hxxps://pl[.]exloader[.]net/tree/games/cs2/

Analysis

max time kernel
87s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2024 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pl.exloader.net/tree/games/cs2/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3704	msedge.exe
3704	msedge.exe
4188	msedge.exe
4188	msedge.exe
4332	identity_helper.exe
4332	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 1584	4188	msedge.exe	87
PID 4188 wrote to memory of 1584	4188	msedge.exe	87
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 2592	4188	msedge.exe	88
PID 4188 wrote to memory of 3704	4188	msedge.exe	89
PID 4188 wrote to memory of 3704	4188	msedge.exe	89
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90
PID 4188 wrote to memory of 1372	4188	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pl.exloader.net/tree/games/cs2/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdeab346f8,0x7ffdeab34708,0x7ffdeab34718
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17226999862169900612,17431533255092795232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:3880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
63KB

MD5
e4cc1ece2f2425b10ae2ccc212c1dafc

SHA1
92609e6d0093693110baa23758382889bcb30da6

SHA256
92e9415d8bc8529e2a3f335258ef7ff159cce2965ce3b2b7c15f73720efee809

SHA512
2848dee3a6da891b7044518bc97aeafd340705cebe846350b9a7f314b52450f1eb977b8b492638965ce4674ebaa341e4f832438199c3cad2fb0a0793ef83a619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
20KB

MD5
a6ad24daf242e845b5d55268bd5d1f9e

SHA1
dfd157ac56810ef2b816480bde8d5557665261e1

SHA256
8598c88986c155a9f89ba7a6a426f98fb2a8e6ec1cb3dd06ad75a33c7a9518e9

SHA512
c623261c1bea860b09efd48f0b623a39a18e483d6620c3ef03bf993467db0c3ce40905c568ac63be03162916f60a6e3447aa75aeaac1b97387d4cde29f463f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
33KB

MD5
fe70663122656a5c59de60232d8be61f

SHA1
382d85f2ceeb85d8561401cc62e5d9c49896a606

SHA256
9e6988b270619eb054f77a35a7b3df50b2579f55af768aa119d89fc269ea61db

SHA512
e4e8b5bd45bf09dde9ded38acf658d35d6277dfb0aca5b2c095bb195d579a81ab5adb8c4dcfb35902ed704bcff09d2d1d3172637e0a23e3c86426bdc20c01e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
39KB

MD5
3d82e791b707535b54dd0d68ba38cdbc

SHA1
8a63647c1374f35f3d5a5aa3013fbc35892f492b

SHA256
82e239223f2bababc14619f8e35ec7d414d735da47ad5de073cef031ec6bdb23

SHA512
89e1a72ef0e84010511f446f25905e9fcb977a994416071d10b4eb3f1216a4efc92f43183747cbf4ed19e00995f1118a54be83851565ed1b76acf75cafde105f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
39KB

MD5
bb9d0cc624e14a907449e5ea1f602186

SHA1
81bc523244b6950dccf5029cdcb4b2ee85f9d2c1

SHA256
a39ea9b2e813eca3669c86d386b5f7a54a044f8756d75147063b832884c8f5a8

SHA512
5178c3784ef9d1a74c390a77376f87ff6a4c73a9eec52ee3716114ba763d24f130c2eb37ba80de22b4cecae57053e6682354ea2f91bc655f3134b232c863713d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
20KB

MD5
93bde054fcc7ba96cdf0b17b7909854f

SHA1
dcfe66f3f4a36661d7acb04692b1c7ff12033501

SHA256
1dcee8c2660c0ce63ad1dba3f9c015b9598bbfd3b922c4e2264f79edd214dabd

SHA512
0eae4d06a6aeeece466276f45d6250e11050264e63da0b5fcbea18aaa402d5ff54f784abda2125b0727672b1306efa82ba8f3d3d1cb6726bf85327d8fa17fcaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
682d7b753109d34141b0a96196891d82

SHA1
61c8bf8c6c49c7948cdfb87a22a5fe81ee0479ce

SHA256
33bfdea17dc05c670a93770ab20fd4c1c78568ba4dbe50db134939726f9644fa

SHA512
41ad3274bf4ca11c46346356d2e439ac5135b0262de4f2da9d2f243c3523ff191389ba5003a85138b0e6c7ce9be3256e252323a3d610c52a67ac0dbe84aacb50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
171d810888d6fb4ed3c0f81dcd37bd5e

SHA1
781b6a1b7ae2fbf5cfadbec7ee03b7d68e181f9c

SHA256
0d28839af9c56f64a5e9e894874b328ea580064aeb23c3a74e24d724a04e033d

SHA512
456fa8461a2bcfd5f3c7a9f92966b4677199fca80f2ca612c2a463704952c406b563b062f71d362e75593f524be84852665069fb216b3812098331fe6cfa8803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fb33e0607469d77a910529739c7bdc01

SHA1
18479ffde080af42cb318a4f8366dc53459cdbff

SHA256
8d522efaf5ee3faad084858c9f7fd02bce549ba84e70daab4af868dac6ed6617

SHA512
666c40d9135c6e7c9a0d37a69079d516f013fd89e13877756bf250a1d5a7df1ffca8b5eeb0c3460645463aae668f7db9d25ba77e07523d93f21e21397c996aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae6b102f8c3552df9ddc23d4896ed6af

SHA1
141f5970e705eec725d0a445911ae1bd747e95f9

SHA256
79716d6c9cd9357580019fcb0eb0dfd5b5c4ac2a807c0bf05109d85992d38b1c

SHA512
076d47fb7ef5a5c7a746a6973b3576670c69f3c2828c9b58e4e5128ee2c0101bd3ad49a10f7a5bdf282a41aa2c65046a9e95a872dca1dcae453ebe69a0f2388b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b69d89941035fd027851d52b63f54a67

SHA1
10a80168d21c08d7dcaa29feab110a316885e66d

SHA256
0e3846eebf3df18a93fb6552f004495fe4d2a8e4075349adebc6d4e0f0e22e10

SHA512
3a73f8fed002907e37e5f07e52b4e84862dcedcf6122777153bcb1231bd0855dad48c6c3cc7bb4e811703fc824fd26389b872120ebfb73d4ac3cbd7cdf69b3fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4dd26295bba095a2edb259e799f62e61

SHA1
9cf680485744f62f2540f5d0e6699c02b8cde64e

SHA256
d44a20332b62efa8b565ed2aac5c5524c393126110b460faddbfa107611e9c4b

SHA512
b0a1d9e96a0d9dc14d3fbba657d24055cec4c2530a0e229ea8a8ad51db5b6333b623101514b7182e0e9e4fb8c299ca80aa308d1960badd297736e6a334e95473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
66cd566462f8120dcaae5df0c294d953

SHA1
d018e7d817920b6d91052e85e9c48fed9ab04bc2

SHA256
541c8d76060543e4f82be77e5ef11feb82a01e22001b04a40d9aa87ebd842e1e

SHA512
a6e9cd0af21623085a85eb881227d3f15fb154876576e35573d13450f6b26e693a87f81214f9ca799cb3ed6dccd8c9aa916ff2460bfae43c39a01be8184abf31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f326d07962fcc65237deee26cf95aa31

SHA1
3394f0d095c72fab6503b73a24d2f5155058abe6

SHA256
bb6846ba1d2e7a5d45d9a3e6bbebb44ea2e9609804127a48cec943209dcac4c8

SHA512
c4280feadcc0fca07d969c7fbc898b9e2acf079724c535e2d2d9b85adae5e646e10bdd0adcf151d3a39bac6847838a28297103d1d219e28c9c0c2a19caeaa1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e8928d269138548c4d06360979f07627

SHA1
9b5f149ea4d638eeaf7998b077fd1decbe5face8

SHA256
d9aa5628c89f5594b74cb963d67c928411518433ac31b5f4192e4499239df82e

SHA512
78152663f5a49913a670f59ccd2b820c94b06c36846b573efc95bc4b628beea34f10373973936078a5aa3794d8b5a7fc1a543b63a9e9d7927018c5258674b179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d76884d13be56dcdc434e8e81262b0e

SHA1
9436cd10f63a7767df826e2ff51181b44ac6dbec

SHA256
52a205f902a6b862b837f9698ed36170a0dee2fd7815743b24cd55852909a23b

SHA512
582e96ae6cb2101f3439646b0e15572c8644110ab6cc0e2351f6215ee963bbabc83de01ce5d885bb0818482ed42efb01aede728da5cfce1289f571d9b9c11e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5d39bf5ccd4af821153e17b86f81148

SHA1
31ef9a42ceb05f5e830eb7b5199d744380ae1f05

SHA256
ff19db258931dfe53c09ddedc16b76cd85909ed12f0cf330eb689965f1256ac3

SHA512
94938b205ab75212cdaf10ed801a91a87b4f47acb74f1880d348846f4cafdfef7273e60493e53f41fe8cde51aac5de640c01eba3bed12b0a65ef8539a2021896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
daec8ffa22afb19987631898138dc752

SHA1
7a04cf985cb777e4456ace41ec1b154b3b8db6b6

SHA256
10a55e4a90703f3bed6b79bd245508f1459a83b8a6779db9ad60612befd2c6b5

SHA512
f3ce7f67da64b48cbd80f363eb432156d44bb9389b374ca1615afb58af0705dce4cc68ec756d5c1bde472febd73c4a4d381d4b75f68512725cf9aaafb9fa9658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e62a.TMP

Filesize
1KB

MD5
d31841e18b69711900ea53a3fddb174b

SHA1
76d5495e6ebfe1375d67b43f969d3b85e6f8dce7

SHA256
919696870021ee1a2d82f2b33a2120b391277100afcbedc322371fb6b90b987d

SHA512
430e390b7b0dd7a9bfb6d967b0ed8289f05c835de2a96aabfc74a34e9b2f1b8a6556c7b6f1d333b535bd65b94ae145b2ee296861c0318f19212731ec2f05f76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a1569e389c9582474461037d0ef9cd20

SHA1
f7f1c32b4964eee9895d827b0a6fc8039c2707fe

SHA256
d05217092f2d89df76548a0b10399f4f44ae983b6ed6e146331bb10f244a471b

SHA512
0c6a5ae74214367f961dfb0a8c668c5fa39138ab17b974b840ad1996e4051e682edbf248ff4e32c78d574d2bca37527935c07598f026cc56549e9090c06f7821

Download Submit