hxxps://qptr[.]ru/d8u4

Resubmissions

10-03-2024 02:48

240310-daweasba8z 10

10-03-2024 02:43

240310-c7ra6sah7z 10

Analysis

max time kernel
259s
max time network
260s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
10-03-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qptr.ru/d8u4

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

Processes:

UserOOBEBroker.exe

description	ioc	process
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4972	msedge.exe
4972	msedge.exe
1060	msedge.exe
1060	msedge.exe
4912	msedge.exe
4912	msedge.exe
5260	identity_helper.exe
5260	identity_helper.exe
2848	msedge.exe
2848	msedge.exe
1124	msedge.exe
1124	msedge.exe
5420	identity_helper.exe
5420	identity_helper.exe
3328	msedge.exe
3328	msedge.exe
1472	msedge.exe
1472	msedge.exe
4896	identity_helper.exe
4896	identity_helper.exe
2192	msedge.exe
2192	msedge.exe
3420	msedge.exe
3420	msedge.exe
2580	msedge.exe
2580	msedge.exe
5188	msedge.exe
5188	msedge.exe
3516	identity_helper.exe
3516	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1124	msedge.exe
1124	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1060	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1060 wrote to memory of 4932	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4932	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4244	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4972	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4972	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe
PID 1060 wrote to memory of 4588	1060	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/d8u4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbf5203cb8,0x7ffbf5203cc8,0x7ffbf5203cd8
2⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
2⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
2⤵
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
2⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:3412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1664 /prefetch:1
2⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
2⤵
PID:5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
2⤵
PID:5660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,2002053965842647885,6698770182052518050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
2⤵
PID:5668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1952

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1284

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:5004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3652

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\jawshtml.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffbf5203cb8,0x7ffbf5203cc8,0x7ffbf5203cd8
2⤵
PID:2584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,7565709624455574804,6607114285456939060,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
2⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,7565709624455574804,6607114285456939060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,7565709624455574804,6607114285456939060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
2⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,7565709624455574804,6607114285456939060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:1200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,7565709624455574804,6607114285456939060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,7565709624455574804,6607114285456939060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240214_200015970.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbf5203cb8,0x7ffbf5203cc8,0x7ffbf5203cd8
2⤵
PID:3512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,17032666618915541937,147810019815099292,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
2⤵
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,17032666618915541937,147810019815099292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,17032666618915541937,147810019815099292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
2⤵
PID:1284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,17032666618915541937,147810019815099292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,17032666618915541937,147810019815099292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:5960

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,17032666618915541937,147810019815099292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1828,17032666618915541937,147810019815099292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,17032666618915541937,147810019815099292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
2⤵
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,17032666618915541937,147810019815099292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,17032666618915541937,147810019815099292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,17032666618915541937,147810019815099292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
2⤵
PID:5388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbf5203cb8,0x7ffbf5203cc8,0x7ffbf5203cd8
2⤵
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
2⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
2⤵
PID:5420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:1192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1416 /prefetch:1
2⤵
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
2⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
2⤵
PID:3424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:5776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
2⤵
PID:5416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
2⤵
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14378305757457307403,6485530706881891215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
2⤵
PID:5440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
84e49396f4455ce20453e415e3830fb4

SHA1
d2aab986911cfd47c4f4e1b0fdc4cb78187c5739

SHA256
ba1fe1830b6531673d94577450af4179ff9b3226f9f7ffdf3ca5ebf4a91266ed

SHA512
85b758b30bd06c90a75c66853b565cccf075f1e3ea4d9ccc93f6a43c716145a458df91177d40a288493820e4a0c1e04d9d2b56317029131e7c1df5ff28f6ff11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
23a159cac37eb44e2f0acf96e08a45d0

SHA1
e702ce6609abd50e65fef21115ef67430992c0bd

SHA256
ee878756ce15f31200a9d0590ffaf5e019c5e19726717561789083b3564d5245

SHA512
76b9fb359fbf140012921d315308071693b96019f13a8f148fbcce34c143ca00dc8b21577577ec50527415fc4caf88a5dbf984ecf9cb13d247e4a61a8cdec2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
664265d0fff9b3c0a97db12025a0559e

SHA1
573d7738ea3cb1736e8db3d8a8f230cbcc4f1570

SHA256
e9b826a511a3e14fabd0d37728aea48afbcfa61cfc870402230c99dc37c0ac5a

SHA512
fa03ec555e5c43302265e5cc3288d1590e93fbaac79a34eaef46a820e4dc85e40fd8c561e0b1423f619945e8215adb30d7cbc63fbbcd7dd5ca133d8235d4236b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ec7568123e3bee98a389e115698dffeb

SHA1
1542627dbcbaf7d93fcadb771191f18c2248238c

SHA256
5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

SHA512
4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
41da3c8fd41524a1ef8447012ab48fe3

SHA1
8f02d5e880030db7dca1f471aa69380d3dafd4c5

SHA256
273d27858cbbae805662e233f9744ebb5757e5994f99f68310b47174f11f8a36

SHA512
804762549f7466541dbc4b0efcb84d383015b96b032b0a5a0954338e208180d9abdb1102daf8e150464f68d55f7ed1b9eea46209ca986f536015b207f44dcddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\131e7a2f-9497-4d69-a2f9-b4b249e3947b.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8344d26a-1b5f-40be-917b-8b4f42dea0c8.tmp
Filesize
713B

MD5
288c8609023ff2bf1092bbd62c3fc696

SHA1
758e5116dc3b0649008989280e50228e3c7c4bdb

SHA256
081b94c199342d220f9fdd879d1b4332797994beada3ddc622a2d7272f2acfbc

SHA512
ecad63805cfe44cec3cc7063ea792e2c773d5961d40a97df35658c48fd6172395975d6b88fbf014e800d85146b9a6ab91810fcc30c4f329196f597745e985227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
46a03716562b3455a0f9c01996a047ca

SHA1
fd1077516052e63b00fa72ee560f618433a8847e

SHA256
a3bb7638930a965993ed6137c43c05e514230fea7af3385740cba83945143a1e

SHA512
549e6a5a357197cb9773b485818ad1fccf420dadf74df5b8597011177f045ffbb05cb36524206beef913d5a1f2ae64078ead4edfa06da0d0c763311422aef945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
4d96614ad833d4ea1f63bbcfabdc6542

SHA1
41b143237948b81452f31e0df1961f05018317c4

SHA256
7cf7c2a37b367ac3184ed1348a26d573f7b03564efdf1e3e448301dead893fe1

SHA512
d00f70ed005f2b3b7b430052955e6cc7239b0184c46b52b93b1ca082fc3399bb9e1c602089b79e1a77807a31ddd59b1c788555b51d94bb2aa901f699cfc91afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
9fb8a3249d0d30fdd3b0eae8eb34c3cb

SHA1
7c86c572fbccf981dbf4108f90a364184df135f9

SHA256
531fce214f51d26e1a0447846041b19c9892e38dd3cd20c0ccbe9176f2b0edb7

SHA512
b647aedb0706d55726c084459fe05ae92c8e13507ebf3853ce812491f482a952166a4a721620a8286b29f4df3551d0307746495ef34a1085823355ed33c5bea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
ed81eb8b8ff955f69170cc06b5ececed

SHA1
66088dfcec0dbc87695b1b89ca6f2699c4cefb1e

SHA256
846c1bac7e4306a12f51a3588833e61443fac5c35ede119f916461fffc59e83d

SHA512
2795f9ce13a4f5df5c6a29e730a87c69ce71a251d6df37e16e437371ff918e2d388e43066fcc5c48dacb9ae7968d3c5dc2c1b7e697079cbf3f01856cee70a5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
5e56b3c900be257b0549bc24a4a4ddfd

SHA1
af49d7d966d340ee913b24ae9843205d189d250b

SHA256
6abd1bbf181d2c0c64621731f13d39aa0d08700cf9f7de8d1522cacacc53de9e

SHA512
79a1f85a48112c06de814d1afd8cf7a9feed42a30e6b1250f72100235367b6e04e826f12578c8ac034fa573f50fcf4e60317c83eb525aef27321093247982b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
e0272325d9abd5981f7b5191b7f9d1e7

SHA1
0e98ca588331d5b0ba732ce70d2b323f8dcc343f

SHA256
2b8209ab54bba5ae3acacdbdba87bbf3b8cdd9a8feb0e775140078050e234c02

SHA512
fa420a16d3fdbc5a5f603c05d43a97033daf3a95c0994499d0a5bdd0cf74e385606824872421aa1f56600ef8fd97872c9b05d51acb7aadbcd080afc31c35ba5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
1KB

MD5
5cb71e0247c35ab5c7618dbdb923c797

SHA1
3022487147bc14849f2240153e3a0bc63b52ffd5

SHA256
73b588b8398e0c2254c73e43e29ac2bee3f00b1526049da91f8482dfd5c86ae8

SHA512
29b062fcbbafdaea3932ee6152d1b2e3e381eae226d0f0b5e3a62a7288703ec95f536eb7bb9604e803a2aa0ffe5423aba4e6c876d4c7acca7e980c0403ae8496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Filesize
28KB

MD5
3449c4be7803834455a5f2a3beeb3e3b

SHA1
9bb35a619445dca060b25a09cfdb7c1234ade59e

SHA256
bdac10a1c2e6971e47db3e88cc1e395e238794390dfca677213642110305b054

SHA512
3a266bc1c6f3089f1e8f0da64fec3024b9ac9ffa8db26181c5be4e6fa8810b3c114ec0a608ee54bc25e97111f5e83d015bb80ac595c36e59da53da5d8a821635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
2KB

MD5
0146eccc658c64214e0fc29a3a87e19e

SHA1
40243c81548cb4518bf6fcbbc1fea031063bf101

SHA256
19ae79cdb8c0801e36c293b0dd05775934d9eba6c3abe59dfe4e806beb628fed

SHA512
e45434fc51fb5b3d3f065958ef8e08dcab75a3ef7d7d729c21ce599ad9052c519dab4ade04050e49e258f3b4704469ddce5f6b77f7f4bba4f543806e697e11e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
d17f7d3d8b330242da21a2b6985fb2d3

SHA1
391d2b4a86abe7f0b60cb600cad1da935c13dd18

SHA256
d50a0a54dc4bbae62aaec1a400fe2f23428b833827eec74724fad6767ede6752

SHA512
6d01387c96ab5b502d885eb0fd982f22f3bfc47cc3179c054e3c78c4fae2c166ff0a44fbdce3f053d83709841c31f40a331e40989f3dbe3bfeedebaa8f5e3bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
Filesize
36KB

MD5
4dd95edecedcfb6441b494bbd49507b1

SHA1
02c7480f7a509257a9f322d08900065972509c1c

SHA256
774054d8458e3ecb26a7a42ffea40b2ee3720459a6ae663f6567ab10299b3319

SHA512
bdaf0dbe45bc233fa08e33b8a61a2163cebe424a554b8e55bf4765a32eee2797e21ec25db51abf8c3eb2ad882456ed88c791c2bd0de89d997000aa00068265d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor-journal
Filesize
516B

MD5
59a32c68a0950b1ea438b874ea0e6d4a

SHA1
8b7ea9a095c8279dcc3168bd9014575423e007ce

SHA256
5cfbbb35c31a639e619a8c293c2a64171dc091e27ff73a6cf529bb4b4918b07d

SHA512
2e7a3943233a5649eca978a90398344e335d7252cd371f2b1456037f1ab887dd02b95751e9871ee18b4e7cc034bafb510247848aa711f9c2e105ef010aa7a7bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
622B

MD5
34cbbe82eff8f19ac7b73461fe3e9bc2

SHA1
3c9503a65ea1078c8b36acc202776bc25eb4b80b

SHA256
e0190e5778b37f0c13fd4486fbb404cf04dd5a1033ccdcae44d3748cd113a83a

SHA512
69833f8d38e3bf760598a6ccdfc9c3b4c79c8417b30b5f9233e2c263f4a6d2392e18e8d47b876b344c3f003e33b0d62b9dbf9dbf3c6d5db9bfd35c7fac944126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
713B

MD5
462a2068757ba959c6839c560b3cd7ab

SHA1
afde3172baacf989ffcb87312dc31609db16b0fb

SHA256
2fdb4dab9986416e4d560653d38266ca9bc86604c9bd379e404d30fd55e5eafe

SHA512
adc19d2b92e13f593adb2f676462cba853acc10dd0662df9720b56626edf5bbb50a81d127871209c21490e4a81e9f2e22421ee05737c27d09a53c3a82e59c380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
6fcd1069c6126df21945c91efd448421

SHA1
b05379eff53109882e08413b0162e833a98a70a7

SHA256
fca5bd6a8a5cec61e0120b4d656e5f39083853f929dccebfa48ba9f7c488d99a

SHA512
d5b42adb743c4126cd0dad1ddb8ff75020c608f63b5ca30d504e3d4accb0a4ac3b681ca24e8c3758704e713c00871960e5339d62376a8f4b16503d8d46d4f452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a8c0f67cddb536118a64be9b3b49b98f

SHA1
282911a3a9a06f74b0816e6cf533fda2bdbe5ce1

SHA256
d5132414b9ada72fabc471dd4b142dd20be71d8d156cc1a98786d451f6bb0438

SHA512
59c71ea6ba2a9a8d57a3503c95f06cfdedce0080fc954698ff6d6dd93e83d48651047d3cad5a20bb9be6df6150bf270d121bc2e1e498754712bda51f2a9f2aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
49e7b1ffd48fe5395aa7ce040bc01a48

SHA1
d778c5e9ac8f18affddbfcbba51dfd5afa42d136

SHA256
5a930fbba320daf6a320386b8ff454776947254d8e526f265a1b7daffc362bc3

SHA512
a9be791f69c3a5511f0a0e5a55315461f9566076ed4dde3c6727772dead7a70927af48d9b5dd89c36360e057a0d735fde3810fe3d6fda6dba06421c9c36a0a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
14c3ea0416d0030697279613894ff19b

SHA1
2626f8e5bcd1629e74f986150e76b41ab296d62b

SHA256
bc4d0ae79c4742f8c5ddb84aaf202b6f96fb094a4c0b499b7783808cc13ec139

SHA512
8915ab74a2bc2a2c83e8323ee5ef845b573f5404c7b5bf6881dfb27f87dc173c1cabdd192d3506c6e10a44d17e04acb075e5abd4db80e214d9712524c3bbdca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b732dd9b34414c01057d7039ec471ad9

SHA1
2dd52227145820fb8dc5ce550910f2fe38f1edcc

SHA256
c3c81839f18fe400876eacac5afbe5a0dea705052b07f85ea43ead4414bede11

SHA512
372bf87449be7fa6722a4a1aba699bbfbabcaecc378094ffe845dcfbe409f5dc60cb0c0273a1f03ec328f6d7eadc07fc186adc7f2572a53bf8be52317f9392b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f2512c2807d3bbe905e5573859382edf

SHA1
f2497c58a52b8db40a8c654ee28e3d1a469e4924

SHA256
a7a4abdbaa19169455063a82572144fc8d28cff539ed93fbbbda5de16d111c31

SHA512
873c212faac0231a3048d055057f8a1ac6726ed66d12abba061c7f4234323a782b241d2dd4b1f8775cadd6fb323f8f9e5a9e79631238194b10eaff49b92536c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
630eba59486c3e9a6d6f1eda6f6489b4

SHA1
7bd0dbec90c3c4a83f9b65e9703f707199ed426a

SHA256
0f78ccff6eac39788d554a1280f28a8d46f1cb9a9a4fbaf8b7545282dbceddc2

SHA512
2c34b41d6cbc2fa4527850d1470ecdb7137fd5a8107a3cd0f0ceec1110abeb971da4b7a559b7fb2311a6bbc38e7db29506a2e096c6d1cfebc665625a3a599753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3611a49fb92c6f39a3bbe4aad3aba823

SHA1
0788d494ab2198c62e65dfa4581fdce12139559b

SHA256
cc1c0ec446588bf2166ec9e0d35b98da0d6975e91bc4ada4cbeff8c98fe5733b

SHA512
c0d389c0a41ed3e9bb3e708794e3523b35997b284b01a649e5374d9538e192830080c1b9c462c7cd407767f7d647cc63be1fc09a5f9f33870ddc6c70c4c58f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7e2b87b938899ba3c62251f935ca03c6

SHA1
25edc1eba5e481ceb38d6557f205fd51b1e48b80

SHA256
7d0bbfc418537fbd08cd98c95a1e6218d3824857e7736aba11d78181d663d5b2

SHA512
7711eb8c49e766ce845d8425fe483e4cc7139432561ef8b1ef5d7e8f870f29718cf1b80f01d014023c27dbabd9dcad277e8c928143254dea501e20269ec9af14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
193a5d6ca0c1fb0ebb02b1b0dd18b024

SHA1
c05d3d7e7929389c7587e4045556c7500a57c866

SHA256
a523131c2c01629deb8d7a34a3310a6c85b9a8c3f8ba1ebb043f5550d9c26b5c

SHA512
11bdcb90e46ec15a67b0b53fc3519076414784c916d0181131990b868226897bd0ef4bc5170a4f7b9a144bb2d505a3ad38f4cba8bfecf7e1f4e1897eff082d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1accb2fa268ab2bbe0f8777f52ce81c2

SHA1
697445b6280498fae32b757ade2cc033c724950e

SHA256
6b8942890b0bae8c511f5600fe4305bfa9ace17fddee144f3762ee5172563629

SHA512
f8392af727caf476f0d4d52ca75bd8b5d3fb8e392fec490151300289cb1ad4cffcd17a7edb9c6786c41a410d9966e492c19e5ba04fb870ea48011e2b9d950b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
aa667353a69b4cf4dd715ee51328b794

SHA1
bd56c0298bdb46006fc7af843cff758bdbf2ba6c

SHA256
32a15058076cfca47eeb4e8202bffc2fadbb4a4a1be4a5fc69bd098399417b8b

SHA512
0e1e45ebedbc7b728e8909aec638195dd2abe73334f83093be209162f9bbdd821be805b9a7ef105b585735a0a00acd5e388ca31c6fc53b7f7d5330c35dc314ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
79b756fc01784023f5f9fb4715b04466

SHA1
04fe496f04e95cc410a8fe810dd478ba7aade277

SHA256
2eec893e93edf38c275796a749bc66fb99d0a48f500c835bc2e9a714f9f6c6b5

SHA512
e572fcbdeb375dc67cd5ebdee1098ac91ab348d03f8d0261a25e6a7e096153c505389a3e848687e9e88cbedc6313702d1465f2678e0740b6b25a2d349acf055b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
25KB

MD5
a1c47aa8dc34db83e2463cf7fef67c2f

SHA1
5a0c62983f89f5397a32645fd53633af31bdd59b

SHA256
69ce53123ec5f719fb68dedef909c9326db38afb9622bc592432a7f49b9a0e12

SHA512
cbe0542bb394f9ce5656f024539c7b1674e122220537d53c0c6d4da245bea95cf6e83fd83ced94b3f15eb1f39daee5faf87af3cc69c46bac756665d5e739bfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
25KB

MD5
0ba15f72ffb0a37243558588d3e78221

SHA1
814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

SHA256
3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

SHA512
02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
322B

MD5
a57f70427039dd14c967aad109e3368f

SHA1
b7e50c6c4f5ec2b40945d0d4de864ab638e33079

SHA256
eaae22233aaca74cc865b922a252f9285f3807a179affb19e0813fbbcfa2df95

SHA512
7b395e346078b14df40a5b29b55de78f06db1ae3042e6e660bf37aac4ddcd3150e8b0949f17e43fb2a4eaf92b8fb1b4f85b75961e924b65a38cea9a074dd6c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13354512222111587
Filesize
14KB

MD5
9c9e884edf4372bdf702fc0952d1621e

SHA1
b6ee51a380546e83fe9dc8aa7590e8c0d5014358

SHA256
6c3c8bef53d859e9b73d08650db8188442034c5c39d30a704f2c9181d761a1ea

SHA512
2b3a7f3a57389fd68db215630ad7ee6c541e8ed1637c4aea7ef0f1913064e9cc316f8834532ee8a9faab89616e801a78fa9bf5a914db1e502cf369c758a847ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13354512222237587
Filesize
4KB

MD5
7eeddc7200a31c016466acb1943b93b9

SHA1
d2d8f42e9d05f46425d5983fc14e3a4afa301dac

SHA256
eab7b416e19a6b0501ddea9572643c2ab25a5b7082526e3823aea5a913813810

SHA512
12d30393631945f762569424df9b154cee4cbbcdcd4026519692b279489c3a1ee99001c9000291b5bbbbfa8365192c1b9b8005b10a0a01f0f8f21d5c332b9b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
Filesize
20KB

MD5
03bd99d0228821741e9045b9ffd43e30

SHA1
d791f5d041600b51b5703695071f149208ad9875

SHA256
d243c7026bcefc5fe8cb9a6613fc92bd84e8373975d8870ed0eaf4a148aa366f

SHA512
b0b15b75b2106271220c7efeebd4cf66980ccb35570b2481e3ecee35a64e89d8543fc35e9cb36de44ec88acf9c4ce806c8f2e39440882f5463be8010939d020a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
f7fd466fc87e0761432f518574b87d1c

SHA1
e39d4ab62dda4d0f8064a82347a1e145e9b3c428

SHA256
a1f9948a1bd9b2a996df8739ded048d4484d8b4fb56e6ada857a708a917ebd5b

SHA512
54eb6b917befdd51f3e3158b9d12be70ceb0eab22b71106908782e2a1444e27bfed25e14f1a4752082e29f5daf18905b2ff221e90f09aac06fd3c9a6424f744f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
e369d5bfa841e0652a13c3ba2fb4dbb7

SHA1
c5dc481e0fdfb17b5352f00fd0513bd44c62d7a2

SHA256
98470b92dbbca03edab22aa6789326c40e539afd2cf38a644bd84a72eff91ace

SHA512
2952cf12b4d129bd2ba438ab2e6d37f93eb562325668120c051e2d16593f45323f7de88a1684086ccb74dfecb5b91cd5df06425db51054bad33aa1416b227ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
9266d59e9524ae6da6e41173d88e0b67

SHA1
0cca0d05becfe2dbb0d12b2c87d14b1f9d012feb

SHA256
708d52b09b8e3a1d22e2f3b2842c7f49916b8a83a91a04112a83f963779aaf92

SHA512
597d9097964d88f6d6440e93b80a5860ff2706a804e4f594f61181c515e77dbfebe8ed69a5bd68f06194dbf5ab51d51316b1355c41c0f5a8d1f1789226a64775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
3027b7e614a86edfcfcf82db4126608a

SHA1
b04e3571ebfe80f174957a0040ed25cb2e7190b9

SHA256
1f0cc24193f1d1b34a4f06951da17495170f90d1c9cda46d2aa4f493adc47f63

SHA512
8b72117ffddb7ddbdfbb831dbad945502c7fead929f3c18fc8a59f5fe733b1bb5a15c60f575c97f7b0bd4b85089516d5414c46ab84891f2802558809f8b47169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ee29.TMP
Filesize
204B

MD5
8a8bf97c6498e51da1dd7cbef3409f5c

SHA1
a4b722fcb96343f1935baef4bfef5edadeb68632

SHA256
744d56b24194e07b03682572ab667cddb3a0d99b84ed3a1c561990a70bf90fad

SHA512
16050c5188446a55730b0d86bcd5f5aa90e970b1318dd1e744294912c1028403f8ed2a7b14bad5b97420c65a2c02131dc6042dc78afa8f20145b6cf69fa184e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
01fca5212e48a6dda7f320478ed59bb5

SHA1
862a3aa71149ca188cf29faea53d406b326ccecd

SHA256
007a1ccd6d7d7981c12064ed81616a415aa1b36888c2da1a9a979a6f5eff1e99

SHA512
43b72ca49b2c81012e206a96fd2873a091abd75201040fd56e5d9138b0ad4d8c143b25672215cd81dc5c39a9eca680230314d224fe4b6ecc6ed340824be8e27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
Filesize
139B

MD5
88a899a84f80cd8717e0b54234844711

SHA1
1fe57da68d34daeb3ade323dea4f3cf91ccc35cd

SHA256
49ba86dcfd88e28348a9beed85a582072b82aacffe849763a9dcf535937c56d7

SHA512
701e6e6b4f0aad371bdfdf5198f4ab6b3d13b0f018b5130c8e36fdddb73a2bf6cf066a5193cf0dbafc0e55b6104b3169d4c83e2f21230f77e7bb5d22e19c2688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
52KB

MD5
0603faf2e2ed770e71c79785962dfd71

SHA1
28b57b48c5e7b57c0bd3d3dadc88646ec069b611

SHA256
2ac3cbd4b3a77bb670625dcafe451439b57aa22f3913f575744b341c80bf4833

SHA512
fc8c18783d105ea5a2142113bd517c81938632dc89f92bafeddcb06ad79c87b505ad3fd7337cfc1ba80cf4319c1f65dfb2db699a88e67b664a4e221683d1cb33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
3c72a428c882b3762f4750328209f266

SHA1
e7239f6c5b95364e65a81bc30b0926b3c729f0c6

SHA256
ce7247ea8176b6efd675cd2ad4ebad980ba6aba974976c0c494ecbb2e84504bc

SHA512
67266fda34405714b7030a239de4c25c5817d20f453ccc4dc17f30f24c2f0ef78f30d0280035ee3dc835a290ab43f4dd23df5a883f17d60ddf363b5cd2aaee49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
bd663f694e55d3fc9afd978be4545f9a

SHA1
f314f0390492ada70c04038ce2e95f553548c2c9

SHA256
808e9369e325fd128b51a19bfb25724299c63327991ec9b8c63d3415379f047a

SHA512
f6246e985270682880fbbdd96c628f86fcb557bfa4a1b7a3b5edecaca2f48a52811bbc446efe84e607c9d03e190834073a81d178b7b1065f936f69851d9f3727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
12b81cb9c20308a9eb397a74d7f10dd5

SHA1
a9c6de6ab66a65d0b7ea96844248b34892190705

SHA256
73b6fe036a657d24ca9ece8f6302aba1f0648405b504df034cfa238dd94bcb80

SHA512
0d5dc4278efe7b9d60a4a46b99da5379c034bd585e05fa2e59eea153ceb8c00d0d9065c186e10a43c36118647f01bf4e407ca34594ebc10c22fe5f1177d8ef3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
24ac92b2c34f795b82edbe264dea7f45

SHA1
24a6570a6fb5740bfeb909b198449447c5a9848f

SHA256
6b734e8a401961187e6172f88f056550b8d3bcb20045032105f082f6c8bde7cb

SHA512
610418fd478f7564ad5ebd2988a73873bd83a44c0b878b3c15a034522386934c127d07afce006e7839ffa683a4208634c22eca37b4284fb2e0d10c52032f85ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
0a3d1199549eb30a73a30c6c001a4d1d

SHA1
2a0d8b7ab511cbcd52409b01db446b4245004827

SHA256
7c6f9e07cb69d30b1545626ef5af153758f63acc1617c14508b8b8015cb93fc7

SHA512
828dc81f97bfcf3ce79ca8c3d41587b8f1e95675696f2f32fa25295fc5b312e1294345458dd46f5a7f9563a2d332bec771c8ea9e44f84c352591804f896e1137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
Filesize
16KB

MD5
d9a68b04c3acd7ae8b7ab84b30dadacf

SHA1
15fa5365fcb7f850c972a49bd8e4d17e1555b676

SHA256
8e0551ab1f33d2f58d48228f918a1bd13ceb2f9837d3210e498be756681ddc5f

SHA512
9cd59753e3a8e750d37fbdb4de27cb7a4255180e85c9deff601a1824f17dc3d2bc1a0cfffea565d825cb27e6304987ba9456d733ab7af11fdbbe5b4460a1b6e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
11e5ea83bc192be2fd8bc328b3d47efc

SHA1
0b9f190676a060c89e7884025ae267fbce147fc8

SHA256
56c95d94e4955e0e787592bf418e2490731729570938f2cdcac69785a9377eb4

SHA512
cedb49e90bb3d24767be9f1caf2ba5c0733b432a4e7cea1d5e2b5827b58f9c6ec435188e76b4d8e340bfb636bb6b91568b7070c714b0f8147f4450ccfec3435c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
fcbf93c029596e339e08de920886ab8e

SHA1
2810d42a5653e1e33881d7fa995180c7b4473517

SHA256
a5654f57c95ef2f25652f9956fbfca4462b6fb7e18a725ffe0c068815c6f8736

SHA512
cc00b7fcddb29eb71b8648c8946adb145b541155369339d674c77ae41fe388ef0fa5e55a0f220b6bddb43b3afe289739220d0bb4fb2cdee86b2de6163e8d42d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5627a22030cc037dfa47778fe5d5aa59

SHA1
f83cc9632b173836e5401b338470e3831421e01d

SHA256
b67cdc3cb82f9d3a4b766af21fa6e52285b4a916c488f1c50f39e6d920fb4945

SHA512
123e8101624289652c8b102f4cd86432782a6be01fe4714c2fe3d609bbb4ab1fd915460c3fb809379ceed25b6b99666a11b44f14c329ecf0883335d2881b56ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
7b071d4cd01627666051c2cb62ee8d54

SHA1
7022c109ef82d1c0589acb01e73c6d7be47fccd0

SHA256
fefdb120119a7dfc78cfe13b00cfad2491079fc76622f2868acae2722be63f28

SHA512
13916b9af3d74eadfd9d0c960afcbb57c015d6fce9cfbc1829d56acab126af476821e1780293be3de3d4b2013b3be7dcb360031f2c2e50f2b801a1d73435151c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
5474c3d49c49bb2da38790dddb25e7e7

SHA1
60bddf7508dec31aa73ca576dd48af6d92318616

SHA256
5ef51036b0905640667fc9ce6580b31f98101cfb696ea2b57d9204a9cd9054cd

SHA512
40ecfebff692c6e79cb706f9b751b3a0aa8fe9087839eda8c639efbc43b972940bb35f4b7b84dc2b6f4b837fa54431bca65e9b72dedcb74b1936f307ae1e4090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
90f43b75c0fa3282910c9d708aecc5dc

SHA1
db276946825b91f45117064c7569bdeac9f3a77d

SHA256
de52a5e70f7c728a0df425d10964336f8733a12025fcc928d76bff978c489891

SHA512
bd64db1a05d6a5fb9c9419004ae46a04641eada7df054113e3e6bec65c63bd24417c38ebc0c0b8815a4065ad51db03419ad589418495f52b2e79c40230f4320d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
bdb8543730ecdcc0fa2ca569d921f8b8

SHA1
d3f803ba2d8abe2a922c8a3606de19ebaecefd74

SHA256
0990c9798aacf50b8be2153decef6391493ef0831b720b34fdb34df197bf477e

SHA512
5819cb19e6a8249698bb89dc08787524d118de85385e593bac22c258d28677413fabb1540473f9bea6c094fd624f6e507ade5bd0ceef4d11c0a8b3660d02ac89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8dd1e69878d376b99e1708717dec536a

SHA1
aff2823b205cc83aad2fae2baded7d32fae261ec

SHA256
77aecf3a252e094f2152afd09aaccdce95924262e909c3742e12f0cdc99c5d66

SHA512
96a7c61963df0472cd4cc03af4591c744d1fa6ea3f02b831415a143141894227418a3b1a974ca8af44056ecb1ba6b9647c53da31c6b15b33ae5ba07852f7d486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
b380bb79b0adf9b30da172a748730b55

SHA1
afdb92b51b174600be51e1abe660fe8cb591fea8

SHA256
2e17725ae0352e7c9f53279a9ee2ff706a4048482472e79ed64b2a2503f4b073

SHA512
11256bd87b4c8bb736fd2e9a703a74ed485af5ff94b1b82a3e013ef1f86626d522272a0fc7a7c9015c79bf1416aa8778e77b3d7689c42b6dbcb847bf6e6fcc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
Filesize
3B

MD5
c67e2ada4a2b1258f580e480fd8caf76

SHA1
7248fb80af2351e2017ec61bd437285eded34c41

SHA256
f126e6fbac993b3747578a79ac9e0581fb2b7b4ef4c706794f6eb0bf45942f4c

SHA512
b9af86bff58b346ee891aeb735ea3fdc2538ed9ce2f19b4c2f841b97ca47a185261537914896e3ee1464a50b6c789efde8c69755ce63e4dc431e713d51866cfa

Download Submit
\??\pipe\LOCAL\crashpad_1060_POKICZDHXGXLKUGE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit