hxxps://abuse[.]ch

Resubmissions

22-05-2024 23:25

240522-3ejzhada6x 1

22-05-2024 23:22

240522-3cxsksda36 1

22-05-2024 23:19

240522-3a9z5ach52 1

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://abuse.ch

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4832	msedge.exe
4832	msedge.exe
4128	msedge.exe
4128	msedge.exe
1656	identity_helper.exe
1656	identity_helper.exe
2528	msedge.exe
2528	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe
4340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

msedge.exe

pid	process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4128 wrote to memory of 1184	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1184	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 1888	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 4832	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 4832	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe
PID 4128 wrote to memory of 2432	4128	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://abuse.ch
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc9c46f8,0x7ff9cc9c4708,0x7ff9cc9c4718
2⤵
PID:1184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
2⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:1884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
2⤵
PID:2608

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
2⤵
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
2⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
2⤵
PID:4384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:5508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
2⤵
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
2⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
2⤵
PID:5616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
2⤵
PID:5628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3624 /prefetch:8
2⤵
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
2⤵
PID:1416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4888071476284258220,10461829962506379822,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6096 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5400

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\67e75b2c-c432-426e-b9e9-1fb8ad752dbc.tmp
Filesize
1KB

MD5
fe47d83bd8c5f0acf835526bd3c8fbeb

SHA1
e73758e044984f4e107659097d0e8057154abf69

SHA256
7e4359a5a684d894352ece272dfbc6e8aee650091cbd9e716f7c24cdb9873fb5

SHA512
7b7b6e65b162eb151a9c5d22ed266856d98a565c13fe823fac235547195cef273fb2f78c9224c50178730414fef5af980c9ecdbbd82c05c4108b889bab29c7ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
Filesize
93KB

MD5
8d76794c7d5bf3a39f03c28efb19cc5e

SHA1
e4c57e7e410b519056d6c7d60f772788b19281de

SHA256
f07b8f96991f6a2becf9cfe9b0a6d08dd04fb0d0cde1c391726dcbc87699e8d6

SHA512
f1d947539dd69bdbb1815b95ec41a9dff1db3f008c8e4767b570be11ccd74557f08422d20e9d7ac00696662479db0dd52839df35bdebc4d6f2e1d82b103a098f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\41a4ebffd069515d_0
Filesize
259B

MD5
105855f488e0c8437772292fbe20ff94

SHA1
d8cc0293778ff4eee188dc3b61ff9d6eb4fe3de3

SHA256
92332cd89e0007c7ef661fade3fed445fcd0691ed20d61be26364b97158727b5

SHA512
d45353a7d32d45d9eebc1b0a0a37e361835d1354e8f475bb2606c4d1ef49e4fb33d69822c45c5639a3ab8e472b2867b69d4ed5de52b70098bc7e46d5792cb63b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d4be5ee36a334f7e_0
Filesize
402KB

MD5
a670302229f16b2d92774db09ee8431d

SHA1
2073519a1a7ae2ce4a05a49a0ccb639e7539a8ae

SHA256
6e090b6fdfe216fa26b7b858c9f78b4f1413abc23cb101ff027bab0202f5f734

SHA512
8cac5d2ab66281dd6038c17cc7bb4eda9741b7b4b38ea24bfae82bcc360df32fb1803658bd00292b80b4db9792356cbafd4402688f7816b1b756f246fc9ff51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
82de4f7e2b963152302750b99561d1e6

SHA1
b0eb40c2b6cabcff20457dd5da485bf130839b2f

SHA256
1d1a604e60f34e2cf134af2495d3ecf7dbbabab58233a3468398198ef07acf48

SHA512
beafab242e5d5e00d7d1c445a59f5d2bf73168e8b5a99e777c08733e275953312c0825c43bfcea9911a0699dbd6686403f79855a8fb0fbfcf014dbefba6cafb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
5d600c168c2f267157b76a79da023f12

SHA1
38dd71cad0f2426637b57ba352fcaa4f0be0af6c

SHA256
f75c8ac55874c17bae1abdfbfeab7912f3e279e6cf32cf7dce5766d5494efd62

SHA512
07f675449d2d0a5d4e78e47baeb93346ee2e1ac06acf1247dcdc6eb395686b7cc4f75a43cf419eacf57c62fa2d8e90582879cb4bb7c3b604b7ab25782e83109b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
719c15c1bd0ef7b8210434609c5816af

SHA1
440f904731548b6e38025e54d5bab5b00c659ea5

SHA256
16c183845e21f2712a7da10f60781531b6a1a0075dc849395be8391444e99f20

SHA512
7677f185f008fa0684b618fd0839f0e31c502df22c68e3b23e33635711dc2cce62e47e10a171f8c1c92e6188f0dea0ec61f9b62dbf7ceadf42432a67185c140b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7e2b94744f25af43ff21395e3b767154

SHA1
9d9f785fd61a608892c4db24742819b129a399cb

SHA256
fdb7b10e7244af8f1ee88f07ae0ce84c800aa86c082a8896b317c8346f5eb761

SHA512
8e7643d88bcbe4e3bb8a55d8b77a7437cc38a9efd3d829581c4865e64f335ae8dff531f05129b554a163cfd99e32c6abd4dff5f385df0db7bfa21aa6a6588a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
786b76d0f3c4eba853515b64c0accec5

SHA1
7a64a5ec3d217b5b27e646b7fd0486ecad46c407

SHA256
95fe6affe541d1bffea914510f7f83c31575fe5d9f21918f55ae307e26665d30

SHA512
50e460ffce42babe85d26d3389d6dc99e34e2c178796dcc87ae9f7dddb6857614a417019a79d81121d9c2bed6597ab33bfdde5e88693e04651aa1562341315d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
149bc3c91474b05f78e8f2601a0aaba6

SHA1
8a6878c2fac33df58dc5fcfe0aa928d2de5562bd

SHA256
6351edc700f67a55fc588e6c29a5f089508850bde5994458e0c8598277b19ddb

SHA512
74ccc4a3b165e112d4fe74f5ec13557f5f6d059d2aa842828e65ac5ded92e072fdef240cd85a6e45371b06e4b580a4d6f2e133d65745aa1011064f1f6a98ac0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
105d7b22ca87a46eb0c5f6b478e44278

SHA1
78177e01c87391e9de96c82b8e21bfe85297d169

SHA256
47a7d698629f68a60c27b4622cd8946a4fb969ae826eca7577a2abef64087a30

SHA512
8c8422a66dd423ea763ce192f306f4fe756fb0f62cd3538667bccd2fe66e0af037a4ba2ef7ff08f8b19ed1477a20375fbc5719f6a14b84750ec986c2b8dad28b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3233d3ec25f59af5b6fbe2342d695f95

SHA1
eddeb49b974563cf00b9a31090b1b4a0900ad829

SHA256
72eb35b5bf4f7b5b45fb43803baab315ff2472676903b08868b9f2e0ee8eb71e

SHA512
44e72ae092e13d86e87bf863b2ec0c84513a10aadcb0799ef942e06562aea3d87194391043906274e1bd0d0f4bad2b62085319b60ac20f2187ffe57da394871d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
393febb4c8d18ba46d73f6806ecb34e4

SHA1
f5e9d1335eaddb6ec7162044b9f3c97a7779327b

SHA256
5fec020e9e78e72731a1a09d3c790b04708f1f8da965da8fec7e298a6348798d

SHA512
2fa274329e9da5acda909768698419dc2dbc66549dea555f2d025644da3a712d4867a918e273571c653be12f6aa90690ebc9967a87614beef328103259789276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
f57fc913287c9dcbad60201629c3b14e

SHA1
fd5767ba81c9448fde08e1bafd7255629759a8ee

SHA256
456ff93d3133dfa99a93bfd943535826f4120d88b96dd229159cb1b70b71be71

SHA512
8fb2638b8a256f7483782f1f13595c68254a4d5d5534bd72f9115040020b15995e721a9170831f4e216a6574e350d7dde9d6171da61bd1c467288e3891f30dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
9f650f392559c0a931e2c4e0ab9b0b1f

SHA1
61d5eb6c0a58e44d5c9ef0e253a316f79ed27e8d

SHA256
e36e4bc186e4aa7d95ccc45e2ab631f5fc506286d0063ef3b9923825e7889342

SHA512
10067e0187db2295f5e010eff39dcb77d612a26d7e137abb42397d1824f376a01f69f9873b38facab3e2bd04f8b978995c172eb897a5c19cc0e17122290bebd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
dacb6d3dce3034f98e8235b97ab51892

SHA1
447bad444f595d876755985a5056adff93090fb0

SHA256
d614ef133a09c9608ec572adb4396da1212838dc2e3ce33b741bbb366df5d58e

SHA512
e7944f17e07b56a1d7206c5f44623bb4b6004848996933269802be5d9f420d0c26c7eceb728f46f33b934c89ac61caa38026857c0db278c5f447871663945dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
5ad884193333e075f8403132e1cc1976

SHA1
d143ed2ac46ba8652f88f0a9c01441bd5ca1d1d2

SHA256
a85d047ab294c746ce30808b31d37f3893fa143847ecb8f46dbe2f4aa21d2390

SHA512
a71dd4a2cccb21b29391d2c7eece40b0a0a7d20147f7bb3d418ead32024636c47ebfb9f677dff856f33ad8830a5b827884f10ab54f54c4662bc1d599af7f6310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
7247b522fa35b92ca4cb7075a47ff5cc

SHA1
1fa7e6b6e6811c7175b05ecff165bdc1f73557a9

SHA256
6313fbb29d47749010f0af9e55d6ef9e6e21324e5fb9213e4f08865c07089077

SHA512
bfea8f6747358772cbc646fed7b444d90301c458eab34db436399a8d1204219f41a2f427d9cdfe6522849b4cc2495c648d7c1b7ff0f5c2620a78ba6935dd8358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f09a.TMP
Filesize
705B

MD5
f633419559a6937e7fa0f861c4d5cbe6

SHA1
8728bd667a40831ed3124517d8cd6280f3a06fed

SHA256
5b094555269bb018cc6e8f07643163662c33014767b80b43963ee3a57a8fca3a

SHA512
b9d8f7d888b8ae5d51fca9fd4cb0fa40098e735f898077135811218cf9701aff2b9b689295ca208490f3e09fca1644a2638f3fc600c92d4c12d29d17b22f4abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e98437c2-1e72-4822-9c36-efcf6102bf27.tmp
Filesize
7KB

MD5
9cdaefe46556a017ad772b196d9c888d

SHA1
e8d9ab438d364bf9160b95e31e880f082a4a3f4b

SHA256
10f8dc31569389c6649703490b9f038267af9b77e8b34cef6e745876d4f58fce

SHA512
5f2141643d2cf9e97216dc8321db75d3a744524c1a4fbea5170981ffd7216cf9730f0f3aae74100d7051fd2aaae3cf0611caba9be2e2326c803e2f076e022a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
5321f1ade96313ff624b07a3c56ecfda

SHA1
0e869f1e852b0a1225abb17b86e096475c798cbc

SHA256
402c76039f6a4137564b4358741fce5eb558ef365dda319f042cbfc92f056ba2

SHA512
753f363791947852a5903bf754009fb601c25c1769b22718007fade4941969ce567953349b1ae2acb061e47908b7ea5535319281fecd8b7526d62ea7f2ddf6c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
74bc40d32aafe2559c5cfd6fe74aa5de

SHA1
0ec0c9d9122617224d8fa718d7cfe432728e6555

SHA256
b77539c6936406f99294dc7476a18f507c173ca49b2a235c0686e77e7c2c34de

SHA512
7460fc734033ad1e3c06a2f304077fbc8065fdb12befd00f365d9847c9b620c65f9c72b43e465807e6548686f518b2d4146190f0db8e4d9086288f2426387ee1

Download Submit
C:\Users\Admin\Downloads\2e0871af9cc539acb513e8afc795c2dab01febd688f2754c6a551485184070dc.zip
Filesize
6KB

MD5
fd7d849bddfce7e0c92f4a0211ad6063

SHA1
7cb855e12883f0a8e3761d97d7885601b5047ce9

SHA256
76198df2a6d3f8115932f8682560282852f1eac34213fbb4d3c42a095ca631f9

SHA512
6e4377aadde9b86f2163143f7c9e0698e518167dd7644c14184ed041375cbc939adf64be182a0ffbe47eb3d52822b436af9b3e9b252ff92216d042bd1edff9c2

Download Submit
\??\pipe\LOCAL\crashpad_4128_TRPFLDICQHOZJDPR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit