hxxps://qptr[.]ru/EDcn

Analysis

max time kernel
50s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qptr.ru/EDcn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

2336 msedge.exe
2336 msedge.exe
1420 msedge.exe
1420 msedge.exe
1572 identity_helper.exe
1572 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

1420 msedge.exe
1420 msedge.exe
1420 msedge.exe
1420 msedge.exe
1420 msedge.exe
1420 msedge.exe
1420 msedge.exe
1420 msedge.exe
1420 msedge.exe

pid	process
2336	msedge.exe
2336	msedge.exe
1420	msedge.exe
1420	msedge.exe
1572	identity_helper.exe
1572	identity_helper.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1420 wrote to memory of 3424	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 3424	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5052	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 2336	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 2336	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe
PID 1420 wrote to memory of 5104	1420	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/EDcn
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb34346f8,0x7ffdb3434708,0x7ffdb3434718
2⤵
PID:3424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
2⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
2⤵
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
2⤵
PID:1328

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
2⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
2⤵
PID:2688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
2⤵
PID:2400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
2⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
2⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5916 /prefetch:8
2⤵
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
2⤵
PID:3904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9895670476564511121,15293094799476829426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1336

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
43KB

MD5
db2a509594a5a1893b68ab6751b4821b

SHA1
de248758ad71bb86150de155daa2fae0ef82186b

SHA256
7205ea02f7af5c57824a95597af310a9a7f1cddb053abb3b4b82af8f09fb6f51

SHA512
37a82855bfdcd0f93c097883437c22362b8cd79530885f981c6e03fd6f2f80a8177a979a005feec10b61aa2b84b49faf0a05e548d472655eb50ff4df5b159e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
a300b040f9c417b50883bd7c3ccc2419

SHA1
19a95db905eabb614c0096bdd1659f917dc739df

SHA256
8a4a14ac072567b5ea25ff925782a953ae7c00ff8a1e8bea8091dba60666df1f

SHA512
759533cafe51f628d08945c2c6473182e1e433edb362371bd395da67d3e12f207b12f66fa0eff6ba2a65cba692650fe72be827cac02b0e06dbb8a153142ecb73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
911B

MD5
66b952a583e0382f160bedcebe84b8d4

SHA1
d77a8ed556f2407c7d332b05b4c1bf9c3f4c437f

SHA256
f7da0720868846c8237a485bf4ebac6cdfde90399870321fd9e93d5c3bf34beb

SHA512
59eef8caf40332feb7145769f1b414c89f06f812ec553ee229b03df16a446c3d1de48a588b6bea27e0396b810c824c0cec2e04e6a073faab7631c9724bb6ded8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9eb0fb9acb59d79eeb0f9978065acab2

SHA1
4c9d5474aebb126b49bf9659dbf246de009e0031

SHA256
b184e1f730085fbc394e9fbd80ebb3e5c4c6e7cad7dc0245139e1924309f9ab5

SHA512
015a34a5758b7a123c15608a8459f71004316901dd90d2dc8dabd351ea103fb322c4273e325101c09f9bbc5c253c5bddab82a51c179a308a946176f97b0ff2ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
22fc81c5fe38b3918e99835392712d68

SHA1
f136691ec68a918e25cb265e0cb06ec3487d51f1

SHA256
0a99f2ba75f390b219bb8378c335de4d818dc96a850145d40e595b7d3a7dba32

SHA512
c19686e8f762b2bb9b36f9b3df2a0b12b8c04bfe8f5532191dbcd29b15fe1ff1ba0da971d6bc39ba1fa8ec71497c457be6bcc0e222423768cc21b11fc333d3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
f117d391033ff05c49cf0b2e190dca3d

SHA1
3b292078bf6ef64bf09ebee16abf36c932bdabe0

SHA256
0bb587f997e4f53c451442bebda6d1cd42be6e58d94bc6bc3ef2a28718e863ce

SHA512
30a839bb4f6ee302c8f1fcd080bd655c930b995a4c1806619176d5b64d1c3bffbf7763ac837e8be39a26b5e18525f8f00cb7c0476e4ae78b98f843e921a9b8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a2d5a6d088a5485da890a6597de6250e

SHA1
972fa0c03af1439b4f37a8622d9f2023a3627b66

SHA256
245689d0af120153d771119fbe0090b2bc35aad922e82348b810221b6a8d4246

SHA512
2273bcf3f4f546722bfe77125b1a157548c9a2f5c0660aef2772c2c6fe8a7c84bb59585ba1c3f95a06bfb673ff9f1a9c7f1496b629fb2e919eb58f9a0310008e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
0043b7182e367d7eeca91b5164cab34e

SHA1
e6ac7a0f46f66063ec0fa8a0ece5336215dfcfd3

SHA256
dd152776f0157450bc100e6f663a3ef8d22949feedbf8a2e8038b9e5b24ae927

SHA512
037f7e4f60efca2f79a0137f7528ed11a90c2def0a8e28d46c824b896fa92a073559d0e3f8064c2881d97e62ab9aa8c7f116d64a7d6302903aedfaefd73d1bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa3e.TMP
Filesize
707B

MD5
8340bccd6bcf9ce01137ff766bb9956a

SHA1
9797b09db89562dd4e88dad179b0325ceb21483d

SHA256
ca2526d0117f9d0341b51cfc4f3d9eda23c0e86aed6bc41fff650733e6895f3d

SHA512
d601d59de4d4673469a65dfc276b9f10e709976f2ad2d7a08260375f3139cf969b5464461c7530006a02dd9e7df1cedbd438335b5304c5d70f4ccf5d902647f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
576628bff447dfe1665af18b0906bc43

SHA1
3ee344969cdf246d2463429235cec56aebf6687d

SHA256
08e3811a2cffa98d01e2e82b401cfb6371a7ee4a5842ac9a9a83c62030924f1c

SHA512
46702fdf6d88d05e8d25f3a243df7dce09c0ca9e14f224168f8e7f8dc3f63cc746fa6614d1acdf31e36323cea60099ed4c24097002abc2db70d8cb63d582d28e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c94f6afdb4d1415c094e397f171a4ef6

SHA1
fb67b498c3eb7464847d9c408b91eec0d40c81f0

SHA256
9ad1c9cee375fb7ca1aeac31b1d6da116c57d0b37144b6005ed25e7a8d0b26b0

SHA512
dba7653cfa43761dd364114b3f5c931cc910ef32e7ee516b38ce1a8448555f8bea0ec93b4c17c60fb676ff9e9a419e0c87b21cc67040960bee78bf2f8bf10987

Download Submit
\??\pipe\LOCAL\crashpad_1420_RTGJOHHDMOUSLUFS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit