hxxp://qbdt-app[.]meliopayments[.]com/vendors/debit-card-details/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9[.]eyJhY3Rpb25zIjpbImFkZERlYml0Q2FyZFRvVmVuZG9yIl0sImV4cGlyZWQiOiI0ZCIsInBheW1lbnRJZCI6IjMwODA2MzMyIiwidXNlcklkIjoxODYzNDg0LCJvcmdJZCI6MjA0MzU2OCwidmVuZG9ySWQiOjM3NzY5NDQzLCJwYXllckNvbXBhbnlOYW1lIjoiU1VERUsgVVNBIElOQy4iLCJpYXQiOjE3MDAyMjk0NDksImV4cCI6MTcwMDU3NTA0OX0[.]XQWpMntkKKrMlAlfZQp2uhP7WuX62KqfJMsbLcY6mlk?30806332/mgiO/JmGxAQ/AQ/a4506cc1-8fd6-4f1a-ae7b-315d347105dd/2/wS0EuItc_Y

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2023 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://qbdt-app.meliopayments.com/vendors/debit-card-details/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY3Rpb25zIjpbImFkZERlYml0Q2FyZFRvVmVuZG9yIl0sImV4cGlyZWQiOiI0ZCIsInBheW1lbnRJZCI6IjMwODA2MzMyIiwidXNlcklkIjoxODYzNDg0LCJvcmdJZCI6MjA0MzU2OCwidmVuZG9ySWQiOjM3NzY5NDQzLCJwYXllckNvbXBhbnlOYW1lIjoiU1VERUsgVVNBIElOQy4iLCJpYXQiOjE3MDAyMjk0NDksImV4cCI6MTcwMDU3NTA0OX0.XQWpMntkKKrMlAlfZQp2uhP7WuX62KqfJMsbLcY6mlk?30806332/mgiO/JmGxAQ/AQ/a4506cc1-8fd6-4f1a-ae7b-315d347105dd/2/wS0EuItc_Y

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-177160434-2093019976-369403398-1000\{37EC7F53-8C10-430B-9310-70158CE21D73}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1824	msedge.exe
1824	msedge.exe
1992	msedge.exe
1992	msedge.exe
416	identity_helper.exe
416	identity_helper.exe
5412	msedge.exe
5412	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1220	1992	msedge.exe	73
PID 1992 wrote to memory of 1220	1992	msedge.exe	73
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 180	1992	msedge.exe	89
PID 1992 wrote to memory of 1824	1992	msedge.exe	88
PID 1992 wrote to memory of 1824	1992	msedge.exe	88
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90
PID 1992 wrote to memory of 4328	1992	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://qbdt-app.meliopayments.com/vendors/debit-card-details/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY3Rpb25zIjpbImFkZERlYml0Q2FyZFRvVmVuZG9yIl0sImV4cGlyZWQiOiI0ZCIsInBheW1lbnRJZCI6IjMwODA2MzMyIiwidXNlcklkIjoxODYzNDg0LCJvcmdJZCI6MjA0MzU2OCwidmVuZG9ySWQiOjM3NzY5NDQzLCJwYXllckNvbXBhbnlOYW1lIjoiU1VERUsgVVNBIElOQy4iLCJpYXQiOjE3MDAyMjk0NDksImV4cCI6MTcwMDU3NTA0OX0.XQWpMntkKKrMlAlfZQp2uhP7WuX62KqfJMsbLcY6mlk?30806332/mgiO/JmGxAQ/AQ/a4506cc1-8fd6-4f1a-ae7b-315d347105dd/2/wS0EuItc_Y
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9a2846f8,0x7ffa9a284708,0x7ffa9a284718
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4420114090893153324,16858624373209131875,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c8148b4e023a5bceefbc59a18bae26be

SHA1
f06ce03c97aa44f35c2f7bd0fceb84c04fde4565

SHA256
6675019fdcdc750e4f9fda467a605b5457388851685116f0b1c935b8c4ab1ea8

SHA512
50349d55430b41c08132f788afaa6c64cc76ac90c3496bc069c20bafd94ecb19e0edb52f226eadf560031b446060db98bb4a31bca3521f20b6cea0cdb686f624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
878b6a489d9f493af186b5d2e4d4ff0f

SHA1
3ecee70b6ce50c59febf7dccfdd34742a3538967

SHA256
6b5c1a4bd5dea233497fc2c2128a9866676f81637586e161d01f9f1d7d855de0

SHA512
a25ec92acfe217a3f31f82cf1d297a230a8c274fbd730dc70b78d59ff821cd1f96b9a835e2d94ec5d8d2f7af839ca4805f76412b3dbc75ab361cd3461aef8b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
29cd240e3532093a7a543a6eae6e8721

SHA1
3408198a2eca5d7ecc2d91a289a326e79f1c00d9

SHA256
94d953eae20fc3af9f815bb20760a4e6b628bdfdaa0efbe00256cd55f9a041ac

SHA512
11ce8b9989abaa8b7472abcb8a5741316b4e0d9e908fd1fdc6899ca0cb18d73683137d77ecd191618e74d176c20781ed0b98ec7421e76ff4fbbed24626e52472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
181196571478e6afcb6d8a62d2be84a2

SHA1
f05bda24975eb4683cd2acffab4afb8447705f0c

SHA256
77b936d2815dd89c00a4af8fb933e3f6af94aa8e47dabeade59f07619c9cf59c

SHA512
80cb771e6cbb7ffa5aa9a53c1bfbb14c3bfd8687a5208ed7f030a5d9e086126bbb6ae2b48f60b47340709bb35aa909e8ca2319d54ad2f6b2f49c435cb05ba4d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e6ef53f4d208a884e0a0556e101498e5

SHA1
689195eb061adc5dd55fb2f89f7e98a106e86fa1

SHA256
4f9d820b746f99b97fbacdd54decf0b6dcb8aee606290604b0c42e0a0fd85472

SHA512
bb6c9c7257ae7c28a8370196cb505cc9164d4200c04e050d269df11aef577b8cec4fe7c9b373bd4a5535b47955c5e631d4c05097f01f8206442d1c170a9514f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eb84fb605ac694ff9d7667c8deadaf09

SHA1
f99831b621a8679e770d36367db90169ef99be89

SHA256
eb4ba17ca8d9163edc5743c3b7b6795347e2b123767cf4b0efa879517bafb0c7

SHA512
b02482339d01ab85a355b051bdc550e4c106f9578d014ac5f2a799afe21c007ebcb9e2a9a4867ea8806875abef0d664ab9589257b4f8a325ce2b4859ca7705e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d034a4249d3a5ea9a0107915412ea179

SHA1
8df355fb2c05fbdddda164448f776ce4ef7b1204

SHA256
d522aabc6e8f2ee62d5f456823a4fbe6bd8ef251af2ce626bdb469eee63740ab

SHA512
40132cc264e5d40514a743d608cf4b10baf7fc0c93280729b5894684874b58e7e429f96d3ab8aee994743e2181e86010d82ab49fb8e24cf8216775b759042601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9bb26bb60c8d1977e2d1d7d1ecf86123

SHA1
bc22e80c48dbf126cc3c8a5fc682e6eef92bb162

SHA256
450bcc18687218e61c9db8e0999068f1c03ec6eb70a20eaaa9b2f09bed9505ee

SHA512
9483257e1a4a0950c8e0250c60d2e6b28543f5b8d917c8e74f371895595b43a77b4f75e9fdce1ed7682b8238fb4e13367db50f22eea626bc376345839607e090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5a75b409d29ff650356345804595ead7

SHA1
f40802976f36818e1b2dff64f05c3e7627dfaf18

SHA256
f77fe8ba0d1bd1d36c3327bf482fd281836d76a0c39083cfebbdbdeff13122fc

SHA512
f840c51f6943ac370b5d1e9f3a656ebfad70a584c94bcdb242a3f9200eb56f8697b8e6da0ac21f16b65794d258dbc5484c382c324fc90f58c1ccea51d98e5e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f0fbe9e791fea493ee7387f09d6e9572

SHA1
843e76f8eac118f0766a894e7d521cc5ad4788bb

SHA256
a9fce83c95d922ca96588c0354d0c142c18931136a6d41373e36781b98fbae5d

SHA512
ece50bd5edc7ea3478f462ec235c91f40c8db031611059a6088e2d74ebeb60a7cfb4dd48fcd025eac83eb0d28b1a655b577f16eadf96844ec298cf1c6f89cba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9946925c92733650b67aff83b43d44f9

SHA1
8294b26c4860668555ee4638a1e004e7a390f306

SHA256
b131d091885e96acefe52db8b9c8aadcc60ffeab7ec2ccb1a9bf27d561e34d9e

SHA512
1f495a3fbdc773b1708d6b86856b69043e23599d72b2f225a838038ac522375731a3cce6b8de08ecc73cd0b1fd1fd582e83ad43538544b81f73ce862074fd9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
37b17112d809ca2d8e4f3d3705db92f5

SHA1
605374e7f5f7f48f7d6048000fdfca1f345ccc57

SHA256
2b26bce98cd463083f794ef5773545944d02348fc68b1f2a960de62b83e67527

SHA512
0e6e7d32afcdc0ec06d05e17f5e0ff7d487b73def5a18a2a987e55200dfb69c37aa7daa158f4458bd1e360f218c6610d85c268ca31a85c6a14a117447fbbe1c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
36e944cbac175666d1e87166f4cc4695

SHA1
0f235753af32e9f249359a15ea1e7586b499ebfa

SHA256
edb35a66611fe70fe6ede552e70af252b33ba29f9b3954d84ab87c85cd03207c

SHA512
3ae30b5308f51a33d53a96af65c6c4a969d448aeee12a4f41862f5ad8f42421e07fa37024fabdbb75f400e95c960d03195d1a5a2f56691fca9fd88aedbd1490a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c10795b41c04980b9834632ea5446029

SHA1
3a9089a1c483b5b32184f2b07f0515aa5f93e5e9

SHA256
aae6d006daec96d2a46086a14205032b1066898584c1e62ef388fb989bb2351c

SHA512
89c07107b78da056543b509008dac00b8c5680798b3edaea52e49de43bd09516a3de8d11d532954f00826c4aa93c4c6b4d798ab11c892a30918c0f469b465bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f0b9.TMP

Filesize
1KB

MD5
afce746bf2749c19044ac48092fd64d5

SHA1
f839b37c8d4e43a4f04872de0375d3b92153ad4d

SHA256
c28478b589fd67d467085927aa78c7a0cc6b04d33a010340c0d036c46e3438d0

SHA512
4f344e40d17e59a7d46b92f8dcdc52667cd2d059568e2e6a0fa799289ab6785189f775feb095ed01b5fae465ff438e5e240b2766b580d001f3d417d06e228850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f4fd9400a4a712d647edb3377971fde9

SHA1
460575cd4a477894f812538bf14c1ed754faa64c

SHA256
40749297860600e0cc560c965e986af2a282ab56ff142b847e04ee744b21a9e1

SHA512
a2a2af5114ca3d23e928145c2f09dab12b2ca597d578f1112c81779b5804ff117456cd83db03e1b936d0df815a3e914f41f12f822903a43da97eb92941a1261d

Download Submit