hxxps://qptr[.]ru/vRm2

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qptr.ru/vRm2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4400	msedge.exe
4400	msedge.exe
1820	msedge.exe
1820	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1820 msedge.exe
1820 msedge.exe
1820 msedge.exe
1820 msedge.exe
1820 msedge.exe
1820 msedge.exe
1820 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1820 wrote to memory of 4804	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4804	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 228	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4400	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4400	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 4672	1820	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/vRm2
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffad6d046f8,0x7ffad6d04708,0x7ffad6d04718
2⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
2⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
2⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:3928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
2⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
2⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
2⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
2⤵
PID:1412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,16953036162127370141,18149437645332918905,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2420 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
172160383ff36b199a23ea2d4c53c5a1

SHA1
aad5e8eaa43dd5d65d4dbe4c2cc248b69b766c1e

SHA256
d2ece2d2e8798d51273159a19c06e460a0fbf22def4b3ad3fe1d4ad0a5023281

SHA512
7720009deae91be731f901d100450558ccf155a5496e75738a6edbe67a6f30a9afc780c4e88adfd8c6c8412daab1ae51ec1d3da1e5005aed8156e5e0d60c1758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
f2f6477316bc4ba6db2a21ff129cff92

SHA1
febbf2931bc97709acb6eb07196abf841fc384e7

SHA256
9c1e3f41f382a671d1b98c8ff122c54e2f0dcb5bc0ff15fd5a5eb217cd04a313

SHA512
97ea8938e2177afa06d3716e0e05bf5a47bdf205f0ce760f8fa487b82fde2a17d9a46b8cbad5776e1d4e9187928e143f45eb05af120e51d8c75ffda30a9603ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
a891929b82e1e19f6d876877a5eb9362

SHA1
02dc393ad51e3add666d1add45fb51f1a3461158

SHA256
d2979eb8e7529ec151acd9a86fce5fead786437afd02114f1e57e7c7603dd1bc

SHA512
f0ebbe5a869930715d4a5db3085eda62cc4dd9e53620734f98f0957e0f5de237aecce3e7d848d8b84336c969a28407027ed390a2e97d29f0de14c72c3430956f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
622B

MD5
61d4f571c29ee0d4d87a2fa94be91d7a

SHA1
f12563177be87d8a2a4ce510138aba3231789312

SHA256
6247663768249c7f9547b14d4b5a0b0da714010c095e2de402546fe38ab0defc

SHA512
3b52c198f0fdb541c63fc23e7649dca5699b235df4bf8fcbad41a08b49124201d2093316b21be6ec08b2677fc6a03653216fb621e4c2129a0b3f79422d8b7768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
32837a34ddeec968030a4c8de3db1cbc

SHA1
46ec1681436ba2b032f9e3ede2afedcc011cdb62

SHA256
f251db81262a2219c6c10eb5d23440edd582f133167fb8118b1d8d765d2727ed

SHA512
a086f9f17ffb8570a8164428a109a0d59f1b8288a89218d0df9e0b66166fff5c8e0588105adf36262e463004118be6f86d7ff0b133c05171a09c07b77a720792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6378fa1f382793efe30dddb06cdbe431

SHA1
6fe8fd570b3c28169a328ce99eb88433b5db0669

SHA256
2f21b3ea3944b0355289bf278e55e2594b0fb62926564871f0480b6cb012193d

SHA512
b689bedbc40330967ecd7e766b0a807c3b8b2e29d552a527391ba5893f6fe299294233604ef4544aa3689f9a5f0f6dd878b8b0a4291b4aa9666a1d8742eaf51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
85b200978ab1dd69ba80b244f85882f2

SHA1
02f25ea4e0a7f90d27a66f2916d70e5840ac050c

SHA256
c433fc223b8459a5809bd833b0cc47fe33f3360a89a50cc05d749202f1f7a3fe

SHA512
e52ec69f7290c80c9a802239408bafcb6bb53e9b5b77c82058a088a8394cba47cac759daecf78c3fac108578253ac948ad0309dd0c58da4b1b2d6dfb98ed92cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
de29b5b89217de0f213a6b7a7daaa5ab

SHA1
c254d8ea407d4439adf8d42f36bc4ab2ca1db9ae

SHA256
279752e5f782d50e2df221a4c6bb26cdf1dfc1fabd092b956e6a4612ec3293f4

SHA512
4f4f3bd5ca0d0db41044637f4e426cb4e69b376ce97010c8a14e29a7d8b199f8599cf46a6dda591abdec431641aff6f0ea7088502b77dd36ee0576f1d92b89f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579422.TMP
Filesize
539B

MD5
6f0c98f1b25fb59b15f1a7375e936d36

SHA1
9a5980d6a889fe38cdf603340d8979df2f9c958a

SHA256
0366c0b0f48ef4e189431c720366049ba554bdcc0c4a5ff98085851c7f8c4aca

SHA512
f29e90c051f30a5ce8103a5dc6e3d3b251d849fa0297f684b85c51336181bef3e985df551ff772f0cc1ad618e66ec27d893a9a952cb38409d27ad0558f753fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
3086bee56fb6fc43d3241a80b7dc22aa

SHA1
733c514cba6750b6cee09f6a4e1f83bf476a9269

SHA256
3306a1b7dbb7fd4697713a676c0e252760815179dcdd0dc1ced701dc48b0fb40

SHA512
37382fc093106da7ce05bdb4d885c3b3be016a72bfae7f3344dc24d619fc3ba0986cbf516151d79b4402a1ceae6c43172c82b4e11a2073c08cbac89e192b11c6

Download Submit
\??\pipe\LOCAL\crashpad_1820_QJGNFBBSNBATEELB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit