hxxps://qptr[.]ru/In7t

Analysis

max time kernel
600s
max time network
616s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qptr.ru/In7t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3300	msedge.exe
3300	msedge.exe
4004	msedge.exe
4004	msedge.exe
2672	identity_helper.exe
2672	identity_helper.exe
6120	msedge.exe
6120	msedge.exe
6120	msedge.exe
6120	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

msedge.exe

pid	process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4004 wrote to memory of 3684	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 3684	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 1232	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 3300	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 3300	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe
PID 4004 wrote to memory of 680	4004	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/In7t
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95f8746f8,0x7ff95f874708,0x7ff95f874718
2⤵
PID:3684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
2⤵
PID:1232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
2⤵
PID:680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:2840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
2⤵
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
2⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
2⤵
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
2⤵
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
2⤵
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
2⤵
PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
2⤵
PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
2⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1564 /prefetch:1
2⤵
PID:5908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1180

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\08758320-d514-4007-8f7c-f77335f70b84.tmp
Filesize
540B

MD5
978ace41cd805f9b0b53d2544c59736a

SHA1
3f1c1115e325a44479a0da3641104f5b17fdae16

SHA256
4444897fe3195756f99e82fb267bc7aac328a7f68e570df9eeed01b6e846eaa0

SHA512
c5b2d1d0b150d23bf2ee911392cf3bb5f1c5184a4cb71c3369c042f9ac3a47f2fdc6ed14acd9815bb91f9ed1dae2fba2dc00b5dc1441a311f8414f60e9f721a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
dd92a0fdf758ace5514a7360d824275c

SHA1
d413e559e230ca2bb232b53c879e9503970d265b

SHA256
f2852941664930de9061b1c8d21ac232f791002a9f33189e2e262436693d38f9

SHA512
a5503ed54f5248937a17b8a3a0e71616eb693ad57dcc817104e6b9147be9874a0351909fa83d5a9790e925cac3ebb6752ef35dd4534e63e9a5d257309a90b87b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
547467a8c6b0abcf367dc31a1e87415e

SHA1
25e4f2b6a08c2ded60a43f4048ab8e8414623ec3

SHA256
2a758bc9359d6ab2cff6bf1ea33e8142d1b9ce385892cb9f4bb9070d1acbba01

SHA512
1865afe338997d07e67a520c1f355901bd37d654b21c46761ff2eda1574709eeef22abfafd6b55cc34b3520565299c9fef4390fbf2cf61525a85cf9858c013eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
6d5c3aa3375db3255bbe9b57f7206715

SHA1
69a41b790f7ff7eb20700f6d4a0b139af7d19c4a

SHA256
63ad63a6fb66a7a13e738b1b4dc857d5e80cd9237a365962c098552b07ff3f3a

SHA512
a8063fa4e806491f5544285fd00a9d2e71783efb10b9e30b8b0680da18924569064622a05c6175bd083d3e4dcaf22135ea7cef93167ed2e134f73fdafefac1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
947B

MD5
dd24c803799f169a69b29cce44ab0bd4

SHA1
5d57ed48f8f33a01e379dce611a77438db8aee32

SHA256
6680ea74cbef7a4edf72383cd0907e51877a8ca59a87c66200c05c41327aad21

SHA512
fb208aadc253aa3c3f27c91dba0fd1ff2e20933186b7f7ecbbbb6d94736bf5d140e3ee49b43f6d767e23ed9019af16b49a109cfb2c6f8a98cceb2bca42bd2187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
947B

MD5
f8bd5023efe420d4d8b0760ff24870fd

SHA1
14389b20c5b9ebb19abe01d9e32ffb7d9fe125ea

SHA256
a29b51ef4372059015cf177af7e5211be68de7d26e8fb2a9e065c531b0fc9bd3

SHA512
4e7bc59fceb90d2f9546c48ff8b297a193c1554f803ecebf65abfd096aa62bfe448a0c9b8091a41479d3f2b0042aa649b0a36aed1699f0b2a90fb7d1bf8b3390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fb2bb200826c2a1f99034b38b18268fa

SHA1
39de5f55b6b4ea4cd205b4681a52ec9334361361

SHA256
21238ed387b2fd592781555d0deb4c1d2bd0f33306c2786de557fd9d05bded8d

SHA512
b1d2f2a32dba59b30231cd2e3a5ed7eb32c75f226b6aba1a40ea1745f61baa0c7fcfb2239ecf331db171ddac8237f56fa47abfbf836b89465bbf41bf2682636e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9ec31ed330bef29d2b5a5fc02c6c8d02

SHA1
b059de9b0b1161d058eb50043ae238669e8e660b

SHA256
874b2bb0d0f37477ebcf25f2568308fc8dac35639d38a136182b2538ce88a93e

SHA512
5ad559b63b58ace0058990cc1213240525adb772ec918b3c330eb5ad5805b9389173401f9730eca60907ece5744f570554d605a8de442e3c8369eb8b3ff4f4a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d5e0afeb89bb3c4d8f6583cb86232a19

SHA1
5e5f9bc3290165cc26d0ac1f49d381879c01a84f

SHA256
b163f637cdb50c9c02f0015040c473874be186b90147b29de94609dae3a17fdf

SHA512
94737ec6f8e27b79543fe0350d253c9c9ffde4a3996e526cde011f43ba8b3aa2e68d794a4c89b6ce8ac5741d5e39aee11016af989564a416bb7c56a1fd5e4ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
deaa8616ef82f410f15a7759def6d6b8

SHA1
cfaea64e3701555fdf5eb1814b49b8707f9ac3ae

SHA256
426ea7354ee7e4962632272cbafafae8769fc3f98bbc9822b0d9b396d8f945a7

SHA512
139a971f7bab6a82038ee4e9b082e19c6340434e69848654e28bc403363f91d57929a64b0f14e5fdbdd42b34a04e042252ee95f42735a4871100a3c63efaab74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
3115f3748e67d45fc1a2bdd5acbbe8a3

SHA1
1e4337ade1142487c9b9c5ea6c0dc39223b63f88

SHA256
6adc413e2d586ce1b2923c6b0fb03cb9b3aae2eaef1e81380ebbb9c5f420f4f5

SHA512
bfdb72b4a3522468fe8c759c463d148b1ad51150269aca5fbf98605b95180f571c3eadfbd20f1684c0efed57a89f8d90fd198c9ea0c7dec9d36c5b58f6657a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582f77.TMP
Filesize
372B

MD5
3ae7152e061a98110a95a584b5b3870c

SHA1
482d6390aead2706d1384d19e499e22f8ec71193

SHA256
8ede7e98e123fa867a2df00d59d8952deb89ed1265d2c34fbdeeb646c73ef0e2

SHA512
2309b7e15872bb1ffe115d98de8d3f4cb4410607b325a3fcf0a3f1f1ac3eb17d01b082706d0de29f4239477de826c3c4fe3094d6e8f4fb8af9774e56ed632c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1fdb6bd84a531ba8eea5cd6fa63865c6

SHA1
6cca125583d2318a9a1ba04c02e642e1d23c4d78

SHA256
f2ba578d62af63dff84e5154ad8cbf2ef92a6af0ad2c50ea60d3e59152ecaea2

SHA512
8d975da56a441a3f3fad3ddeb5da13d75e203f7db57a34838fd168d6ae3af8e6b4e08a4cc5784066ef4a150d9ad95871a3b4f66eda67f7a4b67e497266ef170d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_4004_JRHLLCVHCDNWSKSD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit