hxxps://kdrcloud[.]co[.]uk/game[.]php

Resubmissions

07-12-2023 09:49

231207-lttzkshb55 10

07-12-2023 09:17

231207-k84xnagh88 10

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2023 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kdrcloud.co.uk/game.php

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

33 ipinfo.io
31 ipinfo.io

flow	ioc
33	ipinfo.io
31	ipinfo.io

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4640	msedge.exe
4640	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
2028	identity_helper.exe
2028	identity_helper.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1176 msedge.exe
1176 msedge.exe
1176 msedge.exe
1176 msedge.exe
1176 msedge.exe
1176 msedge.exe
1176 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe
1176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1176 wrote to memory of 528	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 528	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 392	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 4640	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 4640	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe
PID 1176 wrote to memory of 5060	1176	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kdrcloud.co.uk/game.php
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd926746f8,0x7ffd92674708,0x7ffd92674718
2⤵
PID:528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
2⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
2⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
2⤵
PID:1332

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
2⤵
PID:1268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
2⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10227069669937100225,9617495856425870205,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:492

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
890585f0e978711e84e103f4e737e1b8

SHA1
12b9a7b4a1a016c8a0d4458f389135ed23574e27

SHA256
c83ee823a77974192ee702a6b550e28046fe4f60798e471e7b5b75c1f623c092

SHA512
246b774837bfb5c3f158024986fb040419974c7a8c1e6f6875e713760385084b32cfa294a5195598e7968632d1e2e4f553545f6d084cb4e5204a868aabdc0297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
Filesize
129KB

MD5
28d59ab21d59db5ea795a834ebf2b24c

SHA1
971e21caca482034dd93c8315c7430de7ee219f7

SHA256
2fe577976f6239e3710b710adfeff7740e35d5ce19e4295faaee37d44583828e

SHA512
c595f09b4096a9baaf01b690017723870c8f58e6a9a98b0021d818dac9d1b9231369723ec16fb29a9e8c7b029a26166ff05dc11ce82736a84faf4202ca75bd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ca
Filesize
269KB

MD5
dbbf7b9694409956bcc667a00467a215

SHA1
2a94c2a86f6ae97015b9d3cabc834c217e83b865

SHA256
eec5406bdddb64ebbb0d5708f558dacb40d42beb1612e20a5d657404b6b9a990

SHA512
cb3a35220acf48b5694a80714b06cf479cb17bc9c3edf0ac365fa6197668fbff74ad61f389adc75916d4eb66a7ae5341534552c2b00dfc26b7df087a03ca1a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
e7e20e92cf4908ccb3f7651ab48819c7

SHA1
2c984ebba3b350e127fd2e2bb7168595b7d9bb75

SHA256
2ccabca2a0de360d49b2dd14cae2b21d5e637e4b6a9b9b622845622d8c3eed39

SHA512
cc6dd0d14fb9f61d7ae1329d3d0ce76ac265f219697269dae9287d79f7a21c8f681858b0ec616027d68b26279a1a93cbd67e87587064220b5c985853b9c6927d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
a19d436483f1dd702383f6b8653b8531

SHA1
2ed2087bd8c1c1672da50a65cfa224ee333012f8

SHA256
6009979e075f9ebec370e8ca952c3818517183b9412c5bca71d2b2d26adc8c55

SHA512
2d8c380494c19fdea5771a50892d880817b960237a26b34ed54904a9eae6d801d6996d662ae6eeabd1c5ca1591f9db6396e247cc6e42e5da1eb1195f6aab5fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
bd248dd8c5359fa22aa1127f39405915

SHA1
c03c284f9ddbe17745d720c1fc0f00c41ea7861c

SHA256
f9342061e0182903dae36f665e39f7f26eb59c58fa27526739cd3d882ce288b1

SHA512
d7759de3669f87da5d7c7dcb894453d2e40a1c7acedcb44465c603f45a157bf716572fd43c1886ce2cd40098bab0a117737c7a765c1592a83fb82e0c80b0df4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d6748b2a84020eb25435ec280ded9fa0

SHA1
e0c0dcdf92f81a208732ea9be55eb23e5db06d69

SHA256
c9550e76d5cb24fcaef5d105c4e9a51e54e3f56599af52e257c8650f28930d94

SHA512
37a623c4fee253003792af5a97607eff10c30b8b9cc69ee57cd9d44a2e10f4b862fdcd6bcdc2a577ed3bb4b4a1845fc71689e45c3a53e261008f077ba07dd2f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c25d450774b9d09ea883ce90f736d68b

SHA1
33b9bde13e8037f35b51d8bcc35ec229d1a3f889

SHA256
c1c42b6c3996e6d12300908f4163fa544951238690ff0699fc8685d3e3e90a34

SHA512
53fb0e3ce6400b8ede7fa13fa9f74ef14c6902e3ab5b921aae56ac29c27d754a9a00d570c4e295662971f47930f0615fc40ec918e03bb74bfda4f0c79cae4fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
a553ed37741112dae933596a86226276

SHA1
74ab5b15036f657a40a159863fa901421e36d4fa

SHA256
ec16b2f20ead3d276f672ae72533fcc24833c7bcfd08e82abf8c582e1bed5e87

SHA512
25d263aeeda0384b709e1c4ec3f6dba5cfcb8577e026d66846c2045b543f6446439b946163b1ea8f7e53cc6ebf38c93172452bd43e2560b42b56c4d13625e107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
cf936c676e54b30f4b128f7983058205

SHA1
8722118907b292e0ee17258ac677dfb03b998b36

SHA256
0e09b1a7a5dd950e45d02664a9b2e931dce2375d01683c285c9ea45b9e976543

SHA512
88403badef420a49d2690a5eb61a8cda3ebb48865ae552adb84b87e87749a9ce21c617b0bc13445f8c846532a36141faea2909a0a5478e5adf17317853fe2e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
091ffff5678451736267cc3c2cab3391

SHA1
d7c8f12d82867fd89b04150c188a910b3c7b478d

SHA256
206947be73d7413a0db82c44e7edff672820508aa8f345bbbe4caae6ecdb4a82

SHA512
434d841cf47ac679f45606694e89111ff1c7de7c386b3a56c8d995ee27d869fb10275fec785d201d4869f3dfa7ddea1d9fd335493565bc3bcd7385140f647c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
633c060d0de363e91080b3ea4a2f2cbd

SHA1
676bae978c83e1dbc90767d5bc24404768b30542

SHA256
f5fa386f9de81d4569efb6cee42bbf2f05b5cd6c2aed51c7f095d92a1e1dc9c1

SHA512
69c12352cb4323edf7dc5e1fb12c5924755b56e5e9b4794065817950b48defd941f3dc377603c7f25c8920dea2254dbcd6f7ff180ebdc6f38e6c1c76125757af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
536B

MD5
3fa7020762fdd5ca9358d98c0cf06445

SHA1
63b687044ee0fb6a3ebba267e8dcc26438ccaca4

SHA256
28cc3f1848f51c9c5b3d3e1185b27c49d34b1f2e442bf8c56ef5ff1bcd309e10

SHA512
21d319ff9dc69ca06b7df16b298dcfbd7d824194cdebf1138e161ff39f1c5baf897b6317d5d958215cd2ad6a41c8720377d609fd0272198c67663341d6092eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
536B

MD5
282c99f08947313bea291502ac130040

SHA1
0737446b7f31d6df3c47ecf6af3b3f6acf58138c

SHA256
23c92c76b64484f40039a46cf489062e78efb9ff855fa78b24f891ba3ce779bf

SHA512
5f7bb5f0ed8dbdf517c82dfd598bed72aac8db9b9f23bd183d60c8d72f5ea211166d17111fd3294150400080aa4e34052cf687ed318cc6b5e90547a2223a939c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
ede81af0a38d470c2c234fa986fcd1c2

SHA1
12fe65186d376ef397696cd4ee2ab301f7a2ddb2

SHA256
487053c3a4915c34d72a7b55fc1be24370c48cf5d6d4924981a2027cabe25cdb

SHA512
a2fdcb9ff1cd0ad77870b4fe4f4cc2d7f41cf5b5c50cd4919624d851c6fd3e68c9f1117f1bdbbbc08ff82d51b2f34fa61aec9c96395e67ae558b8c7b26107c6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
7deda8173305ae6c247b6318fde42f55

SHA1
4051af47ac6b21269fa12e527235f327b65b1106

SHA256
a8fc63299460a614f8d082168514b0fb8b5c595ead2194f489cf1b76a59bacca

SHA512
c852ca4e23bfc44580bf92de1d4d0d545c88eccde17639e46397b5d1c83c29e41cc986a4eac3df22db9c41f62293cdda0fd01d8f5192f922c87432eb8bb55d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
22073302637b8151e231a5403eb3c300

SHA1
b0c2664dbbb1ce6d2685a1c3c033e22d624145ad

SHA256
591cf54dc8ca4da6fd32b99f2834ee64b00fbf7c02ef71f0cbafb995d45a662a

SHA512
f6020191a0aafe20b1a39da27cf58e20f00132b4ae7dafc02cbd25adde00a4067ff23324775a206deedbbc60b36efbf6122098f3fc891065c3d310290b56f29e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
16db668e87618460f51de6fb21fdb652

SHA1
cc235d06db1a95cf56cea08b53cf851aa75ad4cb

SHA256
63119b83ea6e15da1dadd20eb3d2c24d66f7bd0e4ad8bcd501fa7b7b584615c1

SHA512
e9c8beae73344c5512ae5833ca9245f6937a244f1d61757dee3a8c994a8833641f5f8ab06fda158f8aec49377eac88779699bdce9365e82991c6fa90677bb62f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ce4c.TMP
Filesize
538B

MD5
dc651e9acbe1e83df3b5cabef8611530

SHA1
9def90f757575d5b7245bcb39306b56dbace597b

SHA256
4274d736c0a7681fd15a4582ec077a549e2dd9a2b43d989c3e7cd548d224e4eb

SHA512
41541090fa613c5daf8f8f80ac4f6898a1c6caaa2195beda42c7ae17d5151a100a46ead252d1ee5298e6aaeacc2e14c682843ffe4fdc5d4414fc03aab131ef16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a6bb93f83e80da8192db8c6e1b49d902

SHA1
c23405e362800f05a16c399819db244bf5b93f51

SHA256
1e66e8c135d7928584e6ba5c15a7213de36631f710640fb7f4850baff48d5685

SHA512
d642fee3f8fc69427210723fb72a0fe4ad96fc30ef2e45266928f1dbeac60b064a7b9f1a6aed3c6f7de19775f3e9ea0181cb7bcbcb834437b43cb7887d9e4ea5

Download Submit
\??\pipe\LOCAL\crashpad_1176_ELXNTFNQBVLKLEVZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit