hxxps://kdrcloud[.]co[.]uk/game[.]php

Resubmissions

07-12-2023 09:49

231207-lttzkshb55 10

07-12-2023 09:17

231207-k84xnagh88 10

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2023 09:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kdrcloud.co.uk/game.php

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

16 ipinfo.io
21 ipinfo.io

flow	ioc
16	ipinfo.io
21	ipinfo.io

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4216	msedge.exe
4216	msedge.exe
2220	msedge.exe
2220	msedge.exe
208	identity_helper.exe
208	identity_helper.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe
1700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2220 msedge.exe
2220 msedge.exe
2220 msedge.exe
2220 msedge.exe
2220 msedge.exe
2220 msedge.exe
2220 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2220 wrote to memory of 3624	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 3624	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 2152	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 4216	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 4216	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe
PID 2220 wrote to memory of 5092	2220	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kdrcloud.co.uk/game.php
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa465146f8,0x7ffa46514708,0x7ffa46514718
2⤵
PID:3624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
2⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:2396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
2⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
2⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
2⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
2⤵
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
2⤵
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
2⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,16435262266944686582,7933184719802449804,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7c89e9212e22e92acc3d335fe9a44fe6

SHA1
c43c7e1b5fb58a40a01a6d8dd947c41a48e0b41f

SHA256
18c46c863404b31fcce434662806fa34daff0f9af0a9379d898f772b5c398b44

SHA512
c6961c171af63ddc7a72aaba4c9d910cc6a424794c416cd1ce51206f7c7f1100ca51c9e41d07d68489105dccded2294c1d761a8dc6be80d22c661014efd6a9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
Filesize
129KB

MD5
28d59ab21d59db5ea795a834ebf2b24c

SHA1
971e21caca482034dd93c8315c7430de7ee219f7

SHA256
2fe577976f6239e3710b710adfeff7740e35d5ce19e4295faaee37d44583828e

SHA512
c595f09b4096a9baaf01b690017723870c8f58e6a9a98b0021d818dac9d1b9231369723ec16fb29a9e8c7b029a26166ff05dc11ce82736a84faf4202ca75bd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
Filesize
179KB

MD5
d7ecadb308f6aea4f3d920030da33dac

SHA1
1acdc5cf470d2ed58d99391369ca39cd10dc1fe6

SHA256
7ea543a45294545c4a6a28c90d3ea24cbba93a193e1df5531f3ef5c026a8c8f5

SHA512
5ab12e116af7c25206a41863a34949a4681ed2d759ed1b69d7718d8849edb475898043ba205a5455df9bb789e757c666c502a24d93c5a6465709357d354d5922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008a
Filesize
84KB

MD5
6c951d3d00752a0ca89a2d5398443aa8

SHA1
00e75233b3f5a93aa007a142077acc2323dd56de

SHA256
de2c079ab628ffd5e5fcbd17d43940e310169902cf22fd19854988af764255e0

SHA512
6a5677d9af436374f2255f03fe20540ad2e007a6dec36c87bbea58439d3b8350a8bc194da5ca68920d93080b1f36ef2b85a6da13fd2b4801a1aeaa6a31b5ee5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b3
Filesize
269KB

MD5
dbbf7b9694409956bcc667a00467a215

SHA1
2a94c2a86f6ae97015b9d3cabc834c217e83b865

SHA256
eec5406bdddb64ebbb0d5708f558dacb40d42beb1612e20a5d657404b6b9a990

SHA512
cb3a35220acf48b5694a80714b06cf479cb17bc9c3edf0ac365fa6197668fbff74ad61f389adc75916d4eb66a7ae5341534552c2b00dfc26b7df087a03ca1a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
a7522bc10c464917e0f183918b3c2e0f

SHA1
b6cb5e80b6ed5da7fe4c408589d9410d6b322380

SHA256
195db0f0b1e474cf8c2bd5efae01c46817e151045c03b19d3d40c55b77740f31

SHA512
302e9aedabef290555153c6c6df01cc82bcc1ff24c6143cd6667a00960d9ad0bcb6eaea52112ad2c6ecb0cb386d3112da2974b19fda123031ea93bf7db87fd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
2f6983021d53a858b2ddcbb5d9f4c23c

SHA1
96f5b6a5511fd426ea75d2543f82a7932612bf88

SHA256
b1c880464005c11b009d07796a716da0c9f79f26fdd922917622790eab6a13ab

SHA512
ff6329da6b2fa222253e19ce379e31b193c287724e2f4ae5efe2ca9dd7363d3d2c05d4f9bf4bac7cf48691538ba8c3899b685f92d184565a862f3b0ab2df5d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
769ef8106d1a3fa4573e70322ead97b5

SHA1
76de81732902d80b55b3b6d5c7610c75914d3354

SHA256
a28baee19b61f843c6e1195f6f5ab3e6aae05603ff1f5ed7601538f5647af27d

SHA512
4501191a32f6de28718274547684c83b4fe2fe28f1ea08121b989409671a02ecf9f8f4011dfcc944b51d3e8519b2b5407c9626ecf3bdc4eaaf87e0ff99066f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6b60a1d3386d695bfd87188c08e218f7

SHA1
635391876c5b5d64ef73783a9959a05fd682aa37

SHA256
d0e8695276e7798b75754703f532fa05beb0dccaed1978e67874ec89b7f07419

SHA512
b5be188f8d143e817e9fd224828d1dd25686dcce49cd00a33aebcd18bda603e7b28ea1bc47d49d23bc38b72f03c4d03db45892119dc94a5c765f96bdf72d9dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
d7b2b29ef1d9a33e61e1167984c8ca3e

SHA1
9a0da1a3cf9003ecf6aba220a8a00ca34a7ebd34

SHA256
7d4bbec0e8bf4e62f352750240a0bc0f7844d58fea590bc6a9fc972c3b752dc2

SHA512
3cc40b7e35c0749e419b035a73768c8f76bace77ed44be6a59469a032b643da15162733e5aaa94064494b055858a24e4f79326a863f31f1c28eab44cec35cbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
536B

MD5
27d68cbcc12926b6af1bee609089dab1

SHA1
21fa8e934ed228e9f2948c433064893618dd1058

SHA256
12083473355975ac7b61fff121e214abf3540f49637f4340383f7844e623d500

SHA512
5f0b6c2e33276a672177a6eb8130a85222f907b320803579336e45735e637ad4faa5dd55d92ac33977eec7502d108a8446ada091eb1e34e372b1071bdcc3b6bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
5245b3a21839b12900859c6480c99363

SHA1
a710839c000f498bd68018ed6b371d674166cbd6

SHA256
dbf4553d9fe4ec9458593e026470e84e1109c747d6f206e8519f9c4430684cce

SHA512
17fdfc70cd46bb1bb9acbd5aa205ae1e0f4f059776fbc34a8e6b04033ee654cd6d284d6eb2189fb80e00ba40f440de1c2fde0fe200eb91a871cac97b07ff689c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
e691513b345d76277eaba65114cfb843

SHA1
6db8d905c374cdce5ecce0545ed57ce0c2ea3dff

SHA256
e64e4f75df4599b8226971dcd13b41d7254f239fda03c51b0d3f163fc3e09da8

SHA512
f958824cd873744ee058a9a5c8182eb981c8795f637d0b50041af2a15060a134fca041a2cfcc89120354bec9de7074d36d457f6555f8b135288d23ca9f5c613e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
536B

MD5
8a43525576b4de65465ff82a70ef1305

SHA1
8b2a1cb1f3c6b84dac400f3187f06ebfd0300d8e

SHA256
809ab62ff5a7bc8305230ea37bff3bd53cad2956bc02c187bf09b14a65e6cee9

SHA512
eaa8d2271590cc6c403d28c0eded1e597ba6b10e24f8897cba687201f8895fc257d872f45bff59cfa81b9b35db14ebb3f47decfd7ded40dc198cfe4e478df504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
536B

MD5
9d08c30fbdf36a25e8b2494ce74fb4ce

SHA1
c9ec0f3a41f03702dae0ef3e40dba756dc0d5196

SHA256
dc2ae3809ffb8efc7f570dce76e2102e6758b572dfc8dc1539b679e32225bed5

SHA512
78ae9ce36e508d2e7cc7fe11fac524dca3385e12f547da9e8c0d8a3b61c25b0e59f006c0cd6fff0d507c287fb080228e490aa6ff90097522438a3260b679cdd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
536B

MD5
20187281bb18bd8d44377f5047e91f51

SHA1
f2ca490148d089c8a32c168ba2b033c8f104fae6

SHA256
051cf9313150fbf858b4735dcccb47e4f060200e3c3a7c0086b6877382fff89d

SHA512
376bd71ba2f2300f2a73b5ae2475ad733c87d0d32b2b74d0fa3fa3d3a309bd478328002d6b90413557a33144f510cc87fabfca53a588f1bd998ae83c6798fa41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
2ca015a64d1b0084369884dbd3c5499a

SHA1
f373e3649cd450b82d4396c5eee30fb07767e267

SHA256
819fac8df95f6e56a76e4c30bdf331824785dafe448e0830d04ec1cd770cc30a

SHA512
b351d27464faa94e10ccf1ad3e6ae0154653152fb6958b648b4ed276a69a712cd12bd1570205dcc9fb6be06064136035d17c8aeae313da2d28727bc4063196b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
fc986145fd1ae41646baa9828c3b7266

SHA1
c5ac674dff3f7f3ed434eeaad0ca9a713ec89656

SHA256
9d83c8b9f2be7c265b51fa0eccc54102f555b51090d41e21d503b884e78ebcdf

SHA512
51de56f76f5d8467cd408b51f9be825132eea7fa5a74ce774d92ba88b6c660b73866af03d9458d0ab5409c50eb4e9f0c8be5aaaac8b3a78b7e86ee55162d634b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
7126027f541be5cccbb88dc2dc3a647a

SHA1
9f99ce46a41a3b160982665455579c961a75fcdd

SHA256
6a7c08a944e967beeb3f992302c64aefe561b7e92580c3340315dac142b83628

SHA512
377424faea43502f7cf7d8a9184e048a04d6bbb29798bba323a750786cdc0ae1b9bd1c755908b3862961bd0ef601bc0eeacd5cd0c5b3884333ab109c5e26adcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
aea8ab9f2da649ccf076fd4b4618b261

SHA1
419d4d0ce7adc37a2abb78aa56eeb416a35817b3

SHA256
514f69c9adcc569d2af28fb859e24ef764a2fe9786c6c5c9433b3e4c69a886ee

SHA512
37e115a95ad7c634f2c52f52cc7d2dc7fb15f01acc3f9a27b9ab1e9d92eea8d96b2806681ef1e893a6129e6193b381bb655dab6bb707095e688e92a908892c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f6a4.TMP
Filesize
538B

MD5
4b03caed4e7fef316e47968d43583df8

SHA1
f9802fab9d69706a4b8d2d421038354311d04c67

SHA256
53a3c4015db219f919a7768f68ed98794fb094bd681b0d51ec15a0b72b5bd709

SHA512
9a16ff08fcea80e9147940723bc2b84a7436ad157de422ec3279be9e2efb885f32ff40c830e10e28d260c2dbeacacc3bc57d9981ffc0ed74e7c6ae441177562c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
26c8ac91f02a14a0fc9cb7186f572ef2

SHA1
440f60497e9d43df0165606199e525792432525f

SHA256
72a81c4adf38c45301aead37278fe22ba0fe29a585f8be6c623121828c7ca828

SHA512
e3d6cc3a7a33fe1584808866f30d1c366da87ac58d140e63fe985ef43d27899289c356916d673d77b863cb6244901de9f4f9e8594427f15cef09b662df672009

Download Submit
\??\pipe\LOCAL\crashpad_2220_ZQTHXTKRQIJWJTOJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit