hxxp://wakelet[.]com

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wakelet.com

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230614101356.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\fbce5255-6db9-4238-aa1b-865f0633bf1e.tmp	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4680	powershell.exe
4680	powershell.exe
4120	msedge.exe
4120	msedge.exe
4056	msedge.exe
4056	msedge.exe
896	identity_helper.exe
896	identity_helper.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4680	powershell.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 4368	4056	msedge.exe	87
PID 4056 wrote to memory of 4368	4056	msedge.exe	87
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 2436	4056	msedge.exe	88
PID 4056 wrote to memory of 4120	4056	msedge.exe	89
PID 4056 wrote to memory of 4120	4056	msedge.exe	89
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91
PID 4056 wrote to memory of 3428	4056	msedge.exe	91

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge http://wakelet.com
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch http://wakelet.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ffb1e5d46f8,0x7ffb1e5d4708,0x7ffb1e5d4718
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3852
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff78e7a5460,0x7ff78e7a5470,0x7ff78e7a5480
    3⤵
    PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1949950717550162240,15433047988920535152,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
20cd9fb8ef17d04c49e9989036631b19

SHA1
9bedc88c5a6f27246e428c43a975f5af93a5540b

SHA256
339c111cf9c10892618c2df13b8e3f93b7ea2c035ac0dee47f071d4e035960a8

SHA512
596cb1a91cd4d82580647b7ba0a3a519b50cfc4c71221c86cf8915a5cdd7e61a9c97ccc240db1572dc0bf9a814a1648cc5d4e9e0f31c03290ddafeeee4822535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9ea5002de66113e98a67395077755a46

SHA1
107accbeae979b9424c2041fc8f026787155af14

SHA256
824fbe4eb544d7b3556cbf19306b4fef90bc49b94156e4c925daa34e0fa335e0

SHA512
dd1754dc1db6f1c91fa657e4f0486da703349390bc35c0655496b34b165802913bd4508e8ee409b92fa1150a1b0525c263f3554e8a61e8350135d8a8a6f76966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ce9dfdc7fcf92bc1a6772ab3d3f56d24

SHA1
2eeff9d0d77f8e19547c74fd376f204f4f712f58

SHA256
c4b8c46393417599d0673618259e7b9196ddb2af65066b4b2319628b0558cfbe

SHA512
7ca432bf48d81ed5d5340b216f936cfb6038a40d26a20b64a82f6a9b656614a75dc137a1dd7eb370d699e41d15ec5b181e7d65e591001d3542e58d9523ca5492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
7e9a3896e95f53c7cb2a7567f9e55f20

SHA1
16d7c9d0dd33be9cc07e5e22767b0528aeafa88f

SHA256
d841fe3a7af38c5941843e4544a155b9e5ee58ec67f504191b018a55f87ef9ba

SHA512
897c42a4b529724c5cd7ef422e76bceea463d9a5f66a9213e2011049187dfab1661cfbd7e3dec40c2200addc1fec1ab2a567c4ed707eefba2a42c626b03e15cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
122dfb93ad43b915abff683d1e2144cf

SHA1
5d0766a02f0bfe4156ff6e1a2f847b5101646537

SHA256
4a88e83f43d1247417d9bc9ce815e0e3272f696a1d0b6f4f3f39e60792913a77

SHA512
b0fece314ea0d5e198e9f37a5b5e440315ff2d799fd3d9f069d2ca19ed48d7512e69e3d2d24431bc74d689d67cc08a101ca9fa0043f86c8ed1b2af43b2bccf7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e8b248df8aa2b1a1a46e933b158512fc

SHA1
5fd261245205b2c88b421775ef6776f7851a6523

SHA256
138df40f87204185a8169634154a143f23d54f37a4de20aa2e5b78ae0b3cb55b

SHA512
7f69ba745bce9c53f4e72c836f0e2874a0f68c45fc193be1cd7bf45a6b0501d5d82aa715aed5607fe6334fd3d2c7c1dce32bb40d2c041150632b26a57910595f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
e82570c1514df85bda304eee49e8ee16

SHA1
56a3c4914a44f0d6f6633b554143a445eba1f80f

SHA256
861b50212c30096e60355f7c633559c5827ca07db481f25417c3074706f30da1

SHA512
d84474b08daa8854e5601e08c86fbe707a7adf6184bbba095ccfc3e14b75b8e0ed9e759480bb57b8782cd7e396592d58ef8ed7ed42c0779ea1cf3ce4da9c65e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad9754d036e1ff26ef5a592094af5b03

SHA1
a9daa4e65ece7f0be3f78a141a759788d1c3a186

SHA256
ab19b7a0d3b69822ae97f518fbaf54db6e2980a93736def0f0a28720d8f6e30c

SHA512
e3e9cbf7f0440640d53bac7000aa90eaaef5ecb77f2850d283dd235dd72aa838d3bf9b60a6a8e3256f2122f91ceccb9aac7bad254a2666595d122e231d329fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
28ce64914ae1a1f678b8672bcc5e68d8

SHA1
c5f97894924f7cb5e2992435a034f69d4fd96d6f

SHA256
5189173f5db7dc1dc5480114a073bdc53e6d60c619ddfc223e308674aeba6d21

SHA512
ec285fbc0a724a04ad331c6c3e0fac81d706a6921b38e5fb150daedc68f92d259a5c40c7fea2e2954a64d82d9cf9e2a2b976e1159c6191b4b3651ae56145d0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b680c6d775ddc6a3e7172a741caf1718

SHA1
1721322390d0367b97d30cebf36001413b5b7e07

SHA256
6df34bec827fce5ffe2e8ed4f6ac53e7be3c24ee3191afbae8727fc444a05f30

SHA512
d7184dd2224c85c42a0af264fc4290c3c514b230313b32073e323e2183d97ae84fa669f5cd9fdd1e4e190d93f7c7b80f095090eb8e2789dfcf201d7f56457519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e79203d0f70092bf25058099947d5c6

SHA1
20d5e2bd3a2ef807207bc3981bd5494c34839c0e

SHA256
decca6fa6de1f0dcc2b46a7c45e62d1754fda43b509d92393c628d56930851a6

SHA512
b06c5cb26083e2ef7a407be262f37d83d9fee4788e30a94ce258639f7c1fb2ccb4e37ca9b77e4fb30c0fa0a9e80f94a5b9719efd2499c87deafc87d260eb0568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\119091905c9ca6884323f07d4868a28aeb30a22f\5d2eea18-aa31-4e61-a4a3-390ed8b282d0\index-dir\the-real-index

Filesize
72B

MD5
b38616f920133e8f8d31633e180e3a2c

SHA1
0d5b51f4c0158e99a459cbd656c966ec1803f841

SHA256
03a2f4fb5c415d3aa508eec0126c91e3bfc804b2545ee939ef0703b6c7bad8c2

SHA512
a8134b77f3ab3e771e703cd6adfb1e6a932df84fa0e2bcd5934bd50f99777fb7787b8b2a192efcb8e3a687c5ede44c88992c87a5da50419e63430322f149051d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\119091905c9ca6884323f07d4868a28aeb30a22f\5d2eea18-aa31-4e61-a4a3-390ed8b282d0\index-dir\the-real-index~RFe56fb2d.TMP

Filesize
48B

MD5
8190bcda75197c4eb6bff7f85e940828

SHA1
d520215514e681feab25cbeac87efd1e72153153

SHA256
99ed18f928ec8db5a6710dbbda035ea03b640b94af40bf8f0e47f52f316c228a

SHA512
f0b065eef311c7624ddf9716ccf673ba2109b6a8c6ba42cc1fd8fe16fd24bba6cb4227d79baea3a690b3e628398ce27a01a6166d6afd32bdb2a7a42e5909914d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\119091905c9ca6884323f07d4868a28aeb30a22f\index.txt

Filesize
81B

MD5
919eb694a933fc6892d48214f55e9859

SHA1
e6051ecdbc5dddd704b1333218ea83e234005f8c

SHA256
b0059cb11a6dad5fcd63599b790d5bfb8a68d6aa55dd806566d0eeb63b70820e

SHA512
b6829fdfb44c5b97b2f4732d0d0c99133f928de3c240ea50b500de950470e781d411812e4ed156a14996559cef225dc7394cdf985286029b35b1d28ad3e1bfb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\119091905c9ca6884323f07d4868a28aeb30a22f\index.txt~RFe56fc85.TMP

Filesize
87B

MD5
65a005c4b7f8ad2ddb3ef050c394b814

SHA1
afafe840222e62e2dea25aace23f72b306b1ce1a

SHA256
4fca9241051848d6c50f60a84fcaca75eedef47fe6c5d49262ab3062fb5e564c

SHA512
3479e48e3c613d6fd42523d8e2eb6837f8c3b4bf372a63e793aa1f6de749e9c49a6c824de98f8a67d62be88d121b257be85eabdd11053f7ee2d03362b413f5d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dd210d85a5b3774c2ac15f8da6c6340a

SHA1
12ca7da860fcdcb318ef48154e87406e2cbe8e55

SHA256
b40f5cd1c3819a223f762e970d62979f74412fd874ba81be40067c56d1381a91

SHA512
7a550e3442efc9fa5aad3a3b9e47e62b46f9e18f69667285151bc38ffe145fbf04600bf64e7d7a1783678e04633215cebd8f121df6d8e6224051fa2ca22d4fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56fa53.TMP

Filesize
48B

MD5
057ca708f0ac941bd8c1e7e85c4ca5f3

SHA1
f911591d7f9fd3e1e483c15bcfacac5dc430922e

SHA256
ea799d205513e6490f5331872b0c9721711dcff0f669900171e2431fa8f52cd2

SHA512
79a3da058609c946aecf825fb09fba1a27feee8583dd4c2f3351daa40c284db43101429f7cc55f651d612456435640fe67581b2191db9bdfec3310cda7e72f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f5fbf98de94e1c8dd39a9108cce266f9

SHA1
f7d657021f059dccc3c9f23152a3e53a9f61f152

SHA256
4feab6df19ab1c607dc4e6707a621b9610e54b0ff5ea210017b1d10d956057a7

SHA512
f04345d9cfb5cde7ae0bd334a7a2564ef791b8cf567547019374d635148062edcc08be6f78cb3a27c7c55cc52e60d369b0080f2e1b98611e4e145c5bacfe9296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
48bd42d8bcf211b7349b1c8184a5e1b7

SHA1
55e596e78b37b8e909a73fdc29953d31dec8386f

SHA256
9afb7cbcf8fb0f3ffb9f56ea215f3f592409eae13d2205aa3f3070b8ea1e5b12

SHA512
4a13b575bcde5335c7df7c055ffa579d4e17fa6625a6f835c820f78739ae0a10bc7f05452b1b6e8e74584c56433c1b8492bf56813706afe2f9be36de428c5f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5742a6.TMP

Filesize
1KB

MD5
acc5f89ae62d97f27132ea3067950216

SHA1
6cf12809994531ad1aaca20dd9e2973587351a9e

SHA256
7434b90f515d75df8d707f0a12b6f9eed2009bd5f5d27e41b60d922d8b4ce850

SHA512
e946c0539e762770035a23dcc4482e844094db8fd97627de7dadec9b8a9e974df8a141195d9e38aab78b0df8e56fbbb41d46d6b19378d7d675c7271986dac218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
8eff23777c99083cf52a87e5cbea559e

SHA1
bca18be09c813351097e09e6997ffcfd2678fe0f

SHA256
e3ccdb5830fe58c43fab4925579d109e6e79bfd60cda8bbf7f25aa90a415ad26

SHA512
943e1d1d4c879b3983f5a00c9d791b9de98abbcf90c54ab5caf4f7a172ec82cebf1d439e33701987c8f32f0c836f39300ccf568477bdfe293faa7ab0cfce0d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
df2c625722a73f5aeab198af850292da

SHA1
41e9ef8784d54f88086e1706a028bdaddf7e0ee3

SHA256
87e743e29156a440c35191cb06ef1af852ff0a5f4ad29d431a1420061313771c

SHA512
567328c5ab53cec85291a49801e3f08f77dbb9f1e79cc93dd6f307772219f5a906e5ae671319e1142f480ec11eb44e7016d881f33ab032c92a9b23b23d65eeb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zoxirjev.jkd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a7e9bc49589cedc80dd01d5663869525

SHA1
0a065466b0c7a4d286c7ea7500fdbc44c8ca8715

SHA256
cf2edeac0fec4ed32713e5c24332a58968f1cab84c7273fd1b324390ddf13497

SHA512
885cb3d9464e01eee7d9a63f10b4208d4c1f9715b77dc3c078149ae69351130f97e00d756755526649ff919b0e9764dba81f34260f6b7d7b4f9f3a842afe4216

Download Submit
memory/4680-143-0x00000240DA380000-0x00000240DA390000-memory.dmp

Filesize
64KB

Download
memory/4680-144-0x00000240DA380000-0x00000240DA390000-memory.dmp

Filesize
64KB

Download
memory/4680-142-0x00000240C1E60000-0x00000240C1E82000-memory.dmp

Filesize
136KB

Download
memory/4680-145-0x00000240DA380000-0x00000240DA390000-memory.dmp

Filesize
64KB

Download