5920c27568593ee62a795d90f8928782d47f6826e74d5a8525e345aaf30ba09c

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2023, 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5920c27568593ee62a795d90f8928782d47f6826e74d5a8525e345aaf30ba09c.exe
Size

790KB
MD5

4102af3c9d06c6cf5846f6ec0ca8cc39
SHA1

58923c22db6c4124ba559648b110ba80664f5d80
SHA256

5920c27568593ee62a795d90f8928782d47f6826e74d5a8525e345aaf30ba09c
SHA512

5f9b0f48c794222f316b940b6a3e8836e9e4a5f8accda004501d065f87e2c0f61ef28eaa993190721620b6989e56474ad4c4d7f07fb88b23df376345542a9bd3
SSDEEP

24576:KAl8wPlxqIyLzoaAkCO54kco8lG4/GJHI:KAl8wPlxTy3oU54/lG4/8o

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (847) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\63f6d43e-e7fe-48d2-8faf-72b3e4005d6a.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230308070416.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
4552	msedge.exe
4552	msedge.exe
3536	identity_helper.exe
3536	identity_helper.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4624	5920c27568593ee62a795d90f8928782d47f6826e74d5a8525e345aaf30ba09c.exe
4624	5920c27568593ee62a795d90f8928782d47f6826e74d5a8525e345aaf30ba09c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 4552	4624	5920c27568593ee62a795d90f8928782d47f6826e74d5a8525e345aaf30ba09c.exe	85
PID 4624 wrote to memory of 4552	4624	5920c27568593ee62a795d90f8928782d47f6826e74d5a8525e345aaf30ba09c.exe	85
PID 4552 wrote to memory of 3852	4552	msedge.exe	86
PID 4552 wrote to memory of 3852	4552	msedge.exe	86
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 4240	4552	msedge.exe	88
PID 4552 wrote to memory of 2648	4552	msedge.exe	89
PID 4552 wrote to memory of 2648	4552	msedge.exe	89
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90
PID 4552 wrote to memory of 948	4552	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\5920c27568593ee62a795d90f8928782d47f6826e74d5a8525e345aaf30ba09c.exe
"C:\Users\Admin\AppData\Local\Temp\5920c27568593ee62a795d90f8928782d47f6826e74d5a8525e345aaf30ba09c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oneptp.com/ax/?uid=507801&ad=9
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffb914346f8,0x7ffb91434708,0x7ffb91434718
    3⤵
    PID:3852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:4240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
    3⤵
    PID:948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
    3⤵
    PID:4748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
    3⤵
    PID:4652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
    3⤵
    PID:2392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
    3⤵
    PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
    3⤵
    PID:2328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
    3⤵
    PID:3800
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 /prefetch:8
    3⤵
    PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:4576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6bc455460,0x7ff6bc455470,0x7ff6bc455480
      4⤵
      PID:1204
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4016 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
    3⤵
    PID:3740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
    3⤵
    PID:1328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
    3⤵
    PID:5596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
    3⤵
    PID:5720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
    3⤵
    PID:5916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6129408097631824603,9127602882270638043,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
425e83cc5a7b1f8edfbec7d986058b01

SHA1
432a90a25e714c618ff30631d9fdbe3606b0d0df

SHA256
060a2e5f65b8f3b79a8d4a0c54b877cfe032f558beb0888d6f810aaeef8579bd

SHA512
4bf074de60e7849ade26119ef778fe67ea47691efff45f3d5e0b25de2d06fcc6f95a2cfcdbed85759a5c078bb371fe57de725babda2f44290b4dc42d7b6001af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4b243293-ddd5-4aba-9e49-8a2e3ca1729f.tmp

Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\946b7be4-728c-44c2-b9a4-93bf0ba2e071.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2abdb769cf4214e6e5a5dd3b0902f0fb

SHA1
d9ed263474328aea55c7082dd54a33e7670b3790

SHA256
647ee6cddd7fae2b7e5e96f8b1acb912243e87ea56d146ae77f188970f4d0720

SHA512
58904b776a6574fb6d2f077c19ff5ed84790d9061e62cd7b0eca18f6afd79ce3c785521cb6a87a0010c71a8780169f648ad42b6362b7efa407f2eb862ef2fa9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
fed733e1b0e54707daa4838a38fb17e7

SHA1
71ae605a2db51bdc5589dacb11ed8c1bde2b5d45

SHA256
e68a4a3a5b84caa2b7d8c05f76f171b14c6143be95170cbbe361baf3b5f63a6e

SHA512
c1209b1aa7b3f5415ecbbfdcf5c00ba07d9154298560355d9d2df6c56740ee869b7f2f61a99b2402b203a281884bdcf5560a5834f5db2bda02cd33f41dd7e925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
c1bb14a4067342b2291aa6ad204bf379

SHA1
68431a0f8dfadc4d7d1a1dbddf224a3ec8c0b0d6

SHA256
1ade2752524264ac94e6f3db9e17521d9059a46f15580167d1dea39cd4d378d5

SHA512
bb5c711bc61ee7a1826f33d2f7e0616bb52fa76c5964993fe2ba1a12c326b925358b81f56effccba3e0e83597fffe9a7bd080c6674cf229841e628188423d4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
7ef2cb612b2f2b3e4d3c61f98c1fbb1e

SHA1
a42b1dd5ccc57f6bec02654dacdd9d732a93e535

SHA256
b55c2e5699d6cf4081c59ddf423fa6734d4abb25959f11bab040baf2fd287dd2

SHA512
27c30cf0b2f2cb6d758bb093fac8c899c2964c5c936199503d62a0f81f9066ed68c4564158591f7686c5d118d7fd4b18908bec49ae3b3fc90265523f5d9ff1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf334170b40c6512d3e01465afa87004

SHA1
35d8776b7f71a5da6b8c2f3c4ae40195e2f4cdf5

SHA256
b077574003368807a9799866af1d8b933d4f3f0fd75113bd8b1d44f45afbf413

SHA512
acb28515be615bec766e5ab6802e5d053eb1b9d9a051b2829995135597db02a310c6c66129c405d060d7f91cae9a382bd28ce75e8f415412da7835b8b696e8bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2b5c6ebb412f39d454dc49842986824

SHA1
8604ee2145ce0eaf9d5773d006f381f47e765d1a

SHA256
74ad44990baa97d85fd40d361c117e761f52c9e13227ba99c3f127ab426f2d7a

SHA512
48f802e986e1939ebf5e048b0915e0d0624ff715594aefcd3562569721bf33f035fdd5ed38e5111dac2f271bddbbf00eb0d43d244702a902a87699830260bd70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
d54390b00ec88ab3460bd1691258a6a7

SHA1
1f19ae166f461246e5c0e573505589396e067205

SHA256
eefe6293e02020dea06ca1b30b9d7558f34eaf57c9dbbe559300155f9d52c139

SHA512
7319fe8dcbb53ed45164b0e38281d0800f6b17e4bbb4621528eabeff80d9e807144acf683498e01b337d3e114a8dbb1009925b9fecf1e731d830620382c68a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56d8ff.TMP

Filesize
540B

MD5
796a0b0bb2b0fcf4ab101fb8f21f5cc7

SHA1
4a132912bd12cc74ea184fd08ab466517f8c7620

SHA256
ae208ddfea5e229ad2133261e1f55ee4bea7450a00e881166751e2f6f9a2054d

SHA512
1a0a8d70a42fe73a22de48551881e2f1968647b2d505ac3b103b1343f2fe880f45bade3bdf5e2cff4d78d16cebbe6c3f2a131cea5ecfcaae2e296df76516addb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c75fdafe-5b3e-40d3-a655-612d751bd111.tmp

Filesize
1KB

MD5
830df90d8d2bda937f74d0a854d446e7

SHA1
bd522dd5ff39a2d25b874a012789c8066a501cb2

SHA256
262991dd172a3f15aa28ff1e3e646b3e62390663e5dd34963201c0dedbc8c35e

SHA512
1b2f21d9dcf1b23c4a8e1140af557fb472f300a711dd896da17a6f9cfd8ed76cc002ffd27f013b41c8187cbbe26f5e2e3d1ada5ee5a65514384f05ace7ab87fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
9c3cb2a024e206a8c04394ba2ab3b22c

SHA1
ec96151fda563ef7dd13990ee26afe088c05df2e

SHA256
5af88e85f9bd6ae338e280298ae6caa8bd15821d0f46880c8bdc4b1bcac6b8f2

SHA512
6dc301d43e91116ee2c46afdadd0b853af10431fd32ba32b39c661ff7cd7514c2b4cd9b2a8fcbf725fc8987f687ff1356208fa1b05db6f450758fc3854b8ac0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d947ed346354c93dfd4e3f49d013f07d

SHA1
2c2cdcf4a960e65574145cda59b5700780da30ca

SHA256
970bc46c99aae600c30e1f4a7a256a1aa52dbb1e16db5728a40477d5c8b5fc17

SHA512
0cde148a847d8ff1cbce3ce3cea30ba3ed38d7a8ff58e10550eb75541dfa2687b80aaad2fa7ebad4acbf8a6727bd52466488664d3103848c1cf531c419734304

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
8c41a03020beaa9b16bb86ed9a3f56ac

SHA1
82a6befd9874a05c1339f99f74508701d09c7987

SHA256
ce7006e198b2828ad13ed2bdff32f7003044032d31a4ce56842fd3da8bc37e93

SHA512
05fcd653a7bdf32c3594dda6404e0e8f9cf2f2a7d6d9ae0a1407e1a3e40c11e8c57805daf0bc8a410c9da357c7d337c6064bff933b8be840f4c9df2f2fad2ca0

Download Submit
memory/4240-156-0x00007FFBAEFD0000-0x00007FFBAEFD1000-memory.dmp

Filesize
4KB

Download