437c8032e578d678d10379c25af38953c41821103fb2d7d25f6a229fdd2bec10

Analysis

max time kernel
149s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2023, 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Borrador/IObitUnlocker.exe
Size

2.3MB
MD5

ca7d229c1a8087836d2365fd736a09ed
SHA1

7b502e68692c108854a033eca371defcb9a64328
SHA256

d2b8c197c1ff337cc692c3f11e3cf8e263612212b8dac9c104a220ae7ce0c325
SHA512

8dc81e51a50035740cc529f45844d80f2f998bd6e862c3d0192a7a7a591d9d8c26d6c9674a6e0e99c76dc57174a0791b57e32a0a2b9014a5ecb83b012679bc96
SSDEEP

24576:5S/WgTT/eC4PwRXrAREEkyuCmLMAefac2mhPiT8b2DeXYJAmzQDFQEkXAFxZSD1j:QTT/eC2wpBBseA/FsZDW8nTeCPGXOy+

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\4bc65e49-e89a-44e3-8f79-ff56803119f2.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230331024337.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4548	IObitUnlocker.exe
4548	IObitUnlocker.exe
4036	msedge.exe
4036	msedge.exe
4248	msedge.exe
4248	msedge.exe
4892	identity_helper.exe
4892	identity_helper.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4548	IObitUnlocker.exe
4548	IObitUnlocker.exe
4548	IObitUnlocker.exe
4548	IObitUnlocker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 4248	4548	IObitUnlocker.exe	87
PID 4548 wrote to memory of 4248	4548	IObitUnlocker.exe	87
PID 4248 wrote to memory of 264	4248	msedge.exe	88
PID 4248 wrote to memory of 264	4248	msedge.exe	88
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4716	4248	msedge.exe	90
PID 4248 wrote to memory of 4036	4248	msedge.exe	91
PID 4248 wrote to memory of 4036	4248	msedge.exe	91
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93
PID 4248 wrote to memory of 4388	4248	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\Borrador\IObitUnlocker.exe
"C:\Users\Admin\AppData\Local\Temp\Borrador\IObitUnlocker.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.iobit.com/iobit-unlocker.html
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff30b746f8,0x7fff30b74708,0x7fff30b74718
    3⤵
    PID:264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
    3⤵
    PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3020 /prefetch:8
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
    3⤵
    PID:2876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
    3⤵
    PID:2884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
    3⤵
    PID:5024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
    3⤵
    PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3748 /prefetch:8
    3⤵
    PID:1964
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6a6315460,0x7ff6a6315470,0x7ff6a6315480
      4⤵
      PID:1768
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3748 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
    3⤵
    PID:2808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
    3⤵
    PID:4228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,14952116920908076381,12827029619254608254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2920 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2124

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
425e83cc5a7b1f8edfbec7d986058b01

SHA1
432a90a25e714c618ff30631d9fdbe3606b0d0df

SHA256
060a2e5f65b8f3b79a8d4a0c54b877cfe032f558beb0888d6f810aaeef8579bd

SHA512
4bf074de60e7849ade26119ef778fe67ea47691efff45f3d5e0b25de2d06fcc6f95a2cfcdbed85759a5c078bb371fe57de725babda2f44290b4dc42d7b6001af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3477ecd3-56e4-41e7-9197-2f8af283ecad.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
44fca83a2fd6f5fc791ed81a3fd3dac7

SHA1
b3944fbb0af9b0a89f153189f24578b681b1fe9a

SHA256
31b6b9aa7cbd287739d604ec8566e7c02792f0f3de078aba37d2417c9641a6d6

SHA512
379a7e9c199641feee1c714384352883e2c850f892a54fa4764646ba94a0782da59b0a06b3af15f6bdaa4e7243e6a87b63b9a22d1fa68dfcaae2fd3f0dbd691b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
6f979dcb31121b8d841339c3128b7556

SHA1
fba397c4c01008052aec501c17764b87b3803d19

SHA256
cbb1341dd8d7953792b60cc24894942a67e514561a2e8d7838eb5231fc7aed19

SHA512
05b4d3b5dc4017d93878676310c1f5bef050a8103d56a271e610bed02929ece80379c9d9eefdf93c4549496c14b8a8d461e3d9222a472d55d83377d13dc76329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
8f8dd121a4d7fdadf80830e93e09d42e

SHA1
7e2660609954a6b0f440ca5e2186fa2e887d436d

SHA256
66db533a59da574edf6554654058642eb0d0d8a16355f002d08ff67f2250591b

SHA512
670bb422db805d41b449f33c3b230b4acd4baf479b40c1dce2e90e600f80e363a50e475e9fecf99f52c83096a9515e5924294660a512a2f7ba6dbcd9938f40fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4610c91ff9fe5e488d215472c8ab3b8a

SHA1
c862763768ab1370601f5ad75267c9ab1588cc3d

SHA256
e1c2e18402a76e0bc2b5421e134d1aab3b70fad48fadd51c4d925d0d118568fa

SHA512
511cdadcda55c1dd28b67f68ab8a692ca880e985b77126bb8be312e6b51e1210c6e9555587a4981b4fcd28d0a966af09ed5b17086a54ed89dcf125df39e23ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
875820a0c35cbe8fea9b2a248ee6f941

SHA1
2d52f7742bc242ab5bb46f0b64d8d339382a588e

SHA256
51b506aeb08d0c132bd7d83ebd50b1ea790d567f8d41bf26605a055afdd34ca5

SHA512
cd5d10cbd08c7b97098b81911422a3f1aea9106a6c94e3a07b97de6015f88a0969b4b703a1dde3f1db2ee7021383633a0735b0420764a12a6d97367b6f2636c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a2a59ab282d25472b4158fae0a79c79

SHA1
182db194df0476c2aba5dfdaeb96c17e9f870fa1

SHA256
c129c0eff2d8ac007625426dd94dcbcd8bfb0365b4355a7f93889a7d23cfd13f

SHA512
c80fed3dbb89b0a619ced460278448162fecb7598a818a1eafc7cd46a8ae1fb4152a59a80738268e8d53ab081e4a80c396694988e5b2d19ac554a27d73ffe790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99161cf8a0c8decae30f5ba3db60f090

SHA1
d85b7fd425f99a1e6279a4d72f4e516701f8ab80

SHA256
09d620acd014f56646c071a980999fe9dd4189fd89d8e5959919f852ab0d32db

SHA512
41fb5c91acac8661c381355a8be01776b3f8d651045f74c27c902aa126beb8f196dbd7c6f95c60bf8e013e90e33bbf67ee81e27760363d88eea26d8ef86c1453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b9a6c9fff9ab0e50411c3c8088926e77

SHA1
b7a8dd7160ba793067d4f03e8fef55438831bbc4

SHA256
806837b0e0e12cb3cdd7cf6bcd54d29eebec504ce8ae15f88981fd74be386cfd

SHA512
01bc7195dc95a90813460e78f4ad73650ef7b154cbb0ea2f94085954dbda9bb9eb2993da908ce2849784457adbad11fd73ff20da3bf2d30f5d28fa9192f5f1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bb9e0029610424f03af04c97dd1c5d5f

SHA1
b4622e89a4bee96e74f43af4d8f21254d7769b84

SHA256
40f6251d33d8e5c0338238b9618932bad1ffd7006bc18f9f262e0b3f63378fa9

SHA512
50275d44b571fa5e0c27f49b8e23ba6bef6ae1c53eadc3fc77bafd61fbce056e911127f60246f42bee8961312e5d41d229b70b94e95e035bd0dd45f8c8845af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
99d3468369d6cac6d547b201efb852a6

SHA1
5d8e8f02fe7e5f767317bdf9d010aff0ea57a927

SHA256
0a6d3dfd7bc83e8de441da2770cea8e47533566372d52612744491dc1e3ecf1c

SHA512
9ab385ac4ba7b814d57b909c171833e0e96ca59cb2a704287859709bd29b56287ada4ff1db7ecd06c26852db2bb183691744c18f8e78e70639089cee51e9dd86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ce3c1933-2a29-4f72-8f2d-476ff30a0de5.tmp

Filesize
13KB

MD5
b3ec949e646b10b2b518022c88fdff66

SHA1
c39afbf915b0cfb94694f0a7ea3d0224f4be224f

SHA256
7a9541607fdb5b2ba2e9679a267768093202d907e1d37bb0132f427d22949502

SHA512
906aa20558b0108a5b38c682e1814345598548895b17e2d01c81cc479c768f4f38bbaf0416c2091cb23f9fd92d8594d0c264e87a7e37539adf553fec93fbd234

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7a4360cc8613af44e8b98da4e0e77afd

SHA1
1effc97ae724decf9f0f22f0f56fb0978cd3ce65

SHA256
d1a5e2875ed77da3f5a65922730411d4f6d10ad49df635646a49e8defe1592b4

SHA512
3dc86ff7e942fe5b7b35da4862effbfef84b62b83889e7dd7fea1d5050fd9405f459c6123f1d1c8a160df76bf924b252594c8785d00c9d2467b9220b0dbfd91f

Download Submit
memory/4548-133-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/4548-204-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/4548-161-0x0000000000400000-0x0000000000660000-memory.dmp

Filesize
2.4MB

Download
memory/4548-424-0x0000000000400000-0x0000000000660000-memory.dmp

Filesize
2.4MB

Download
memory/4548-137-0x0000000005790000-0x0000000005791000-memory.dmp

Filesize
4KB

Download
memory/4548-434-0x0000000000400000-0x0000000000660000-memory.dmp

Filesize
2.4MB

Download