hxxps://beast-pure[.]com

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2023 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://beast-pure.com

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1848	msedge.exe
1848	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
868	identity_helper.exe
868	identity_helper.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1708 wrote to memory of 2512	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 2512	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 5080	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 1848	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 1848	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe
PID 1708 wrote to memory of 4996	1708	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://beast-pure.com
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9294246f8,0x7ff929424708,0x7ff929424718
2⤵
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
2⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
2⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:2496

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
2⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
2⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
2⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1
2⤵
PID:2816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
2⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
2⤵
PID:804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15414318108347239311,11357357203280699043,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5992 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055
Filesize
95KB

MD5
7b2b29d1f415b58966e04c9c5ff0181e

SHA1
38cfda95edde7dd995771ab7f2119c07e3e99d6e

SHA256
1684fe21a945726c80129b3811e96ba2e547d81a02dfa8978c0d63889cd82063

SHA512
f8030b9e9909c26cb93ba08db173971eba5ace943d904e7fc0130b66bcd31a71dc68722cf80aa15a0f6c804a8f45fbc546e0b79fa0f23c992bf4a7a785866b9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
Filesize
74KB

MD5
a4618cb4837ace59d6e796c6375344df

SHA1
be7c1789ab600623f0ecd468a89aeb852f002ea2

SHA256
c0e1bed7a1ae97342732651c422512f10d708f1722f1c683ebf33247d5a0414d

SHA512
c3c026aa68d77453dbf98b09f3c57f111dfd5ebe9f96028a9ac2ad28097ede8b86338c639c9d31a82baf3cbf2da307c03fee61da8c9bae279e3c80cf25f04892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
a1f924df9412817b17270bae8ebbc03e

SHA1
036f8b137a0d8be692e6373c770478ebff96bfcb

SHA256
951e7f932d432d36a4bc47f932631b1222e032e47baf1a14058b4829fac906be

SHA512
90d7f651cfbce1d34b1c650c9894f9fbd3d42d5a5b8322ca77a74502faa2063885c720e6264548696d00b0b8c2d027565401b9eff8a1c5fa20a612552dd019b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
912B

MD5
141a64f9958703508ea2ddddee837866

SHA1
43fefde84c2d526eed8ea81a97efe642a062f058

SHA256
61aff2de4337d1d29f74f71f2e8f4e9664678b9b62a70ef0e0a95c7958b6f4b4

SHA512
eaad5d726f489e9ddb1d48c7f9978fa01c678f628c3821278b10c67ba175f937ab4896a536432ad9567d33fb6757e340cc9ca4b17c33204cf0e4d1f6f621d2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
c05c1e1c0aaacf858664434c73c0a918

SHA1
43c86678006371a5f77c943e8bc38759f098f201

SHA256
58ab26d8b19f3cea9e30458011d6cff7e979f66425e6539c58e7b5a83e4021fe

SHA512
4f3966da5608f9cfe538030edb3154ceade7bc6cb13d6af49af7acea8834437ad1753a1f04d815bc6eaf72c33f56a29518d7a2b789c1909d6a4acee3b2e5582f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
6a9ab79f61543fbd929e144f2058c394

SHA1
a8a2050ca4457cf1428b97a8af39897abd67b6f9

SHA256
0fc9b12eb3d08e18b2932b8522af2c8ce9857a7c20d616f7c81922d8c710c6f4

SHA512
81adc1d7d10c8c2806dd2d846c4462efc7614fec8a6b5402a6512ebba3dea216b852c3985bb654a06cc8bb346b10e4f25107e50060aa906700c0131ffc0b6230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
5fc07faaad50098d9c6487baed6309bc

SHA1
ee0391f679609e57d8a945a8e950023a35597460

SHA256
f75ac4ffbf8689ea3791de739d8ea5708480782e862fd0f7ceeab06020a466a0

SHA512
00c9f3508b3f38562c81e8e5039e1649870a21edae9b2c88e6b2c53e4253319c8305859bb4be2dd02793ed042a862e144e35dcb0c5eca954fca6e2bee5c22e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a94e5604d5cc52f0b5f1e2fe23ecbc29

SHA1
623bfd92e679475db2fddd3b810e97baa7dd0938

SHA256
bb7b66715c62f5a793434c638255ebf02b295da6327aaea76c72667f4ff1fb04

SHA512
fe7a2af5892d055a56bc8b38da78b4a6d4328b57d9f7d65c1b3b62f3e4f97d9f4df2693d82ea624efa4564f2cfe0987e5b9dca10e618e5f48872274d06e20be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
db1ccc7197fd4deadea2e1d4ed2242e5

SHA1
e52c4ea0ce5dc7e478e1f6823dfb1b82c2bbd062

SHA256
674fd0e4d06105a42daccf0adea4e14e179267efb5bd08abbb01281dfc78f18d

SHA512
8e56c42bb434a6c3abd1989ed0440ec1b10ffca054633b072c58b8b0855429cc518dcbab10ba85af57b4ec4bda54c2286b55a2e16d2f4dae7918b2e56806740d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
9b03f954a15c723d5387a6914e19ae8b

SHA1
7c6ed82be5b65e6dff89428412b20826c63ecaae

SHA256
fedb96dab576fd2f9c9dd2f9946e9e70773104d14b2a5fe540c3d51ec35607bf

SHA512
a4afdb3bff2ba2ab3622f11c67dc6f3cc5b43071cbabf7b88ef99925b08f76c0721b6e91cb218050a577c68f12c71035020d88a2896ad62d83b4b7a81140837c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
ed9c2ee9da94e9b9836df5468b8d75a0

SHA1
1699921cbf451553240e9bc359cfd029df4162ad

SHA256
98231661cf7ac57dbeab6dece6f50c75fa1ba7d075df27751fc7ffd9241d78f8

SHA512
21615023d993b09a458257fc6183b8efb214983fcbf2d2303c7872bf4031a42eddf46d83c1b3c443fb2eba7a1bf9f1efa4db2cbb213d71c78b0f53375f7ffadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\75f54ad4aa3b57dad63a6d19e677ca5d1e4f3bef\index.txt
Filesize
88B

MD5
fc36b3235b22efc1be710ae2d113e25d

SHA1
9f7640df93a7ad671f24e5463e2487c376443286

SHA256
bc16617dafced16cc045646a54b113e08db6d8610559b16380470891dc196ac3

SHA512
d497b7832e09dadfb900b4470cbb178031fda1fcb1a0ce36c01796c883e02f58da01e6b2aa679346972b8b53af6e7e2f8517434152949da79cccf493ed9c137e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\75f54ad4aa3b57dad63a6d19e677ca5d1e4f3bef\index.txt
Filesize
81B

MD5
9ecbdc957b7409655053fe07aabecfab

SHA1
2213cc68697723fbd7b43868cb346297b632dd07

SHA256
63d4ce485caa1986ee1e3e21fd389e147a5ea7fe798e9d00a18d293355a03e6c

SHA512
1c28a5d321a6039255ec5548ddbd73aff3436479244190c1ba29d7bbd33a437ec9f76b708ed396d2b940c720d5a98aa795726a91a266a1ed7b8473c8b7a87785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
15cb4565ddac3f7bf3907f9d1b45e9f6

SHA1
4373471a34a71328feefd34d80777d52fcc35757

SHA256
44c7c422938d06544d010c5fcf9642b6a79269a832c8171643bcab7c15d9c679

SHA512
823cc6027aeab45962c7fa5a26668fb507fc834f31a13592ab0ec2260552c43c353ba45e0d2737ed375a54b67fc03cd42a21aa78b8dc2a46dbb9bb58e6f50ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
3389449f1ebf99c468e210af74cccbcb

SHA1
80d102cda87df91203a4e428f2b3e13be61e6336

SHA256
c9f3471f397277ca0c4cff48b370680765f1a1d81e366336c14504931323901b

SHA512
cc5368e493b36f80909370465deebf4efee133171a47e9f8f76e45520c1b8515972fe67cf3436ebe8e64d6bb680efc49a4f1565e3f07fabcd09e7ead1e1537c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d40f1ecce5939f3ae01713c759353eb8

SHA1
a9dd510258c5546bf45755cb0c2c3405b981af17

SHA256
d8079e4b94f72401ec49bbf29329f65929d0bef9f635b340f1b1dfa05f904b7d

SHA512
4de1c9c3d52549c1e7c08c9ecd6ab712eed2e43945746c6760e582876752d1263bd70d03c4d43446ed94dc24a1570c1ac6901fd323fe5c9fc31333e734794982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
4f7016767881e404bfae5b6dd45c7847

SHA1
a76f774cf54995de446e9d125afa0573e76f2be9

SHA256
90d316e02bdf096165d7b48ff0234b254b76b68e43e68c272e3e90c7b25bdc31

SHA512
e7e2d53275dc29aadc8cf8ea64b461c045f5b8612f4372df06c41f9ef7572dd367873e20cd18356e57ff6313907c453a7793c758ef907be465ea9cefc2729650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d8e7e4a8e8f59a7d640b01b0f4f1b123

SHA1
961325626a96664a7908ba57a3bd9559105bb652

SHA256
62fc4abf098a049dd9ccea522fa9dc450c86ce0e512bad1dc376063d7f28ff28

SHA512
a0f5e4449ae150d496c3f87ad3a7b1631646b1244350b3eceecbcd485944d04f12fc7e5f038b2c2658127b6e73fce0a83494fd7e5da200c8c422c6e7c3e3e81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9cf01b4a356d0ca16eacb08a29ab4226

SHA1
461f270bab42967af6273b4415a6a2f537963233

SHA256
6a7e5bf9a6303bd4dff9e4e4c5187992ebb44125228fbb5ba773aea56146288d

SHA512
cb5df4f684e9268613640b3ccb56c9ae5570c4666c5240d8aeb1a008d661c3b984a780be250893d246a43fbb47599585d9f5c1967d22ef00d183146a7a690e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
53f14fbb6c736a5ccce4b770216fc136

SHA1
3472a4976962bc990cf57f3a8ccf33a048305540

SHA256
d4dc6400dc9942e98900aefefbdc5a7351b5d87ded33594c33e943f75aa06bc9

SHA512
7bc16ae831ffa8f86960a9a5772245e42117fc04966ad5b2315f57b529796c90ee85f02351411854ad7f978ca30abaf212d0bef099498319d5c9444a5ea48edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b467.TMP
Filesize
204B

MD5
ece3f0060622463f42fbc9c159b1e3df

SHA1
678f18ffa1b3e57804509c98b5929c4a855cea46

SHA256
e2014c40730b433ed2ab02e37f90f773c66b4eac41b5ede31096ac5d14c39e69

SHA512
4a33f6b9c8d8176376808650747fa94d30378ff66e55517cefca64d5577e2a2bc9a87fed973d3136c884b051dcf57eaa2c147d85fa5c713937b88deb827d2cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
22f1efd1a91ac84c89696aa3e7bb70ae

SHA1
ed49f63aa32df7486c65f5269b3667c4a6d0c7aa

SHA256
e7ab407aaa0591f06f43be6b2ef46326f31bdaaaf86f04e5fd7690cdec78ad10

SHA512
285b920710eee616c450be27eb1e7e6f4ccacded9ab7491efbcdbf89b8a6bc73cd6bf82ded58407a697a7e16d5a71ad417cf36f2ca09b43858d3061493e9fe17

Download Submit
\??\pipe\LOCAL\crashpad_1708_RKMWCJJVBXTRRGYM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit