a60b7a2ef406fd853f59afb392ba91901e059cb256ae7f09de38344c55de4fa0

Analysis

max time kernel
148s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2023 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2D.webp
Size

9KB
MD5

ae2ba07dd60248547a43c8f8536d17ec
SHA1

6531b5dc5ca16ce1623583a45243f4155e3cc3a7
SHA256

e9936ee8c40bb1e82fa6f5fbe271b65522649b1caaead30f12c5f3e6f9d33c31
SHA512

399830feb3e3655ab59a9b86e67060b052f5ca866363904b732d37c66cb29c28a9ff81354216f61ab0fcaa98aee4cc4a9d0e1e3a8e4ec3ec7337a9cd4ccf2821
SSDEEP

192:IU0KYEjcArIDynZAnsMYDwnc/DCLt6gsMlbZI0wm4LwXL3gn5GcQS+U4:IKjfkDeGTnc4sMoxwXa5GcQH

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6af735f0-3634-43b5-8b6e-ad729b32e016.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230609232835.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4300	msedge.exe
4300	msedge.exe
444	msedge.exe
444	msedge.exe
2204	identity_helper.exe
2204	identity_helper.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

444 msedge.exe
444 msedge.exe
444 msedge.exe
444 msedge.exe
444 msedge.exe
444 msedge.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msedge.exe

pid process

444 msedge.exe
444 msedge.exe

pid	process
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe
444	msedge.exe

pid	process
444	msedge.exe
444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exemsedge.exe

description	pid	process	target process
PID 3260 wrote to memory of 444	3260	cmd.exe	msedge.exe
PID 3260 wrote to memory of 444	3260	cmd.exe	msedge.exe
PID 444 wrote to memory of 3408	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 3408	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4984	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4300	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 4300	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe
PID 444 wrote to memory of 2152	444	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\2D.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2D.webp
2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe083846f8,0x7ffe08384708,0x7ffe08384718
3⤵
PID:3408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
3⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
3⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
3⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
3⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
3⤵
PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
3⤵
PID:988

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
3⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:2632

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0xdc,0x22c,0x7ff738785460,0x7ff738785470,0x7ff738785480
4⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
3⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
3⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11399534051061690744,13936045979693986499,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3996 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
5a948879d6060c8fcd45bfb98364853d

SHA1
25416929dc093fbc5dc89dfd61d29107678fb611

SHA256
f23287e3c2ebec1505eacd455c645839e429bea67a32f04201bb37d2b4a5a282

SHA512
118efede52640b20890bbbac55c6e1e09f89ff7ebaa0f0803c4c7d769c9153dfa3397e25cfbc055bab0b52fe3ba958405f6c436aef295372bfadd8f810f70dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
232e3cc50457e6fa32394c900d510a9b

SHA1
20b64dba7aa80b25ac859ca6601e8c1b81bf35a1

SHA256
a5ce8668d88f3781931107210fb04a4addc2463243ddb91cc23843b068c8a569

SHA512
230c61f1b2f75263fb67379bab06db505ab61104aed754d178d91228c453852f2f6822d239a204206ab2b20cbe14277d907e72b0c977a9c8ca9e92d67b67e9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
96ca8946108d4596e58d3fb17243ab05

SHA1
96aed9b43eddd4c5b7ed4580274e2606f113be99

SHA256
d758bae2258f9fa769dc4c2730bb091f35766d4f23284b09280888b79d76a8c7

SHA512
3f67312ef3469f594ee3523c9bab2c4246510fec4a65160cb82a5ec9def109f5255923bfa82986985ea6c58f494f5b7defd971cb6077e6c0e691ff2f68a95c46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
b98d061dff7411c08fe2342f51e5ac1d

SHA1
095308c979af67ef4e97dadfd28b437ca1f94a45

SHA256
61a79fc452275f7b69ab6264de3994b651b2038e2881daa40ba7a328c0702d7b

SHA512
9c984fb2e7f0dae93cb3b00178b666419ca04ba066b8c6d764b16d2cee41f74eb864fa668ac191cf115564b1b696ec9649d37dfb9de5340d870398022abcfdcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
1e79203d0f70092bf25058099947d5c6

SHA1
20d5e2bd3a2ef807207bc3981bd5494c34839c0e

SHA256
decca6fa6de1f0dcc2b46a7c45e62d1754fda43b509d92393c628d56930851a6

SHA512
b06c5cb26083e2ef7a407be262f37d83d9fee4788e30a94ce258639f7c1fb2ccb4e37ca9b77e4fb30c0fa0a9e80f94a5b9719efd2499c87deafc87d260eb0568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
0b64bce1da3d4124bd7a9d77fa85cb15

SHA1
36f23b9613a05ae426406f9e66ac569582a78548

SHA256
14c0889d51fd6a42b3306f1815d388507264f65f5c17444ed5c21b0eac8709d4

SHA512
dcdd3f3c80ec9f2456a5662f081d08b1e58860bfc6670caf1b580f3e8a8a345c9079eee9005fa274ace94390adb5024f132ab280928a8096c91ce8f9e2836f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
a385a43569179b7ee2d56d7dbebc9371

SHA1
cf3196d79f3f5306871ba51a0c1196fcb1607418

SHA256
f915fe53250ddf3f47c5985a4524b3791fcf22c5c996cfdbac09d23d87fcd5cd

SHA512
09044a2a6c09c7cf6e10beaa4eaebaafeb12b43b456234dc5c390c9f5834b7c6c8d64b726f227cb895eb9d6d0b1279540786cfd03a51a8137c09fb3ab1abb5ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
c8407b3d157df2671d99e030158dc241

SHA1
dfcbf6a0cdf8eaea0ad562f4e4a3b281c348b32e

SHA256
641728a02beb53737cf624d04aa7ad54a394a864b95a2968ef6ba5b3275cebec

SHA512
3e3dbe9d6f45a654da55ed1b3c5bd12e2dcad7cce0c51cf8efe40484995adbf331bc6d135204ea0112d8d7286c99ec0eb8add5cfa1c5ab5ee02730ea2685c762

Download Submit
\??\pipe\LOCAL\crashpad_444_WTOXYWIRQTTWKXAJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit