hxxps://ziprararchiver[.]com

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230221-de
resource tags

arch:x64arch:x86image:win10v2004-20230221-delocale:de-deos:windows10-2004-x64systemwindows
submitted
26-05-2023 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ziprararchiver.com

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d56ba2c0-7212-45a1-8b57-17d320b89191.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230526130713.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

powershell.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

powershell.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1516	powershell.exe
1516	powershell.exe
208	msedge.exe
208	msedge.exe
648	msedge.exe
648	msedge.exe
2208	identity_helper.exe
2208	identity_helper.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid	process
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 1516 powershell.exe
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

msedge.exe

pid process

648 msedge.exe
648 msedge.exe
648 msedge.exe

description	pid	process
Token: SeDebugPrivilege	1516	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 648 wrote to memory of 692	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 692	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2404	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 208	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 208	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 1768	648	msedge.exe	msedge.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://ziprararchiver.com
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://ziprararchiver.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa8a2d46f8,0x7ffa8a2d4708,0x7ffa8a2d4718
2⤵
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
2⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
2⤵
PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
2⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
2⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff62d3f5460,0x7ff62d3f5470,0x7ff62d3f5480
3⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
2⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
2⤵
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
2⤵
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
2⤵
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
2⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
2⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12516251495244809599,18121566144835446942,131072 --disable-gpu-compositing --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
2⤵
PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
af545ed87d096e91ab21fc729f1b32b5

SHA1
dff3a378f67250dd5461473251cf07911e37a97f

SHA256
ccb3c67e9669882249dd935ac5d1c7acc73e04c298df3b00ca918c747802f1c6

SHA512
9e6c6b400bd096c24b8af2db3f4a1f1297e9f63fd0c346973add26388e35cfd4dc42d2e4c28a7da729b7b85d29c0a9169742ace41adcf6e6beed96c98e904853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe56df87.TMP
Filesize
48B

MD5
fda6e1cee58022ab866e2248570e69da

SHA1
7153355216cf079832d47e037a7ee889ab386546

SHA256
1b92de6c0a0a1ce9008e744b148500d69281d3cb9290e70e004acc08cb00aaa9

SHA512
ef16fbc530c2cd5abcdb0b6b219579b46df613bea28f0242f919cbfff6a75fa071f4ab826ff723037d9fbc79f82b5bac63913b8be5edb9d1825579c08cc0ed29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000001.dbtmp
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
70b8555bad46299a85883ca673bb0841

SHA1
e39511175d7002664928fbec202174032bae2dd0

SHA256
06808213dba1e8eb93fabeb773c60b6791ab4a6e49d83a021691b3c01f61d6a7

SHA512
6330bc86d2f9ef3fff3f2d50af0910905a33232fbbb7ccfbbbb8e09653e4873d9dff9be1f1ee4183c49a54b60c7ab54418ebabce7481e1e5f87a8a5143a1bbe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
8628f137e29b6c707d0776ed58a9a8fa

SHA1
a80dd8ba7cab4f7a7c66933611e468812695a696

SHA256
e49625baed7e7f65a9ff422e12c2cba55368aa970543c8b86f908649dcaeee23

SHA512
1382ee7f6ccc457f8cdf1d8c64d5361447def1d25a12d9078220a29a711881209f3aaf2900b994960fc387645119405d05485442f4c84c70f29da5805f01b160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
767f0c385542ec70ae9158535c6fad36

SHA1
135f7da840b33378981552f763fcb4dd6dc1e849

SHA256
5c8f87a8315a96a544251d117b61a6cedd59f329e6e2ca35de217ab7a12c7fcd

SHA512
dd01e9ce976eb8bab3ba4361ef85a33fc8333cb7abd347347a54a1219c5c587a9fc8464339675825a7a959b7fd4c1f803a6c1ed5c29c3bc0cbcea45d676e9d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
e86f48f885309a451593536088ab4cb0

SHA1
06a5df884e96800c281029a457f62364a9371045

SHA256
6d8e287c2bca3dbba73d70a199d1014a51f8aa744e1ae8d3ead5715ccda735b4

SHA512
957211a2ebfec78973c7b2cefda51689cc2fa68d90f818dcb22993dac53334afb8d7a28f1314d049c52da2e4713b638bed45385e2d57823bf736c551d3625d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
6df4015ce701241483014bdeed9fd9f0

SHA1
044b19f31a1030bf914351cdc35d83336223e186

SHA256
68a2507e1c5746007f200791302ee6337476ed787e95684d14a7fe1f5cbd9fef

SHA512
48970990b9933aa8df8ca7ed56e096df7f55051f1e3daff5d722361a8451a7bdd3ff6ba757c4d48e148066e20de0fff4a18cc17201c83436245b7e0f082bb4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
7cb954cf8e5628b4791fe286e6bdc0e0

SHA1
236764df86cc3cbc6921933cc1750fb05d8f6fb2

SHA256
b682e59909884500ef1031ac5614aa63a0cd578c2518919ccbde9d28d9f4b873

SHA512
0cb2be8075e80695b8a122654ff6d74d3c3b5819688553cbac62ad59a1e56ea41b28e02d8f4b1f6795ce23455f2807564aa6cdf49123300dbb186cfc50dfe7f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
784a51387993e9aeb34d4ad4ed93ab48

SHA1
1cbf9ea1b6c2ea18c8670f26ebf9c11d7d245bc4

SHA256
567af49b26f4676e8c8ad07b34db13ae7a9e19ba01e6bd1af390a611b44413f8

SHA512
ba34c55cea5840723b16f09f0a790f823a5a65657f8163018cbfcbc3a13c83b1b4b6a1f8ca0fe188c1ba7d78cc9319889235c0f6042a2013755fc6d820e4b9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
192ae3e3165738ef38974dab187e7ffa

SHA1
c3947ea98755262ed40c59caf865716c31b3bea8

SHA256
d09a1942c6201ff9b246af46afadc879a34ca81a4e9dd4123520a2a2acc05d12

SHA512
a8ce7707b39a863c801994013e28f94aae8faa1292ed07850febaf543c2814fa00374700537a005214c68eeb025a3ab63aecd7aa3a98efeeaa2fa517448f323d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58850a.TMP
Filesize
866B

MD5
6b47659b271bf2f4fce9beffc85e73c4

SHA1
ef834ca23ba004ee2aad7467e0cd549471ec05c2

SHA256
2c2ac95560ca373c53f00f2b904b428ad5822407d96899eca29efd8ae36fe3c8

SHA512
67ac74a4fd8e4e1cff6907ec4a1b5c75affc7e7303d016ff6eae759960dfa2503fb0bb6920cb1c2de0556dba5856c5d326aeb491968be10f22eeff8ada733bec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
79ff7f5129a25191c85543c6fd54c0ab

SHA1
ed899bfc19ebfe6b7b1479d9a64e24c59368bdc8

SHA256
0f0f768c9c9643b1256580b3d9ad6a2cbfbe2ed91fe10b5e6249fbc036b20648

SHA512
94923961a953315f708a26cc67e0a99825e38e6e4bee0564b112b4b13819529dfced663b0c3f2a8cb1455b534669dc1224d614c0a5c47f5cd3af4d8fdaa4f7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
cf8a02ac8f25fce6f93e7315f35653cc

SHA1
83fdc72f291982c0c65c4da8e36ee2233e4c4aad

SHA256
9dfbb59e51350b4aae2e96bbc530ca54ea0018f563d203137bb37bbd998fc1d1

SHA512
a61ac2755641ad62b5b31e00adcb66a9f11649fa015409331b36e88a89214a4e67e25ce757fd8457d1e97777af263fde8e85ab7cc0516d57a5dd1a40c34dd9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hxsg1up4.ltr.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
92c2b94b0b190605eeea18d90b7896de

SHA1
2e71ccee9713aba83dccbf98aad47afd5a9b03ec

SHA256
fdc7fada71fb22840cb4e1cdd4b481af31c0e1837e46eea5e8f019e72fe73f73

SHA512
753397b2d17dea5264b5a25b44bc59ab9bfe798a4919147e1fc8947d63721cbed01071a3af04def4c4bcc0d9e18ab642788506fa6941c3ce7787e73ff328dc91

Download Submit
\??\pipe\LOCAL\crashpad_648_REKTOUBBODUWFTBF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1516-147-0x0000029360EB0000-0x0000029360FB4000-memory.dmp

Filesize
1.0MB

Download
memory/1516-143-0x0000029360050000-0x0000029360060000-memory.dmp

Filesize
64KB

Download
memory/1516-133-0x00000293600A0000-0x0000029360126000-memory.dmp

Filesize
536KB

Download
memory/1516-144-0x0000029360060000-0x0000029360082000-memory.dmp

Filesize
136KB

Download
memory/1516-145-0x0000029360000000-0x0000029360010000-memory.dmp

Filesize
64KB

Download
memory/1516-146-0x0000029360000000-0x0000029360010000-memory.dmp

Filesize
64KB

Download