hxxps://quickguidepro[.]com/au/ausreturn/

Analysis

max time kernel
449s
max time network
420s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2023 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://quickguidepro.com/au/ausreturn/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3876	msedge.exe
3876	msedge.exe
1152	msedge.exe
1152	msedge.exe
3024	identity_helper.exe
3024	identity_helper.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2628	1152	msedge.exe	70
PID 1152 wrote to memory of 2628	1152	msedge.exe	70
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3700	1152	msedge.exe	83
PID 1152 wrote to memory of 3876	1152	msedge.exe	84
PID 1152 wrote to memory of 3876	1152	msedge.exe	84
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85
PID 1152 wrote to memory of 2836	1152	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://quickguidepro.com/au/ausreturn/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf0646f8,0x7ffdcf064708,0x7ffdcf064718
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13624071801227440708,14493668873938598926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
29KB

MD5
285dddb67ac50620e2a57cd3263cfc7f

SHA1
779821bc746b8ed249a094d90e9da840a6a993c0

SHA256
5f8afb967368cfcfac471e6eb7320aac9aeb591bcfb9d956e3c65d7d6da7917e

SHA512
81a02536fb8b8c8caebfc5f905c876aec09401f5b0e6a6c737ff7d88439ad44a320a65ca7b098287298dd0ca9a052506128c31455eb72cff99e16831621257c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
181KB

MD5
4c75aa07dd23352ee1225b5a64cc6b59

SHA1
387c73c282f9b15d8f62b2c9d830945772c88c7a

SHA256
edeab1e3b20750bb1c0d394b111109c0c7ab74d34117d16ee1487cc1cb8c23fc

SHA512
a0e185b33114a19e6ace4b7f6af1983c45b124ecf4ce82f92ff832ad9a57ae895798ccd4473a46b9fd530831482b3ec3dc729b10c2c85095a54a6834c563d86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
8bbde11b84b6b9b1489f37d2af93994b

SHA1
2e583c4edd3f9db9acbc2f1f99ac038c6ebe0490

SHA256
69043fa374daa918b9e6d743e47749fbbfdec45c5da8fc25c01537233ef65b4f

SHA512
36a1968137f97fbb991c98dd1977fe49d49bdaae466d41ffa65cb4d28c948755b2df4b4c3b918b93d205a64a9ae764563dce28a2ffddb7fa7c2aba0b1a871120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
38efa384c904b33be519188d7157aff6

SHA1
b5929ad7f3a42e65338ca9f0dec7ecf2fec50771

SHA256
724b17458800320ba76a0bae61a85572236ff5ef5a06e2b680688ae159392b34

SHA512
39e9e4e5e5fadf14c189fc66bf0348724a0751507c3ace0041812d06c110b6ab49ab2718393880c89b6d502708ad366a7f2ecc2dfbbb273a36e3619d23c2b872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e1cc3b61cf8bab0bea35f7033c01a99d

SHA1
51d280a5a5adcd3777a8183c5803e0d60377dea7

SHA256
040c8f4ac64447e8ae7ac8ab5f01a04bd4838c74a26c990b15ad93bbebd0c974

SHA512
9509ba93b578d43285be19eacbfd4195d5c1a6c5d169d027a840a0cfe44cedca5c928c1ca5c5a71101b761091366957d8c878d14131ad0642d33f0ead8c43fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9ad2628c72ebee577812e9b6edef11ef

SHA1
8d0a61535db33a4427701bda4ab2c2f9330666dc

SHA256
84f4f1938957555ec0d46f2362eb84b27ccaa9982a7f25f553379b66290fbdf7

SHA512
d9e36abdb5fefdf0b0f84b0135b62e741aa5452c0ae53c81a19a35482d1d64bb1cd389d3db269b9a4735c8b79ae64c8213d50af7fc16d934e04aab4ee47d989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
090300706d51e31eae4f6d0552ec6c10

SHA1
22ec7020321f609d02a29c83927b5cbb2e1b19cd

SHA256
ca38f7cc435bdb2d1a1f855ea10d56342ff01c98ff52212a6006a3a10b061c53

SHA512
64c1131516b3389027f9f6b151e9678e1c869c9f092f7b35000b4ac408e7d5482ee3575d2acb2df0dccf2523fad3f5e427bd268144f56c7cea403b42cf57b7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5000f122191aa08b90193d6d6e8ecf16

SHA1
baa3bc74ed30fc30e07e0cd6fc28cbcacb00c4f8

SHA256
1d419d8741e347c124eb496db7d7f46644186e7dbacdd7700e30918c79818a70

SHA512
4071bbe5733d661fb55a699b8e7098e12eba5aaab0bff94f9e72740b4fd3be9104ae3eb63f043e07d53319776f7773e92db04bbf254a2e381696eab063fe87cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7318530dc77638116fa3fcfc8738daf4

SHA1
6cb3b5b7ad54f94acae12e57cb7c76904d19b5b6

SHA256
966abc54b35f81c32bc0892780203a3c9978acb9143fbcffe49448b52ccc0b95

SHA512
1a2442c964dac6f2bd6808a5e98306ab14aa10e2fde80f5df38adebe2d210824910f9dfdcabc7c711ab79d49e6198471ec50d64119fe8085c9109a4b7db25024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c42f50eb8bcfe3c617e0b583fcd7f93

SHA1
282ef7fa49cf6fd69ceb163f9bfc8838b1178884

SHA256
f3b79dec9e34f61824e32254685299eb73d0c8b206f38d37f867a93e7d63712f

SHA512
6a56ea4401beba712c526ea354d394a22f312bbc9b487bd6e16c7e26e0edf9d6f50f187aed46f55f6e2b9b71463b63e5292ead5835fe9c93a753b5b7f395c668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6181d477aa4b9cfe02eb743d69e62e2

SHA1
b5379395042c5154712dfa37ca4cf3d7d9973d8c

SHA256
9aa85c4200353a2e324c41b453578046b3b8814ee5037c3b2c866f60043e279f

SHA512
93eb06ff6c8a2369b4495a10985b39c56d1b542309268d65d124cefeb3e9db4a5879b7d3163e1d3f6186a849e72e852db051a32df1dac9d718ca7838830066c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ad0e43158429fe4e1fa3d74ff9700ea4

SHA1
9b2941f5b280a00df5b2e5bffe44cb43e1387645

SHA256
a5c51767d399bfc98b443dc3acc97695295d2e039d0be53f0713f7e0e6b6f3e2

SHA512
1d0b04caae4a4660a3dd4437946b903afb9a7c8864501ce493b1c9a58b56d2f71ca3f41977bdd3a204cfed824fc4166fb0e68a33fbc10ff9a176ce0c8305be7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
eceb857f0df5d36dedd47a58de5987c1

SHA1
2580ec3a3db2873921412cb8861e9de71d2fce9f

SHA256
29b74580081adf93a5c677c5f8b9dd34d156ffe889cd56d7534f161b4d7c8bd3

SHA512
2c4e67d3cb057053abe064c11eb7ba245140fc081013a32f15feba8600e1b22baf181f21494074a65e5a0c7301995af3028253217ec77380b391df69d97d84ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a01e9b285169db155d225f5a8f74d57

SHA1
9b7590abddfa813d5c7af8fa3a59cf9b418be7a6

SHA256
14d802a575183ac65403ffaf123e27ae9861ea8807531132eb0749cff7406bd6

SHA512
efb2c80098ba2ceed58c2b2271afb08d683e157c1365a6c9edbe1845b52b1d180b03efde008c5b74e1e0ac2276a07c913598a4d01aed6cc9b3144b449bc7afc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
96f00bbd6a174879c58220f95f0115f5

SHA1
d3d7f82b0bf27daf1b3903bfe050c2d05422050f

SHA256
644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

SHA512
e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
568ef090bb85d5d1f500436162e53728

SHA1
b6a92f3ed5dff5b831cd9f8419216ad06a6a13f8

SHA256
ad45607d56aa19254349670013c4a8385ade55b9b072e66082afee0bc9bf86d9

SHA512
e0159f8260d01ab766b683b4a00f5428135656b8f64468e78debf6385750fc8115033d6a989a191b541ae7c830511de0d4d348cb334231c3664caac770ed3906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
4168da39923c06eed852764103383b2e

SHA1
784a69c63ad8d0dee53e8dfd5bcc25b9a830a1cd

SHA256
ed43116de34673ae26d624fe8859ef32faf3653cb35d2d3a9d6a8ccc151cd711

SHA512
cc21c21aaaaf25dca0b4ec6ab976ac3c0f7d8695339dcb03843888c4662ee4b523ae66ccc66146f63caafb3f652be80cb823aa78eccb35ef00e62a80505f0289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
dbe694add5a385b9bae0e7f9ef14a00c

SHA1
402fae2638a479c77ccc4e3a1c18b0c40c24d2aa

SHA256
643553a58f90d32c1c5f7d7f5a4a446af3bc9b83698b9b0427e7e6e189446a0c

SHA512
0758bdbaeac0211336c1ab3ec874e8ea7fdab27250aa2de402ca4ca63567eda2b8a58d8f566507cfddf034ef44b6c6b710aaf01ec89a1b646ce691a9473a1633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596c6c.TMP

Filesize
203B

MD5
e6fae8b755c9fb2a1e34844b0076c06d

SHA1
0798dc83cdd36c2eece7de45cd3ef1eb0b0533c7

SHA256
72a2aa9fd719785cd6c8e9110461dcb8d9d5c5c4a6dc8d0b9a940f08da9a60d9

SHA512
893252cae290322a078eef569145316fb41faea2ff10b6fce17d641927aacedfff7550c95c674e7677d70ad8ea1dbb1e93307fc669ed6f8f9df2683013d3ef55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
231718988ad8b82065ebc110046b3504

SHA1
ac080929b611f50bcf1df38ced335bb2e8892aea

SHA256
fa29f66fd51eebe8dab368c047a1383267d36147cf654b10f52b3d3360dac7e7

SHA512
b19fc5c28428aedc85ba790df19c1f4877bea90e5c8d6534d52bd39146b6e1141d15e9ecca51fee5e4eba4b6cd876250e760570f3065941853bb20c84ad17e96

Download Submit