hxxps://kvpro-ag[.]webflow[.]io/

Analysis

max time kernel
54s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2023, 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kvpro-ag.webflow.io/

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\ca1d5ef6-d7c1-474c-9b17-e92d2f4a23ca.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230613100848.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3560	powershell.exe
3560	powershell.exe
3728	msedge.exe
3728	msedge.exe
1704	msedge.exe
1704	msedge.exe
1412	identity_helper.exe
1412	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3560	powershell.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 872	1704	msedge.exe	86
PID 1704 wrote to memory of 872	1704	msedge.exe	86
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3880	1704	msedge.exe	87
PID 1704 wrote to memory of 3728	1704	msedge.exe	88
PID 1704 wrote to memory of 3728	1704	msedge.exe	88
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89
PID 1704 wrote to memory of 2620	1704	msedge.exe	89

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://kvpro-ag.webflow.io/
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://kvpro-ag.webflow.io/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0xac,0x104,0x7ffd3a7446f8,0x7ffd3a744708,0x7ffd3a744718
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3700
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x100,0x128,0xf8,0x130,0x7ff72b085460,0x7ff72b085470,0x7ff72b085480
    3⤵
    PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5111922249106612633,15272218829844131235,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
e2824ec20cbb17334d331c2b855e6fcd

SHA1
7dccde4b7ec9c92cd013bb0bd94e6d6a5c493ac7

SHA256
ab15e7fbeb98d43a8664cc4fe97e8a29c9701929bbf8be5ea9d4cd7156384f58

SHA512
14af8e6fa7349c6baa575d99fb7db98e850ee39c2b8b0a53fcb3568af5fa1562e42d470fcea1bbe454f1c7eb6aec165683e5ceb781784f4fde338968c3170c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
61442297449afcf4d094bb5f93bd4353

SHA1
9f56a04723771fc45301494c01c361bb19940cae

SHA256
3d20fcf3572ab370b7b3ad3c359d6c7aac91a0393715875144914f0f1c065a7c

SHA512
26bb8b4125eb6915dd6640ed4162682eac01f8c5152307d2fe6283ca99f7fa27975d5a3daff9101088b2c4cebbe1f0ee897fb84e9a43f46e07f3a0ee7119b8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
eb82cc542ca52eb342249dce6c28d9bc

SHA1
550bb043ee9ecb8807900c37c19bed451ae3228e

SHA256
d00752d76273dcbdd313816bee496ebabc13d3e195b6d4cc6eadc976f5dd8966

SHA512
b0c130d0ffd3b1668a38adabfcc79985f960c3b8dc25593f4c4afdc13c2b2791db66b6ff05f5fb1b92930ec7e9f515ac5b2e029f383c359a4cf9f80c0aa74643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
ea8bb33073aac5ba57262211dfb4fdbe

SHA1
daaf2f8095b37b59d63627230bce974b3069036b

SHA256
a7d48988489698a28202bf7163f6f500b20fd250fc28575bc2eadf05ef03fcbf

SHA512
ca91548e6647cfbbe6defa407338214518788e9cbe0bdc21152e62aa5c4ee7de6b930720e2ab8f05f8f676b94d440469aab4f3a1065bb49097115e31b8413181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b225c702b7b2ff54672dcf159e59c16a

SHA1
8ce94fc8bc7fd4eb68bab7c340e3020617643a12

SHA256
16af50717ebcbb8b36b686ed63412a2c769cce0753ee3503cdcc00099c15c498

SHA512
44cdbc1e2e993cdd9f43e22171ba38f7c4a9ecdf9cab28a5e7d5184a6cf61fdd4a9f8b641105e77ec15b30414c7fe77676dd9fbf49fcf92150c4984c0af3da1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
8f29cd3cda54cd86a1bfd584c5322ca5

SHA1
2df16666ef42f71583b5036b23610abf841ad505

SHA256
4de4493dc1c30d408aa55c61fdfa5de105df9dc5712fb08f1e3fdcae4cd02ed3

SHA512
3b5d5b12280b732b0196a2d54d61beaf8c794fc282eb0f3b59c34af6c73e59151d293de36d46336c7a647a22c53237a688934dca5a3769b077dd36977322fee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4cdfc10669d217a54dbb490fde659bda

SHA1
bc677ce5e719ab652d95c3d20213a13908949b91

SHA256
e114543fa9d9f8bad8e4a103d488ac56b83a8241803c24e6226afd6f921a8568

SHA512
b6dd4ccee974295229a36a40e73267c81c78b7651269d1d49bd11d32684b357b35b5d22124800c9430cb4506fedcb7c7eb74e93e2f861b56424cbb012df6cbed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6695bfb93db5dd651e7a352f3613b594

SHA1
8653838bc818f72be9969e803f99bb11881af9aa

SHA256
fbdd3d2debd8cccc7a93295c106a7919a14728d45a0f3297eda46f9ebe52b222

SHA512
d946e01ae5b6041ac5b3cb61dc9bdc7e3c4ac2c2c948abb752d8925a2af162ca90c4f121e4216482b6dfbb92806d6d8a6bc276dae1621c5f6491e799ad42e8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
784a51387993e9aeb34d4ad4ed93ab48

SHA1
1cbf9ea1b6c2ea18c8670f26ebf9c11d7d245bc4

SHA256
567af49b26f4676e8c8ad07b34db13ae7a9e19ba01e6bd1af390a611b44413f8

SHA512
ba34c55cea5840723b16f09f0a790f823a5a65657f8163018cbfcbc3a13c83b1b4b6a1f8ca0fe188c1ba7d78cc9319889235c0f6042a2013755fc6d820e4b9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
228B

MD5
d2f177c6a3a7eebcefe5ef2c7afb36af

SHA1
893eabaa5ef0c07a16445ed6abae3c3dc3efdb78

SHA256
ad73e3bb44075f0387fabd14573098b4b8411b4d236766daea1cee3e41ce161e

SHA512
a3bef91881c1b434500a36726dcd9d5ef50fa929949b3280115c83d9d247090945c27f9ba3a498f07b902a87610c62abe14b4dcb2f978e1f314d33450a1e9b13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt~RFe5728d5.TMP

Filesize
235B

MD5
8d1326944d4dd2583f27e9d5ce6d63d7

SHA1
60e03f2c9454aae9ac527daf54baec5573db0f0f

SHA256
cb95755bc8e046f8b555bddc1d2dd071b7e30cc7f7af7bbc99f933bb10254098

SHA512
eebc9e20deaac9f32e3080420ed24c1cb348561a620a4809f414f8c225bf8ca6f7a0c09652c135028ca5b5c044d5c4d4ce5856d7f927a5bb9a299104f6b7a43c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
cadf7fe66c7866a564fe2c6a1266a998

SHA1
2555b21b44869faa8b2ae36107e9fe20199dca6f

SHA256
d1a0c3ecb4ee4daa00ea0f81d027456124b7d2cf56ed9674a789be38213f2c4d

SHA512
40d3956c39c95a767fdce42cfdebc0faf921f646cd2ad69a5b531e26d9dc8467939f73ce689549cf8b136a7b39b203b0f1080a49d99dd749e250de7ce5f5816b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5728c5.TMP

Filesize
48B

MD5
c910d0e1814dd35015ec70934cf23ef6

SHA1
f3c8c9109004ec18a212705863fbfc07c5eb47d4

SHA256
6400fdb1769f78ac4521363827678cebd47b19c44482b832ea46039a028ac5f2

SHA512
f7a9cbf2fd086940925f22fb7b496045207c6ce7bc56d41e506379a6b5c3e376a5d618e900675d271ababe3c8cea0308f88b04c660aea1be6bfa2adbcd408c39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f3663844da1503463d9ddad007ab7d7c

SHA1
740849e26ccbf2631ac1b1118218890e10a76d82

SHA256
7d19f15eaf6dbe52e31391fe7162b37807df9ba5028766ba7fde25acacd70892

SHA512
4816b350ee39254c8345c194a343f98a84ed7a82693fbaa2487728551aca532904dfb16febd66e3d3d7db758d896bdc04eb2c14a433e4de020dc545a6c713c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5729a0.TMP

Filesize
1KB

MD5
0586ff1a754016c492f882867b458303

SHA1
46132b496f2c7c8242ba6b42f1bee5f5eb690ab6

SHA256
a2064c50b014dba3f3d8a884abf5b2f5c323edb9417452cb528b281ab646b90f

SHA512
2711bf734244737ddef2b4c67195f5e6b9b3a883b3057b0bd6ea939cd2ab0f04083b25ba14f513e1e531e8a790bb7c7e359d4427c8a6ef8502c92cc98fe29a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
367ecd60554709a90740c1774052ea72

SHA1
6c26c9b3a522456bded6814e1e7b2fbe2e22d870

SHA256
ec01f544aae7eb75b3dd4adfed1c97170bdeca114d331be1810916866de342a9

SHA512
746e729e2ca325257ffb2241905fb314c95256d2bdedb083401ac4a8540f61ba04d79f850c1643ffb83e300d011c480b1655dd70a104966eeb09722a648ceeed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
3065b918a2ca641a0efb4adde2a21224

SHA1
74ba06a967faa89bafeff7a5273c1bf975802112

SHA256
a84f5a67a16474b68b1fe783d444d58c68c35a77cba31c85d12384ce5a4eada2

SHA512
59e51bf84e73421c02909602c290edc095723b82503de1c169339c7771180024e50a75f983d47360b8a02f8a60cba83a1f1546f57c8e9e854df1601859b96afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
257b35e83256f41a9c4efeb2c9a88491

SHA1
b66bf4208f10feb4123ecebefdab1e02fda7c607

SHA256
1665fba1af8d7a02ea965fd6f98d2cb66d4f220c532816207e6681bc1d2d3962

SHA512
f39de3c4679953ec62f23565e22d03e29ada1f725689a1a04de76c7dbcc6a08f92ffd7267e8f0e798e56b08f892dc782cfa3723f6930eb515473e157a5933ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
2abd9b6f84bda1d250ffd9a45c36f856

SHA1
3dd5292fa18899d7e8d1a760351f187e550436a8

SHA256
042384c7f5e27e607ee4e93d79929336963e526fa16f39131949a136dc874b08

SHA512
4ff1ab335f4876c598df9dc0469aac1ad384ee177e842b5a8de198082ab2d35d1f59ce702fdbd7cf17453e7b8153a52b422484ea9a1bd050600cae07a626aa26

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oeabrd4v.wvo.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9c6c0005ed54e248747370f83946cafa

SHA1
c040c5f95cc606ad44cfed511bc74d226596f4db

SHA256
564bc68c36ecbcbafd5e880d60e2d03fdffa25ad3a0eba8ce7ca21c6c3ae4753

SHA512
c249c3bf985b6e73d76ddb3e3e17f01b5227f6c65fc38a5b868dcb5ff297adab87129d5a18df1511f7f3091f8db7199c00234e4d2e35398ccf3d772571f660cb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4aa986b34481bd4711b7bd334b4b0875

SHA1
6637de2077c4e3a0c45af5028e719ffc4e1642c5

SHA256
d8dc7f3317a776443762aeb7d9f50da86d6716e443d33049e0497a881b3fb3a3

SHA512
4ce7747c95e5181d645d863053a1e399090788b83e99debee5661f038cda55fd90a23934481d584dae1ba0bed052ad194e86bfac4c298398e3645fb382c4b2fe

Download Submit
memory/3560-142-0x000002D0FF020000-0x000002D0FF042000-memory.dmp

Filesize
136KB

Download
memory/3560-143-0x000002D0FF070000-0x000002D0FF080000-memory.dmp

Filesize
64KB

Download
memory/3560-144-0x000002D0FF070000-0x000002D0FF080000-memory.dmp

Filesize
64KB

Download
memory/3560-145-0x000002D0FF070000-0x000002D0FF080000-memory.dmp

Filesize
64KB

Download