hxxp://chaosracer[.]io/assets/php-back/download[.]php

Analysis

max time kernel
1162s
max time network
1163s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2023 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://chaosracer.io/assets/php-back/download.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4868	msedge.exe
4868	msedge.exe
2676	msedge.exe
2676	msedge.exe
3428	identity_helper.exe
3428	identity_helper.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious behavior: LoadsDriver 10 IoCs

Processes:

pid

4
4
4
4
4
648
4
4
4
4

pid
4
4
4
4
4
648
4
4
4
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2676 wrote to memory of 920	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 920	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 2956	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 4868	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 4868	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe
PID 2676 wrote to memory of 3700	2676	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://chaosracer.io/assets/php-back/download.php
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82a6d46f8,0x7ff82a6d4708,0x7ff82a6d4718
2⤵
PID:920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:2956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
2⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
2⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
2⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
2⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
2⤵
PID:3816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
2⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
2⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
2⤵
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
2⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1340 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
2⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9173044865660100960,3255202666776869482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1080 /prefetch:1
2⤵
PID:2692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58a9ee207caef8b6881b10e37b4cbc97

SHA1
fa5f0c8626915f39161abb48df2212a79c9c6abb

SHA256
fa60e147e18bd39cb6ce21d725ef37a2072d1d682547d9f7393d3f99e63711f4

SHA512
dd20d10299a8c628c74adb51239c3869a01a731e42946f0039c9138c03524d8c8a940716226f10aab0b0c7aa230195a27e91aea54eed611c6e5dc9f02fa90355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
78076db93ee9d47be8b4be03c7b3eef5

SHA1
97f2cd20f28fa0079be479bce64645b20b4359b6

SHA256
918baaabbb8fe772f102ee43abe4b929d216fd2b2bef8d841439e19ff4e92035

SHA512
f9a1c77502be52f7577c73cd66ff4a4c435fa2929ac1de0d7e307b0e4da7f28edb2cb608724a538a7c55c02815abba29a5fcbfe5d7d8a0a566b69ce02213ca0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7bf6646c12c81fcf904b9057ad58c5f3

SHA1
056ae2170e739b1fcdb92f437e129a50742bc413

SHA256
492222561146740e6d160fb46b6ecf466dcdd960fdfd08a11da04bf6030889d4

SHA512
f95271f82c737b4028f44219b0c48156428ce43edc0f84a3bda86fa5ee1e89ee71effad5a82fcedeb865e06da76b38c04d8f93b79315f4dc2a50d9761ef37388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
30c199b67fbf6478a60627df36dccfa9

SHA1
6fb62d82c7321cc0926f2211451770aea95cb562

SHA256
7f15ee640ad3239917f91d2255eb764dfede74b43be4656dd1abd62e2712a235

SHA512
7d3315efabd9757cf97605b2e9119643fcc653cbac79000a80edfcc16144bc703e4f834e2f27e04d54e31937e69c556292bcff87aa724476be71bbcaf02bf8dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7973dd680ceff0b8536d2ac6353b66a4

SHA1
09c0ee872fce54694915aaf4c68b2c6fa44e3ac6

SHA256
25eb81cc4d2e07d24ba35fd2574d6da1b4d0f5be2c32e20f6bd3fd9c8de05847

SHA512
58c8335c83687387556f60b28d1020636f5102d7f7ef5c6c9e2688416953b56e1b1fde7df444b93b35a4e84d3d1aacbfce3ff3be254a51720872e1ac8c15f59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
398607c36439577ac560ab2c9006ae9d

SHA1
e6780ae90d298e0bb5291a9dbb1378f68c466dca

SHA256
a6eea133058b6be3df9b6ee53ed7963f0e10b984339a6e5686579e2c0a097491

SHA512
6333a3fc98209a319e3b770ed4a37f7efcad285a4b8ff1e73ef7aa221b396734e86e485253b3f8bcd1b8dcc0ecf452b1cd6deff539ba5ba96d83499aca342930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
4597380f40d064073d035b7a91dcd3df

SHA1
022c260088918405c39b0f5d4fec2785ec886cb0

SHA256
86a2f7a7e056f7a90adb2074e7dcd45562d5602aff364bbdeb5682f11db55f80

SHA512
671ad404e44fe2f2baa6fc327ec2b8105f284007264833a0f2d3e5c2b9db54526416b479d640e20123ad8b7634176a32f648a502f610806be026ea4be23229ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
32bfd8ad979b5125b28ae17278072b2b

SHA1
c5edabae172068d37ca8272f4b6d4f51a6277ac5

SHA256
192ea7608c88cb8e8e22ee44e44e1238646044d835428ae8ea3eb43edc20b499

SHA512
3193bd7e0ddd1a0d87c242897baf303562715c0a7baf2ee35496fb41c7ec595fe66181e4faf9f8004aeab1ef7148ee8443bceae5120aa01278d4bc186ed92d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
6be6a78408dbea4836daf978f163f657

SHA1
6b61c13b271c00726c49256ef496b7cb6312feac

SHA256
1ea9e86144a45a257de173d40cec45bcd758b08c4d1d6d083d8f78086d857873

SHA512
51dafbf99a4525f17cac5d3e2dcce27f90598610542ee9cbf76dd4f0c103be81ec6271e74459e9e9b31839865b642bbc96a6dc2ac8b3c439f26d0ab776d1c367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
7bacf022ddc391ba57fe214a194d49a1

SHA1
44a9ff29e6354a382b876de1f2e1c2e9e4380ea3

SHA256
bafd1858b8b86f0ebffa7c4b5e53b335d03c5c277bacff1e5212545d98e801f5

SHA512
0494903b4dd6d0f38a9505cc758ad4c49560341cab71abc2d6622d99a1d8bb66a89eddb1e89852ea0fb0c2462e9b7b82ccbb58b7a15f73d063340e318e8d4dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
141610a54e542398cb67912fb1af74d9

SHA1
cfb413cb37b0445e01473b80eb46e33336a65ffb

SHA256
43146cae2fa0ada6205d6174f923f29e899d911607d891144979ef2640a42458

SHA512
97eb671de846b9e1af990f0a3e845be601d62d53bab223189b49b16d8c2fb1858ba3228bb48281af6190d9b1ada5c437353942b69af371cbc9365a5cfa93b0e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d3c3209185ee0d8cd57cdebbf3de11dc

SHA1
07a9b970dcb4470f07f7c4b18c114cd40ff1a441

SHA256
9262c718e764fa7e6f1dcc656023db33c760393a6df91acae28798df28943322

SHA512
91fc2faf74aa48953f409297649ed39c9140ad504b39ed41261643191192ba7ca1bbe3e161a9735792c4284ea6291350d3e3cd24322358afdca5109c8498d99b

Download Submit
\??\pipe\LOCAL\crashpad_2676_PIQCFSNLYGXRRXVD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit