8a3bfb12168717234125fbc9d38146abfa0f85de0391ef2a590d12c36448fcf9

Analysis

max time kernel
135s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06/05/2023, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xpadder.exe
Size

1.1MB
MD5

3074454a22ad7dd4a02095aa81730be2
SHA1

f37163d1922bdce8ec6eebd3b66af2ab3282b281
SHA256

8a3bfb12168717234125fbc9d38146abfa0f85de0391ef2a590d12c36448fcf9
SHA512

d899220604eee5c07b9d31c9c9c5ac3979b41fdb33a5c6a50f043cdf2cdbab34f57bc1217a655149ae475e21d1d6e222d97f1cc7fbe19a24b7f5fa1d5ce59eda
SSDEEP

24576:aqZf8bFzRhCvsr/h1F9rQIjg/P6pCt8lvJ8:sIqzg/R2C

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\01821405-adb2-4826-b8ed-be3aa5739056.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230506160204.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
2680	msedge.exe
2680	msedge.exe
4812	identity_helper.exe
4812	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2604	Xpadder.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 2112	2680	msedge.exe	87
PID 2680 wrote to memory of 2112	2680	msedge.exe	87
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4828	2680	msedge.exe	88
PID 2680 wrote to memory of 4372	2680	msedge.exe	89
PID 2680 wrote to memory of 4372	2680	msedge.exe	89
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91
PID 2680 wrote to memory of 1608	2680	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\Xpadder.exe
"C:\Users\Admin\AppData\Local\Temp\Xpadder.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdfef046f8,0x7ffdfef04708,0x7ffdfef04718
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff623065460,0x7ff623065470,0x7ff623065480
    3⤵
    PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4815663439834451871,10181343340843652866,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3788

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
425e83cc5a7b1f8edfbec7d986058b01

SHA1
432a90a25e714c618ff30631d9fdbe3606b0d0df

SHA256
060a2e5f65b8f3b79a8d4a0c54b877cfe032f558beb0888d6f810aaeef8579bd

SHA512
4bf074de60e7849ade26119ef778fe67ea47691efff45f3d5e0b25de2d06fcc6f95a2cfcdbed85759a5c078bb371fe57de725babda2f44290b4dc42d7b6001af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
6bf41296b5f61d9cbfc29853d151697a

SHA1
1d0dcc6cae4ee1a36394adcf66af4434f4639b36

SHA256
517f7cf1d98416845ecc9ae43ce4e05de93fa63c3afe1b1dc8f1012810f9c33e

SHA512
92e058b3c51c6dece7f889795bb9db58c2c801e47cab39bede6210cd4bc64a49b353cc14217ccdda3b2c952150c19f8ad8312618a950ba719c68f9e003952951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe56cb73.TMP

Filesize
48B

MD5
c9d42d7f34a88073bc3600aefdecb6d6

SHA1
78518f0c1def36ba1747371a931c49aecedabf79

SHA256
b4fdd7cfabe7ccb025ab96a3b5c43913af5713c299756219e752a8a2375d5517

SHA512
f0bf1d82b6c12fad0bcd816d3d4c0b1130ea11e3b0c237493344c516abf4436a3eb7520d19adb6e83123d6dd9593ef39535dcba4152c9b20d3303ebad60c11b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
866f4029888e1372b67e1e0340fadf26

SHA1
71cfe3db52854888dbc62f50492e4bf5e5dee195

SHA256
f618d3abf278e38f398698f682469591cd66a0b2933ef101354e51c33474044b

SHA512
b2ab511e8ff6f45cc364ed62abd119c8d871a991bc06e51cc45335b690213b8451e8a2c77375d2f194009de69351382c4e2891960822aafae7f5d9a8a837438d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
215c444677a671eab94be6b136d7b6db

SHA1
fed90e7bd8e19075f6a9d79be9d94ff42d702a4c

SHA256
67a72ed52f8cbdd160673bff34aa0c4c6d93d6cb29794c0478b7250d6949ee2b

SHA512
24483a3dfb181062e728321f8d05a02993e4d5100fc0ee55ff6f015241c51e8a5602975d9d233f2f1ee8b4c45616fb9133e7b9916fc69669e20f17ce15a94caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
9049f00ef0a1f46c952147239a53b556

SHA1
6a4ae0c9585cf7b018d9f9fd44e372161c395e0b

SHA256
1af5f9b4534cc8ce0f13f86bcd0e05b99e662e77860c9b2eb899b4e1c23402ff

SHA512
a90c550520a3d83b1f007988fc46c0e99262950719720c4a5733375b6cc3e69d00b232bc6d15b49c567b5e541e2ea59f73f9e41fa59c86a8761d2ac88d9ecfc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3c9d3b46ca2a3026a4b8fdfa69002174

SHA1
2f1f8d533d7afe696bdaffef8ed31f1f61da6567

SHA256
0dc4d54b3c52bbdc1247dde9291b70a44aae7d09b0c7c992d9fe0972ed1890d4

SHA512
08a16f9600230bdcde1966b494d9c305b5e303d3c957ff32158502f05d87778c359a1bb267bb34040bc7f998b01262586cc5c65e9a40eceb146a8a01124f8694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a1656ac3c4766928eb051795968743b1

SHA1
52eb5a47f152c707c03ba3116d78d71701598e2a

SHA256
aa61c725021870e1566b8b95046920759fb00e01359ca02b833c0e6a18a59d96

SHA512
3277e83f84eab2bda216fdaba2843246cd5d6da7d6089165f0123e9dc212084ed99b04895623ea43f14fbde4b003196158b2b967121f565079d70d25d9e6da08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
bc5f988722f72244e9a4aa8e1d6a0ee2

SHA1
4a132601b1d75fe013d364df95b711223eb9f742

SHA256
8ae99505d61450350ed2799d1bcca3cf9bcd4dd2e6a99cfcfcb2e929704592d9

SHA512
be7c42520bfe8aa8a966881190240bfef15471e84c4dad78ee3c3c0adc14d02e24f6eb950a68914d5870d51c4e91e42cb91eaedc69c360cb9cdc70c40d0cea2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dc459621972b32045f05055b515d3ed5

SHA1
963038271369fafa53de13074af679dd50d781fb

SHA256
1404d35ac91257ae0ac3bf8ce8f4bb8041312e84bdef4814baf9a031b23204af

SHA512
c37e28cbce64133f26770fcdcd942db9015cd211f514fb6eb565aa377a531410143a0a54193e5ceedaa2a1eb38e05108cb468b1a32b7b1a8fc0c5cc0d0295406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56cb82.TMP

Filesize
48B

MD5
93442391885b975324cbbe18ed7daf63

SHA1
3258fd9fe68d1bb797ab42b8b0cb478aa9c17555

SHA256
5e1566c7739b8d6647ae4456eed873a4ba331b96150c369340a47607dda07a19

SHA512
3d7c35b0f7ec0a71a95d5948f21ffea4897435ffb45e6183d97b864a23957d45b0c404eaad2e434fb968bb7a0385ce642d4fe5b77959457d71f7dd599d915839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
ceb156d8dc4a568b88634a88eefdb18d

SHA1
27d65c6113b60a8613c8b1dbe389d6acc8428e9c

SHA256
58f65b0c26da11f09966f408f2f92c80f552e9b88e56512937dfff3e2453761d

SHA512
33f95c7a69e9f3ace2fc8e56c779d70b256e723ebd6e36b739f98482caff1621dc07900aee81f259d15bfde5ee68e4e76c92c6c93a5b43e45da8bf907d8dbf8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
22d71aaa29db7a8913b80ad8d8139c76

SHA1
e9c8fe68652576bdeaa4696ff9b2cf4c6fb3b743

SHA256
9a2e98fa1a9ce62d4c031a67c173a9c5a1e3a4792199b414b47c97e83d383761

SHA512
4b9823435abe48830011258b12cb52361db43c6f215a343519dee94f5e676e87f837e2900e73e04281e428ad0724fe6ee77043cf3c76c29bc5d776cbbf246a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
432f279bc0825042e5ed3498023d3498

SHA1
28797d783d2215fafc1b0552923c8dd41514c08c

SHA256
832a4706144af8a0c317bee184d309fc066c7187d0f6f48ff3462fe80f4cbf85

SHA512
98a6e9879b9152e5579f5b17b1028f25546cd564f1ba159eb10898d4749b3ab4b6b92bb75ba67ef9dd92e1b397e8e93dcd237fc6f41c2a961358fc46ee6d1583

Download Submit
memory/2604-133-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/2604-134-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download