2da5bceca7b930beff5a5d09494743f2ded9101b9377d7894094ce93e058b43ef9257d2adc716ef0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b6d9746aadac03ac9c2a439fe827fa7c

SHA1
caeaf9510bfbe496e2738c0b6d9ddb28fb3ef622

SHA256
a09116300209b3014c7142481c25f916b964928e06c519e5d287eae5a6a9f04b

SHA512
a42ab9db1e66e63f659dff6362c6c407687fad904f11684e6c8698b4d8cadf70f8a1677dad0caec665092abc1599ff392f38d830ee5d1babcc664497d2643601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
899d69ea1002acc73c1fd8ef3aa039dc

SHA1
3f00ba55f7cb51d2e109f313fecf292c972f71db

SHA256
1c8c1137e499c814e8349bd0196049d4954bd406575db15c8f54b5c347c57d45

SHA512
13c0757f9de5f5bff35d75beba7b730a3a544ddb3f1c6fa4b5db86876669592058a835878f61705a443e82e0d3451e5cbe1581633a4bba1e3b99bbaad63e4557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe570d2f.TMP

Filesize
540B

MD5
608a97b6d3c2f4bf746333190261a521

SHA1
cec34552c474f10f593860fee9e92c6fc6e1eeb7

SHA256
ec319c809856da55addfd51754414540f277bcb8f9650f6f7d1e6eaa02f0d2ff

SHA512
994075aba50c012921f01760e79c4c49e8bc7725ef9b7c4503c6d1c061b2839ff480604b5b84cd3b8c7084e3a1ad5db3346e585abe9d7e8f5b7dd235908ebfdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
47716572d5a145d7cde73da3a356e69f

SHA1
3851879798c6f4440068ea8c275f7e38bd1fa32e

SHA256
a13a914e4a177e1bbb7e27b89a6746d8d13a9ef6cab69bc985b0ac60dd32f812

SHA512
26350c884357e76841bfe00c3282744de51deeea5c31b8bc37d05fee5d2648d02845f15e480a98b2bebc9016aa664fd3eccf6f24b1bd63ef664fa896d04ab2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4059c7c08921a8a4e6aa7f0deb249c6f

SHA1
3c2b5b2daabefa56a2fb2a4b44d8e9b017317c32

SHA256
5476dd9e5918d0aefae66aeca205045302b73195b38c8e2f79c8b07c4d384180

SHA512
d39c0a2ac1a690bfb2f98b6d5d91ab6fbf302bc10893cefc3b781c99874b52bf2501f3b1a57793aebb92ccb3db9c97878ded1b909a946961fed95a08486dea14

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
8d42f4f04cddeee31c3d4cd710dcd55b

SHA1
4b3d42763f00d789b3394bd78d3c1ff6cbbd093e

SHA256
36b42958a1b35b629c82ee2e067d58ac2e0d2d85424ad6887c7a9c852557ddbe

SHA512
ce9d0bc08a007271b046e870e8aeab27386bbe00b2df11d07637a0585132c321af710e503008920d0e2dde001f15fd8cb8a7cd66bbed4c4d6c0606b9fda20d4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
8f436cee9bc941261c1fae7d1dd0df0f

SHA1
85cf98c714470dc6baf16c48a22bdfe1ae291a60

SHA256
76a55c138a982233506aab4ff0ddda559b01ea337bf04b8eb8267d2ca40166db

SHA512
01c4ec35f67035b7af93f4228f36de43277f31c977ad48f4b7cfbc357d19ae4f4ce2e60503e83eb0836808afe9e0c478d554acd9172049e53a0399eaa9613372

Download Submit
memory/1728-162-0x00007FFB7CFC0000-0x00007FFB7CFC1000-memory.dmp

Filesize
4KB

Download