hxxps://qptr[.]ru/EDcn

Resubmissions

09-04-2024 14:12

240409-rjb9nsce3w 10

09-04-2024 14:07

240409-reybcaha47 10

09-04-2024 14:00

240409-ra9tksgh55 10

09-04-2024 13:53

240409-q67hnagg32 10

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qptr.ru/EDcn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2008	msedge.exe
2008	msedge.exe
808	msedge.exe
808	msedge.exe
5000	identity_helper.exe
5000	identity_helper.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 808 wrote to memory of 1204	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 1204	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2792	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2008	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2008	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe
PID 808 wrote to memory of 2032	808	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/EDcn
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98f0a46f8,0x7ff98f0a4708,0x7ff98f0a4718
2⤵
PID:1204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
2⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
2⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:2564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
2⤵
PID:4488

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
2⤵
PID:624

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
2⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
2⤵
PID:2108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
2⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
2⤵
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
2⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
2⤵
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
2⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
2⤵
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
2⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
2⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
2⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
2⤵
PID:2892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,1971625178215133661,7144176040425235666,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5164 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:816

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
43KB

MD5
db2a509594a5a1893b68ab6751b4821b

SHA1
de248758ad71bb86150de155daa2fae0ef82186b

SHA256
7205ea02f7af5c57824a95597af310a9a7f1cddb053abb3b4b82af8f09fb6f51

SHA512
37a82855bfdcd0f93c097883437c22362b8cd79530885f981c6e03fd6f2f80a8177a979a005feec10b61aa2b84b49faf0a05e548d472655eb50ff4df5b159e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
00cf853ad693d91e42d163f942e1784e

SHA1
c581c9ae8de984983cc37f16edd40e19e82f0310

SHA256
6e22739d732286faf2e28820a5a33ffd05efaa508ff97d2fcfdf34db1927cb58

SHA512
2554213c89a6050f1797d8f7e2621505db45cbca2b6aa753bded31039d90876d7697b6f4513ca8063953e2581aa5782ad818c6ac6d46ee376101f76f4d1e0e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
be4152b948a01191166cd0959743c5a3

SHA1
7541b44ce2e15941156754d5ab279ab93f92b2ed

SHA256
eaf8a9e092788060c1a12c54fc6658506f428a3248c0c9f0af75d50fcdbafb3a

SHA512
89439c2928ae2183183220ca0030258d9af8ce03e6986a3c13a8949b5853f3afb08b3c4ca800dd889b909d083c71b706000ce480485ca0959bc563aa5067a181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
86e786a3721e06be2c7a376fb9a19b5b

SHA1
e32511b58297b49c5088123e99ace17c4f10dce0

SHA256
4feba632cf4cf1fd4557dfec3f1a4fec1563c993690acc46d9110c5490a50a86

SHA512
e9a73e81ae487f852580ca39e24ad410fa341e0a0f4a4081ee0e48eab2b45e67535f0f7e494652370789776bb19c660c5e94110d3735910250c8b31df79390fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
afd1af2c8a88c1b811f6f009ba35727c

SHA1
32ee67cb1172ca8046d008b7bdfea821829fdad8

SHA256
9bb02db04a25fb7d90054026874b29d4695c81149a6b81a4ffcc0f76bfbd2762

SHA512
97bf18113d0f8dd8fa605aec01f903fcd3be932416c8190cd90386e73b38b735169e3caf398abd72f008e508f1b16dfcb7e9eb760f82dd1b0aa57c2bc4ab2e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
455498ab65037a5d87e44f8abfce826f

SHA1
6855165e2ea06ce368c3ef365d78c4d1706927dd

SHA256
b8d2dfb7c793d64375af73d229926b7baa8904baba76f9f2c8ea51665a44daaa

SHA512
fcf322d47278bcf9b038e7ba8f2ea3414a85bbf2d0ae81b09843e352ae55c73f4c4ef87c1c38f1d875e57d77b0b5bb13022936b6b59a6b605a3b0fc036176542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
701bd4004453ab026045727dc9961e2f

SHA1
3ca7dcfc77879614889d38ad0588643d5d27c5a3

SHA256
c1bd02b022ef8740f8eed4be32ec818b58a89a08dd0adbdcb2f811d0a131a6bb

SHA512
ded3eb5fa54e77d4773f65ce6f096df5f48204a3269ba5d4a133607232faa49a88f744b402aa7f58146b9b5303a965f2c2f2f956479144e5c5cdd9f846b8b140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
cc99e1c6ad86766265517ce5edde729c

SHA1
793966387257ba795eba2ed7eddd5b6ecc7a49c4

SHA256
52726551494bb4755e7a7524811bb3b764038544675813090e7ef0ae65fd4169

SHA512
ae81e2957c59382ce50ad97507a3686d43046dfafbc5be94dafb44f9be23fc1cc91ee87f0762173e81609a5a7f53067689abbff0585a536ab89dcdfcb9caf6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
e5316d5358dbb66287fb80fa6dc15f45

SHA1
cb9b9ba12fae743ab0caaec2f94454acd69a1b12

SHA256
3b44e83b4125b02881f842db90bb995e737ca9a05a0a8e610da7ef07400ee567

SHA512
615180eac0bd5f416c41a5cd832adc6dfd27ce35061d19a9076db4e8ce5184a16f9c536a5f7eb9ce4fb7053db139585aade6108c5f3e54167df3ec0fb359e296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
03534fc9f8224088165fb8ef70806aa2

SHA1
b0c84d27d280ab525491cf9a8ca105da22501b56

SHA256
e1c605ab4240d53df01790989dc6d391191412534988b7df69be54db5229f5e5

SHA512
a0c001bce2f66d165a6eb18c3f1d649c825106bebc1d9318c8456d5b2c0a0646ae0bcabfae84a9b74a9c4d2c46f3c59e8d300f4a33b28d4febe229ea3b6ba353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
1c80bd644b98589ef1d6d4aec1a965fe

SHA1
7d81cf1eb2c83f441facdf82e6969a49825233b5

SHA256
45e73dec61aeb5140e5c90ae3ae42d254af443939f09ce739fbf17252082b6f5

SHA512
89f0a4384d5a3e361313de63340c1d0bdc2fa94c3abc9553ce4d7df943c5c0fd240ed17c5a7ccb4dea44897d70d74c8d4dd5ef5b784016c7d93fa7601a422e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58843e.TMP
Filesize
707B

MD5
97b9bb4d878b40288d45f1a11da35ade

SHA1
ca0701f8c8f72bf4fb205a2d34aa26f093666948

SHA256
97624e23ab9ae87bb8619b43880d46fe5e41e335088645529eda95a9efb5fdb3

SHA512
3c6ef912756a2d79608119bf9ab0fd8f0e5f909eae0ba4d9882caf80e1bbaaf2f77606d7f0712316214e92f223b8b6c2eaf5230f9ce45189d071171b8f1df095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\badd38b7-e232-41ac-b74c-2515c257dfae.tmp
Filesize
9KB

MD5
de68203352de2107397adb4105b6438e

SHA1
b4b740b38285f07a7c9a435032a77460ba6c5059

SHA256
671d95388d30ac9545a62fac50667ce7438cc6b24d2021719f1540292d4a0ddf

SHA512
14448511b341e0cd4e4ad2a55624c85574fb5de983ba67b9076df9e4e3dbadda494cf951b97025953a62483a530bd009cb53bfaea1769ebcaa9e0f62f5075a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
40a22cab0729a927fd0c4cb498e115a9

SHA1
a5e187c59c8d218c198556ce8287e2efff1550d9

SHA256
ec61fb4174b17b994746652ac3bfd02d8876be0d05c199eebd789690ffe6427a

SHA512
7e49e6ef506a6b6946b14536d35aa3423d7ff47bd6775a4bd468c273eaf488b0b03850ae6a007b05cb29603ed19b8d20ae766187bd83c07ea074c4e528e212ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_808_POBLEXQUXBTIUPVP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit