hxxps://qptr[.]ru/OqVS

Resubmissions

12-04-2024 07:51

240412-jpx5bsgh56 10

12-04-2024 07:47

240412-jmzkdaca2s 10

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2024 07:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qptr.ru/OqVS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2792	msedge.exe
2792	msedge.exe
1660	msedge.exe
1660	msedge.exe
2624	identity_helper.exe
2624	identity_helper.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1660 msedge.exe
1660 msedge.exe
1660 msedge.exe
1660 msedge.exe
1660 msedge.exe
1660 msedge.exe
1660 msedge.exe
1660 msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

msedge.exe

pid	process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1660 wrote to memory of 1732	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1732	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 1828	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 2792	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 2792	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe
PID 1660 wrote to memory of 3452	1660	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/OqVS
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dc0746f8,0x7ff9dc074708,0x7ff9dc074718
2⤵
PID:1732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2384 /prefetch:2
2⤵
PID:1828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
2⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
2⤵
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
2⤵
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
2⤵
PID:3576

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
2⤵
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
2⤵
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
2⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
2⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1
2⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2340,14234544676854149226,5420013663390044797,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6012 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
48KB

MD5
9827083b6682e1b81c89778a5dcaa35c

SHA1
02bf6521d360005b0110b5d9859285cbfc331c0d

SHA256
34347014cc654affc766989b8e17951b53f515640e863b7b702f396fc5bc10a9

SHA512
53e26502974c8e959c1737f2d16f35d6e940c247a48e318e85d6225cfe6ef7d80c6693a72ccda71409556f9eb825d647ef3bda997024b1cd7476f9bdf4faff18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
864B

MD5
ab52843b48802ed3e273611183e7c262

SHA1
30b92214e4564c546be5efab3e3d803212c3e98b

SHA256
944f7768377c4fb97c3ddd1c3b371ede745e4c00d028ae52c689c5e7551f4a9a

SHA512
b1e803ee52050033d18e4bb01b7fe80fd901ce2b251e04152846f97d39712e346585d61e8cefe399f0027aff88d37a76db4fe009141d62f65895cc6dd29bbc4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
864B

MD5
b4b91e04940113bbf3ab4d553bc6b23c

SHA1
c5607fdf726b9922ba294fa31e6ebfad43f07d20

SHA256
6d57c29d74c337fb173c18721f424408267fad0c1c3cdf7d00e3eb9452e1b282

SHA512
a2e8c18ecf8bad29746603e737e31ab380a078892ce9a067dd6e29086f1e70d77483d19a27fce4d0fb91662d00edef5cec2da062644b97601992d9291a14926e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
816B

MD5
974db6b91cf5d1c31847d5fb9810851f

SHA1
51503f44a0827463713dad6f2bfaeebc28e1a141

SHA256
08c11ee6fb8e7ab9a79b56633005f0d1bb61128b35270890ba0f39c78291a133

SHA512
92874a7adbd0a4c9455c12bb8d16301cf759c2168baaab1d5c9e9503d9bd5a47a9d3e5421d1dd15a6ad6444088d712e50fed6b6b57326c3915ebcf1c12751dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
dc53a9e22c7b2e0647ec0a616d8712ee

SHA1
50667fd95d63ed70de88ec4fd0edacf10299995d

SHA256
6e3b430fd2aa0367c3c520ee2c30aaeffe19b84fc3108ba331e472b1e698cb84

SHA512
65ab3daf488f4199add2894b174b2c704c8d668d8238f9cb010be5874c52505bce5f492f1d5d2ec4fe0dca58f373afa6fdca183c98d27012e30a18bcbef1359a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
e0fa27c8627594c1b889dd756aa5df23

SHA1
9870471b57ebc229f5a96fb84a98b8f93d98e667

SHA256
785ed5001bea4fc059fbe3d2eead4699ee39b7dc714145c7b59ad7ca05d8b123

SHA512
5582313e8e70ba6f599f0744f98f6778643e9812b8f47416f3332a612c73cb30aa22a5ff1ad2ec8ac126e9561fd73dbf8757c579fc9fe4356fc215603967c7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
909B

MD5
16572f8efadb19470f4a7a3cc62369f6

SHA1
c1a99d1ea1770eafef95ddf8bf048dbf905a83b6

SHA256
0bb5edd9c4af5490c60c23451079826c6558f2d2a6703420e34fdec5b98d2e39

SHA512
2090aaaea0928ed62689e464c71f8794059edf4687d6cc6379c0bf8171daf27c2df6cfb9f87933171e5f384c11409a79be4c7401fc49f19a6937b9cf52121429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
74303ae43cc5a60d8853b216b82aec57

SHA1
d757692562ee1bca405b77fffcb413abcebccfa6

SHA256
05bd9d1b9e657f2208f9a957ebadc26a6e325e0d5ee7555bb8b56049499846df

SHA512
8200b4de48289686b7ef3f2285c3edc4be765903fef2e712af6479eb6edcad5546136292e0540747f5e286ba509ca4616ae84c6e2422a3dfbd29ea009f080a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f8a534eaa5f6b2c5cef763b4f860cdcd

SHA1
b2b3f8aebda3a46ab7d7c0c79cde5643a5b2df44

SHA256
9812beb797eccda54ce079b87a3bedfc7f74e05855510edae44c0c00c4baed4a

SHA512
86010db1e812656215fe8102a39e9428b5455add71c93bcecfb908191709722d1a68b9cd6008b4a27f6753a661a1fe5a851a7674d291a615b9fa5c78f5d1d83d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
05fb5c53f4ed62406e900271ee25d0aa

SHA1
5d406ba72cbd24fa3f314d3e9b324cebf63c6457

SHA256
94e7cfa206d66e5d30c0ffec36bb4eac78f7e0a0073fe8bb2b6bea33c1c32727

SHA512
0b3081162a136f6f061f6fbad77ae40feeae053612891895585db8c10b779cce42c01c6c77606672575a5d17f056d2c32aa385e672a6b52ac959680d3e7ca098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
800a0335fcd4620598fc34302abd5e80

SHA1
b8f1c13d63855bf03edfe5cf8fc58a0f879d50f3

SHA256
9ebb095e594bc56dfcc671d2a87598f416a8e1e8ff8b5362411e76bcda390b3a

SHA512
73e55e78aed1ffc7336e27d9b2877cec9a603c3ba98fe82ef58ea5bd418fce6a1ebb6e4e38c4d0f78a2b318b57b764fcc3eb8f14fc125fb0791304db64260f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
952fae98a15f8629082eff73cb9d53f2

SHA1
f41da067a378d6c341e87937d928d3a783940c2f

SHA256
ff9d8e18519204da965c911d8035c3df0f460b3b00fbd5887bc456de1fb46431

SHA512
ff7884cf646db35201a5455a2f00a733023e6e12f8c755d12c13b8e4d67337d12911da410af43658cd1aefa3bf2dbf9148c5b41042db01663b46676b54556f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
34c52269201fb3c9e44b8765b81e4bc7

SHA1
f312e43eed892ad1739571a590193db5393486d7

SHA256
5739c4853683940e595a9e24a5f30bf76f32e4a01dd5a64662bcabb9f83ac74a

SHA512
130120a16620d4a4ae991dcad27ba7a706daf7fd8929391f6497dc388c99eff073d276aeae28c2ea103ed53732d8cf98c39da95b5c2d6fcfa439f13980cf3f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
53b998f085af860a570b55a9c6f0c261

SHA1
45deab9a77f1007162cbf2181530b9d52e15bfb6

SHA256
f48dc6cedf2952c2bdc18ab51b964f752129af78bd82eec72651466ab48b24eb

SHA512
82bfd6a47bf378d50b10c06cecd3eb6ab21191883e77f1cf1b7948e661eea4072815bb0bd7c054ce97472434d3e7c14f439d91d123a1b9e340418394981dc625

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1660_WXDRMXDDVAMNACFF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit