hxxps://ggptzfp10hfs-1323921533[.]cos[.]ap-mumbai[.]myqcloud[.]com/ggptzfp10hfs[.]html

Analysis

max time kernel
288s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2024 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ggptzfp10hfs-1323921533.cos.ap-mumbai.myqcloud.com/ggptzfp10hfs.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3148	msedge.exe
3148	msedge.exe
1888	msedge.exe
1888	msedge.exe
2016	identity_helper.exe
2016	identity_helper.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1888 wrote to memory of 3328	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 3328	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 2684	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 3148	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 3148	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe
PID 1888 wrote to memory of 680	1888	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ggptzfp10hfs-1323921533.cos.ap-mumbai.myqcloud.com/ggptzfp10hfs.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5f3446f8,0x7ffe5f344708,0x7ffe5f344718
2⤵
PID:3328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
2⤵
PID:680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
2⤵
PID:2684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:1408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
2⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
2⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
2⤵
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
2⤵
PID:2436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1776 /prefetch:8
2⤵
PID:3276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
2⤵
PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
2⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
2⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
2⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7600151513456862648,6632827593515205614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1280 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
84c1cd511018e0f173c793f92f90a6fe

SHA1
fc04ac07fa675310f26f5832e8198e3e3cf47809

SHA256
d80963b38c7465849b14898ae05aa263d54b1e7e22dd8be725439189bbf25096

SHA512
39c9000e25ab2b2a7de333c5783bde9216382e3c66f28e5ddd1ab8e1cbb2daa44575fc798730597c6637d44ee0eafa8044bd23d28f2807ba688d6df8d6ea06db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
25186f8a48686d4322b2c26b388ae23e

SHA1
6bdb2697ca91c7d479865cdc7d78387b5f976e55

SHA256
6c55c02fab9edcaa2ea3d6c7df80b945ed148e2e345a7d29662b0023f6ddf5f0

SHA512
fb6792ce694cef617f251083e57ea30b955222c5e813a9afe6dbfc17e906d817fd0ac5699c4fbf277efc6b57b9e6029f41a6206f027e9b19007e76cd255cbb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
402dbb92a10d1644b75fccbfc896e821

SHA1
9bd1b215321a8889b392d61212f6c8cd7b76107d

SHA256
302eec461f597b02edcc2dbee9b0cefa4538bd7cc9e325d89e11e0b01ef245e8

SHA512
9cb351cf7a100a08b76950491d35069b294ee8218a794a03c78fa31676e7aecae70ef9ce054554a73f734bf052f0e930ec1892fade4e29afcfa27f26e384df24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
10577aa310390181f9abef0b2646167e

SHA1
4940bfb70270579fbf937c1adfa05ea0e8d6ed6f

SHA256
059572068b400b71b645d36f49a9c2ab40add97d6272aeeb90b2e57b76e11182

SHA512
d23ed71e42595b8ebe828fa1ba60dab067dba975759d4d98d80060a18a48bd80afdc2486292dcc07a36210a255479592dbefb8c5bd05f33354b4299a73a90ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
4116b24005d98fc6cc2435c11adc341e

SHA1
95ac83143f07a5e291fa850b6bbadc836d51730e

SHA256
8c3f688b6eff0cc262394770c92834a9e932e2814d4b28a9f48d07c8b3a5b19a

SHA512
d6bae7d24daa06037e943ec0e81351c5b1dedba3f013e2ca2280d02b69ef8276e876de75b12ad1ad06da831ec0bbd84cd2c0bc9e39892d37f6bc3c4201a5a52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3d2940a7335d2f4b52d39ee99ce8dc97

SHA1
850336fce3a7bac86d1f4b3d44228d4a000b9e5f

SHA256
23be2d96f997cc4d9d164bbe757cb349063f5dfd719395475043063bea633d63

SHA512
f9878fcfc2bb6585e704ffc5218353f6b8c9150667541c26442abe221515eaec96a79d65a7afe8db7796b6e1242fd6a0b4a6a128d97c029176025c00a4190cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
103dbaa78a4f959960f504ddc4eda317

SHA1
d19cad04ba189341a356929630c73b9d29cd19af

SHA256
133e3c6fd6f9458cea3e1e7095bedea007767d15d8a0d6ca1fdc5a72e007651b

SHA512
342c50dc20a45de0f12b947774edebf412ebba5eb31e4608db153c686f81293332efa151ae279bdd78640d3a13f9e8199f3dca4d7e40e769feacc73ca19c4ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
bf1fdee6c25450a1759c44421d806510

SHA1
79e0de8b4cdcd8f58c8dfb0328d6111184f1c9f8

SHA256
36cb8a642334daa2c9637720dc620c7985b8d7e3927c2c868ae1cf623ac31c6e

SHA512
16479b1348348f3b5b8ed3c7b9f6e255c36da61439dd22a79230cd67b0f413f537d0fffd5f34baf3397ed12b954af16fffcde142755d639f93c90b197e8aae4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\adec1300-7dbb-4cc0-bb36-36bb87249420.tmp
Filesize
5KB

MD5
94bc606c8b4ebb968e607989af8462d1

SHA1
14e19ffd5338a6d5872623f75f652b558ba9d721

SHA256
4aa0a20595ef321bccb0a614c8b6f345a804b99a07d66100cc05c1a7c7a38a07

SHA512
b848970a574efd7083125bcccf1ffc783e98a9ca5d569639e65f9a2284232d8677975146cacd2fc9f12be3f8e23d0e8a630cd303c9e49ba5c7c2ca912e1c9bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
5d8f4cebf61c29b1106239c2182eb416

SHA1
13d817a258d97866407d2e63dc73ff8caf7922cc

SHA256
0d9809eca261f9423268647edf96f54a1e888fa1b8c02a6ee3466015865efe57

SHA512
4e11a5ced719660632cb5308fa7a1691d32849c3868d5b9eed49ae1dfca2816b4b21410ad4c8943d77561f19f3a9978238b00dada97088d408e4eed593132f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
071615baa5b97773967f1ba3cdb960a4

SHA1
8e1ca62cfea74abad8819df19971ffe4264ccb1c

SHA256
20f6580e05d0da73dcfab5aefe7d88e928400e97bec8278e19caa889965949a9

SHA512
89862a852b5bf79ae5a05635822ba2e8c7097ec22b5b36dc09484ddd00eb356a3f3301a2056e6b0f63682604322a06358bd930c63f528118dfec211d868e572e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1888_GGZPQBAGCZHFGWCV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit