hxxps://qptr[.]ru/WlEu

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2024 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qptr.ru/WlEu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
980	msedge.exe
980	msedge.exe
4272	msedge.exe
4272	msedge.exe
1280	identity_helper.exe
1280	identity_helper.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 868	4272	msedge.exe	90
PID 4272 wrote to memory of 868	4272	msedge.exe	90
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 1184	4272	msedge.exe	92
PID 4272 wrote to memory of 980	4272	msedge.exe	91
PID 4272 wrote to memory of 980	4272	msedge.exe	91
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93
PID 4272 wrote to memory of 3740	4272	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/WlEu
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffd385346f8,0x7ffd38534708,0x7ffd38534718
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9624766127368371728,14410357907712681096,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5516 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\29228417-52d8-435c-89da-14f218748ad7.tmp

Filesize
11KB

MD5
ab0ba353c306e86d5020c148448cb32c

SHA1
a6c11e02a407c3fa953714aca934f9318a607a65

SHA256
f2383297aa8322cd2505bccba2aeb3d2401d7f0c9cb8fb32bf79bf2bc70e5eb0

SHA512
0fe2326f43df415fbcb7f3af7da4bb574f9e1c130ed5d20ca5856271b32c32b5363d2e920e628cebca4e5f65cd039efcff90c55862596684a3e51c5bebbbe419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
9adbf047c310ee860545b993568d4f92

SHA1
29d552bdf7d17b6e39a39d730880236e9ef0d77e

SHA256
32322ebaad55b6e49d26762b72526bbdcdb372ecf13fc6628b251dd3f836cea0

SHA512
47200857bfaaf6d62f66765c35620db65e888213ea5805afceefd1d3bc2f2041cbec635f944bb5f3a91afb9edee26753aeb6a0423af527e51e26f4714223961a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
66d9e30f7d67eab89c4274034e729af7

SHA1
aac2173de0620a5ff79a73f4259dcf20665b5ac1

SHA256
b854a2285a121865dd635f7a2198b29855d5f0352d3f9aff916aa945ae2058d0

SHA512
22c07dadf47fa0413c4c09f74a269e9bcc8716c60e592c5e102711f667a97100778403719e1c125ef8f76cd149c6ee01907b50ac346be44ca50fc67ecd37b6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
534B

MD5
c25f463f91abd68f73b154aa03803f54

SHA1
b5aac52c0393dccafc663d59ba01a97ca59ebcbc

SHA256
da567a6a5987e4b08f495408c31d080520e558800a74475b70300a198e0b1ff7

SHA512
b7f39dc6df04af87e8698bfc56b6c1524e64349bc2c08accff654225d178e1c503db4eda0b39c23632ae161b5abdcda6728530e56fea11906127db759cc9224a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2f94d7e0be87d3d9ea8d5053ea16b516

SHA1
eb16782ae25f2fc50f0a959c07cdd14df11cb92a

SHA256
5c5911489ab9e73fab6d94c65caefbd5c41a463b602678c781cf794e23c49f80

SHA512
28621ade093e35bd9111abd3cc0cb731782418b7e1febff86bf9d914b7f3c72fc9afb1fa3a65d58848ff1291dff9a7c80e8c0e9b04bd61d65a8239cdae37e0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
18537b43311b2e6bcb8336b6599dc376

SHA1
74b20e985ec23093de10fca0b92459fdf0208592

SHA256
2875bdc54983c89a3b7cba59ad307ecfb806f32f1260da17598136ec4d32fa3e

SHA512
b83af200551a209eac961ba4b4f860bfe65a5aad1520df5b0c09e8e89702ffb693713e83a46b642ad201ec320dbd8d29a20d603a425224162234cf2b1fdc433c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2c4efe2787569ea360d80c1f1c2b5cec

SHA1
df840819df146ecc4f3ddd0943ec7ceee0bde984

SHA256
8eb38f05e89ffdb123d9f60b6308507ef3251b0fc64a5b95d3baf9f5f68db889

SHA512
760b4f23340f7fe84ec535ab5d2a6f78589e7b3ddab8728055ab798213c662882af2268dc30928ee4faaa4c62f41df432c51f8245bd3a5c23c3948bf7d93ca0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
395045856910f23b6777b8596162758e

SHA1
6380cec59967afa3ab6aedf0a552408bf5bffdbc

SHA256
fe5e434afd6fde1939828ddc973837639e7df0c87dadba52991eb9d1ea8cb4f6

SHA512
d14660a519f38cdeff1c4c718ac6898e13327a9baaa52b3a637fb4ced24872f01842f5c5d4e00f160739b925c59a94c5f665ba0e9fb0d892602f3be3322e991c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e4c1e9034de2132da4edd279c07d415

SHA1
b384f850f335f2c4c7e4878bee63ac4328a6a8df

SHA256
7087b0225a549ca2de249c4e4ce82eadd7daf615d550c93ea7b196015106905a

SHA512
0e3a8a3a603381211129e67fd1a6ac048a373197402932acf4b395456438e3de31cac8a985bef8f43b10a8ec92b276d155be92c258f7564bf2d28f665784611b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae40e2493d3cbe5fd46aa039b43665f9

SHA1
f549daad6a821f286835af9b5fb89f8cc179d910

SHA256
2b00b60203ebc08f620eaa4e67a33acdb58d0a8a29ee1b2adfeba1494ba4774b

SHA512
603b231792503431a4a133017fb445708cb6db76cf1e139c277317cfdad8061a8ec2c1a55ef480de3e750b2682cbe215dab4d442f2f296777fe5a6f8ba5dfe8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
448a911b4a79d817929a67a23e6fc73b

SHA1
414e4609c3bb03279de291679099f2e630f1571b

SHA256
b8eb945ff80641e7687544c9e703891a25d705c8572ee728e9275844930d0ddf

SHA512
d81a262ab07f56b353d858d60ea0be9dc11b5592e8ea3d6acb0b4e6f443911b76921643d9ffbbd0a23a7b23518a6f73993565c633c62564ed58828e3cdb251a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
bb87008e8f969277236eb49f214ba2a2

SHA1
05555a9f1ed4e770d2effc1efca335edf54318a4

SHA256
916d9d038621e40ef55391c2dd625a2536c99e660ca028e213a9da62b65fc754

SHA512
e4a862a9b28fbca30831dbaa49d4a7bc18306a8dbcf291d0f5459a3e81dce29d2771f0261315df2229e393a73a3d9c9f96d9ef06afcff4c01027bf1e024e7830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c41bfed9d1e3e0bb73d1fcf47ad33cb

SHA1
b1bda78eda5e8875c20bf82b9bd2cc091649d364

SHA256
a678a67bb612bcb0010b55b80a63387eb12ead464cd8afb8042f161d6c9fd31e

SHA512
fdbe80b94ad47e79213a1a6361177f41aa897af3cb5284d5f345b7e8d43d9e515a7fc9d53614b1970b69f17e237d83ed435764927329325f94927b519210e980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
9a34d600bf067a3685abbc377af5f6ee

SHA1
a0c0eb1e2055d87fafcc7a88c22f7d49b7aa6d42

SHA256
ea6423d24399c68aab76154ef0d8c237c283c8a1c36a1472bcb1583e61970760

SHA512
56353e11ef7a136d411418c347c82b7b74335581f9daf1ca64bf14e12ddd045cf6b618c26caeb1ce3e94c4383781ec6013aaac287dd4fb4a4e092fc6f3cd457c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
accf82514e64cd48fb5eca7b53c7bd4d

SHA1
6d36141be5849ea33781274802aa2d9c78889668

SHA256
12da1700a473f43187ca446fece15f4d435682fb1d38ef6e958e953dd476f59c

SHA512
314771b4de6f3e788f62a68299aff5bdc329e1a2234308364145505a6ee67844bb60e56b687d79b6cc5667174817621c83c07194eb874ef20bb8cce4c32e9605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b77135800cfe1c1e9f47c701efbe2d0

SHA1
a64d760ba391e3adcb970a3fb90918a9b0281ded

SHA256
feff19421dc221595237ca7a950125e4ee2c44d38e4b47c9ca1981a7b8f45de1

SHA512
7c5deb83a8ae0fdea6597a519b53ae0317fd5d689ed225bf268db8586f559957443a2e8ab67dd652b0f9ef12f69458901db7624b0b7cc62fdad3d86d5c0618ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
f60251f267e66770f55190203b134d18

SHA1
a909c83afb4e323c4eded84b34eb68e2972fec83

SHA256
cb898b0675790032cb5519098bd3033d2730367e59e59aa20f64755aac1266de

SHA512
7080fae21c3e62deda33a15f9e5ac40db84712f4f1c16240fefaaa21f2e279273010c7749dc5dfa7c628b9d475818490ec1e3ea14976ff703ee34fc519a5efce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579308.TMP

Filesize
204B

MD5
359dabbe05bcaffaea850ba6d341bb98

SHA1
cea59979fe16c332a99ee3b8348d22985611a825

SHA256
bf0d5cd1b5d1d0dfbaa38f80e9ba7b8ba8084d34f0be8219b893fc1136e66682

SHA512
a5164bd15f3eeeef65e07066ff8de85c4812ac16016a42153dcb3a231fa257490f80281d5befbd83ff5c4d1017c833f8655ac2c8d99767bbed99ad4498656297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
de13756506640fc2ccaed3917431ce3f

SHA1
d5937815f9739cfcb3a44862ecc5046e453d7f6d

SHA256
dfefc6f61c080555c7c16f1812e11627a430baa65cd49c36f34f7e2108c6b8c1

SHA512
409af2dd4fe63f49f72e0f3ab571a2da6de0eaf626f9ce1fc0edf56a927069c3f67b190d0800117b6a1f71e8d6f2c0a11a3866684187519c8c520ad5a78ccd0c

Download Submit