4a3757df33e7f628839428c7093c1957c504c12429205cdf8ba957453c7104a8

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2023 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OpenTabletDriver.UX.Wpf.exe
Size

8.6MB
MD5

cd4f843134b32f82075978d13d7a304e
SHA1

0b30d1809155fa826f40e723d8ba9206924b24bc
SHA256

f115a0cd2b7d8ab3fb68bcdd86ccf4866bc9882a46e24ca111d5b40194cbcfae
SHA512

06eb9bc1257ed902ba017416e094e8a1194974d2849ea37fb85cd98d45957114012cc8916f8c92ac2155fcee7916daf4c497513752b3139b0d916084364e25c4
SSDEEP

196608:1/i452muAlWbU8naREbuFY/yJMzG9gpnElyzARO/MdqLIJmX0VijQB+v8Na7Y5WG:R6AlWbU8naREbuFY/yJMzG9gpnElyzA1

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\06e53ec5-a300-42f9-832e-8c3eb170a26e.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230412214838.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 770737.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
812	msedge.exe
812	msedge.exe
3120	msedge.exe
3120	msedge.exe
3744	identity_helper.exe
3744	identity_helper.exe
5132	msedge.exe
5132	msedge.exe
5132	msedge.exe
5132	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 3120	4128	OpenTabletDriver.UX.Wpf.exe	85
PID 4128 wrote to memory of 3120	4128	OpenTabletDriver.UX.Wpf.exe	85
PID 3120 wrote to memory of 2156	3120	msedge.exe	86
PID 3120 wrote to memory of 2156	3120	msedge.exe	86
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 5036	3120	msedge.exe	87
PID 3120 wrote to memory of 812	3120	msedge.exe	88
PID 3120 wrote to memory of 812	3120	msedge.exe	88
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89
PID 3120 wrote to memory of 2560	3120	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\OpenTabletDriver.UX.Wpf.exe
"C:\Users\Admin\AppData\Local\Temp\OpenTabletDriver.UX.Wpf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.4&gui=true
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffef90d46f8,0x7ffef90d4708,0x7ffef90d4718
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:5036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:2560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:2404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
    3⤵
    PID:2924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
    3⤵
    PID:520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
    3⤵
    PID:4800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5404 /prefetch:8
    3⤵
    PID:2280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
    3⤵
    PID:3984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6092 /prefetch:8
    3⤵
    PID:4692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
    3⤵
    PID:1284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
    3⤵
    PID:1732
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:8
    3⤵
    PID:3868
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:2964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff718475460,0x7ff718475470,0x7ff718475480
      4⤵
      PID:988
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
    3⤵
    PID:2124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
    3⤵
    PID:1432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2384358326454073147,15844989332806021676,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1204

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f3c40f142e62769eef104e0df6375748

SHA1
31ab04861ffeffa91e71f4e28d5131cc18476363

SHA256
a879673bbf638956906f2fd86e8bf4555c45c6b5ee8cbd0285efcde277737437

SHA512
2f7d21bafcf226d419a34893ed6b400fee78e24b009947d38091fb5e4c145472b3f2a752abfed25ad0f30ff88e4f254520642f4fd739860285abb0193cc1f32b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
30a88adac7fb69ba8034756d34dd88ef

SHA1
069ca0664d82a48c5a5f77ab7ea1f77c10e4d0f8

SHA256
b83c156ef4af6c73bca6bbe7d15790c5055de237f821dae6256c47eaefb9b405

SHA512
09a62b70e3c1c980617b8b96ce748ba276ed4aa51a47d4262d76ad38c05c6cee1049fd57851d1fff7efd19fb1172fd0fdb71888df8ecd1377e48e16059a08872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
e1cbb9b253611b53cd8ae9a3192a84af

SHA1
b0744ed6e0c4fd489e9cdd55fccdd54bbdfe089f

SHA256
fec31c5e1e2fbea628cb8fae676ed8cdf7ab5f6b21fddf7b1159f6a932c32220

SHA512
f61dd25bf0ab92e94b1daa91ebb8a2045afae944ad056b90588f386fc0cfef441e93d01a1350183e0e72c0c5ae58399f97f9234e29797db8fa771a5966f98773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8c06c682c78f9d39499f66f188dd7175

SHA1
f216e2073c4039bc4920a57a58e5f844e8131259

SHA256
40be36ba25590f57262b912049528a459ff04e236a850e574ccda3e98902f1ea

SHA512
c77ffc953b58c144e56d916d71a54a967b3dada51a71af1ea9c9e7adddff22cf12c2ced553e67ed67bc51bfcafba44ff817d577829b99c498c08d09bae3e443b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
eec213098a660178b8decf246791c6b8

SHA1
e17ce71afd3d2fa6a8a59ec8285544c8f229b7c3

SHA256
ce58cac0741ff27983f5c623daa87ba42ee01b57f0e195bfe0b7530b6121edf6

SHA512
2a2f3a911e40c40e9b22f5e0f837de5f9a87c097ee7355cf49cac8a1505d637b58ebd98b97e5686a79a9014e69cfa30cb8b69680f7a8938940adf6aedc34af60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ec6563274d3a516d28da2c15b0417ed

SHA1
0de022554b422fb32b52c549af59cce008d9b9f4

SHA256
06005646bbb803ce7bdf65368b72be58e8056bf79e4f600af81f15f11b039302

SHA512
1c9f10c691f54ee5fac4400adebe906de01a3a73b2cb49b8b0583f040ff24c9b5a6ac20b2d97230719a2b26d8b7712f6cbc6f082d56940c931b82426da515a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
30a3764906af3ef0022ca815f817b320

SHA1
8abddf2cdc25599ec8b8276bf7f417f79b1db51f

SHA256
39ee8d905017b9f7db82f296f46f8894b53ac7c904fed8b341dabea4baeedcf2

SHA512
290429ba985e9d1dbeedd162b7b246440dd13e0fa02c0db990b5fd3d1b12843887b82b041aaa6b57ad338a51b3a3f791a44b7e3b2629715c2a63bf921796a424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
ac69fe80044a5a0e03f8ff9c70b2b67c

SHA1
c19a6f22fba2ea0311911fe8e97ec542f9033036

SHA256
cb73a507fc5f358c87b956c0d62fc72feb11561b39a381999abea6a67a34514c

SHA512
235fe882b5a01a97f2cdd93f8915b9ef0fa1453c6a35daa2782559e8a034bd715edd266773e1d19cc3baa8b1818736b590d25699a92dee996586f4df792754b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
558e11f23a869ebe4352746a93e78b44

SHA1
fd06da5af2cfd791f5b5ab391d3bd107a3550eb1

SHA256
886b7f3b3f8fce9849346a2d21285567f123af57ddef650b2ca60c4966f282db

SHA512
4fe2e2cdcfa4b07025316a504da4955dc5785c4f1aabc9ac86b00e9d23577b8306bc2efcd0e9c3b1904a7b1ec1b1b324e16df323c99880aa1e9a964f5a46456b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
c59c9fcee48e5ffccbfc3edc0e254bdf

SHA1
a51ca537dae3276a6a1168aac498efa9ae42cd54

SHA256
e4d7e15892f8a5459fd39d2f41d4464c2ff31dc2438fe4f9697cb7df6530a7d0

SHA512
5943a58a5dc5d89766301f7dc972d8497db7f79e36541c37cb38ddfc5279b36a7521075b738ed7f82bc7fe014d737dea4041f01dbb4c485f25ab631cffe631ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
3ddbb4581c1ecd7744280783afe4e34f

SHA1
9ce3f7b56fbf78d5156f816fcca1ea80a8644334

SHA256
48b67be79db10b66e51ce4d2c1c187fc10346d0462ee559794e37c6c5c890c1e

SHA512
f49a5c78692dd944b3a669ee5676cf6c958a968c257465512cdc7ec39cdd3dff8628c937a671c9b827fba97762627ea56ecbdee96543232ecf1ba64c838667f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
1aae3721ac44df387d2d2f166b2f115f

SHA1
f99c079eb6a830f03773aa25aff5392db659ecf9

SHA256
06a543742213b1fa119cf41b1b84e0127992fbddb3b4d619053fe126bc70bd70

SHA512
4ef972be8bf66983f86c115602f97612ffff33707b2a11d407eb41d402e143cf92b0bd160b24d1f2fb6c0728235c366ec465b9fd2def1d2a5c3948cf23a384f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe573568.TMP

Filesize
706B

MD5
01087f872b05389ec1f80eca0138e9d9

SHA1
5830a86b1c76e063d03a3934a3e89ba3495a619d

SHA256
aed602431d37a669d0f89d3a699341aee4c1ef444b1914508f141e4e488bcca2

SHA512
848cd24782ba96d33c5afc951138236295208883ee9ed66463f6f4f62e07188d19a4924d63c246c8011891037b47d9a577a89f86bab208fbab90f4a5fce26eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
36708974da7764829fffd5c409300ee0

SHA1
ca248b6ff23bd0472890c77793704cf17fb23137

SHA256
70c30c2d0cea6a0a9dd5df2aaae1b3d0409aaaea464b9ee530d11c1ee707a6c9

SHA512
0e2a81b7d934cfc17b8528cabe7d41bf774cdc9e9726c5355ec0472278439d02e75c885782b02ed06fefa87672998aea1fe1ea9f8081c6eaaef79112ed0740b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
18b8fc41a23bf4ea2493f3a76205449f

SHA1
87a778d95cb618eeae22e0db0fdd516692e18f5f

SHA256
e1bfa4944c9630a7b2ebea53aa1b593d2c492822474df1c80158c4bf31fc72d5

SHA512
c935cfa2fe595120a049227278f32a207c5686a4a210a913b8315093264cc9972c1e9ab7ca8830081412631546325b33af25710d46465ea26df9986e169b0d1c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
676ece50556f0901eb200cc5ca17b2a7

SHA1
a69b35650929dbca9f1ecd5f3ba81c064fbea133

SHA256
698c74bbcaaf44b0bba4820fce2e39b1999ac8efb19f24c4d141a65d9f8b8e82

SHA512
19f0a504b5ba8470acefe8367b2e2474cb9861dae4ed038a148cb73121c87d28a27b3be1dea4b14f5e37673d46862aea740566e500cf6d10e516acefcd684c15

Download Submit
memory/3744-360-0x000001B9E7940000-0x000001B9E7A89000-memory.dmp

Filesize
1.3MB

Download