hxxps://qptr[.]ru/Li8Z

Analysis

max time kernel
73s
max time network
76s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/10/2024, 22:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://qptr.ru/Li8Z

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3684	msedge.exe
3684	msedge.exe
3588	msedge.exe
3588	msedge.exe
3236	msedge.exe
3236	msedge.exe
2868	identity_helper.exe
2868	identity_helper.exe
4732	chrome.exe
4732	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
3588	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 1356	3588	msedge.exe	79
PID 3588 wrote to memory of 1356	3588	msedge.exe	79
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 2632	3588	msedge.exe	80
PID 3588 wrote to memory of 3684	3588	msedge.exe	81
PID 3588 wrote to memory of 3684	3588	msedge.exe	81
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82
PID 3588 wrote to memory of 4120	3588	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/Li8Z
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff99a4e3cb8,0x7ff99a4e3cc8,0x7ff99a4e3cd8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,10294894703484314431,3786637105623214339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
  2⤵
  PID:1776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98764cc40,0x7ff98764cc4c,0x7ff98764cc58
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,4666880478550143754,5918689990317925959,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,4666880478550143754,5918689990317925959,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,4666880478550143754,5918689990317925959,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,4666880478550143754,5918689990317925959,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,4666880478550143754,5918689990317925959,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3596,i,4666880478550143754,5918689990317925959,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4588,i,4666880478550143754,5918689990317925959,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3592,i,4666880478550143754,5918689990317925959,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:1176

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
78d5a8834e39e2c71a06c8fa18d01681

SHA1
71afef084e65e1217aa28cb455f079e0f23cfcbb

SHA256
19894243d29d3ebb7edab326a5281938d209688fd29304323a1fd079b7ee7c4e

SHA512
584ba43dca077e1803205038093a23431e9e49f0765a816b69b961594dae5136aa480c3ba7a28d8fbdb577b1e1e124e984d4c282e6290640d2875e8e6a573c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
012c708bda86cd0ed439c85ee4f937f2

SHA1
178d5bd1eb03d612182b2a701b4e7626360e90fa

SHA256
e3169bf3118267b3088fa9afc0160469557d9ab73b075d8696e489fe0c398be8

SHA512
4a0c27ad875af6a194ff41bf2ca95c176f47044b8ce44ab1d103f6b7dcebeff642675424dfd96e4d5bb092c82fad89a68966ba78dcfac160f564f7b3c9fbe548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3423425091150ef56896732d7a796564

SHA1
f82dd81e398bd9d388c8151406786953c19757ac

SHA256
25774a0a80624ec5f78f243054551e0a2eb2fad3b30cfe1019d300d773293898

SHA512
d2ab5965d870f2015d9358a4fc33aec9c579b499a6b92cb8fe125133babbb73e2e10c70ea5a3771e15d27337f3797ec92ad4d5c03d25f8f2d0a76520d11755f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
497fa9c500bbaa743d3e12b473c5d1fc

SHA1
f2b50ade7842fe3de7712fc1dd4813dba01ba57a

SHA256
2c853aec8c383a8c2298c3d585d48520e2ee89702d955806b1461585f21159d0

SHA512
af170c3e30214a6ba610554f9083976dc86ae8c9c79db56d6f05e10170fe425fb4c10f53d39f46e6feda8ff15c88565c07018d5c5740aedd08fcaf396b49edae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2c052e41-32ba-46a4-8ef8-901439dd1dec.tmp

Filesize
251B

MD5
08b379c340278f90754e8eb0d09edf98

SHA1
8de2aabd960855682f8c52da113f1c45fb33aafd

SHA256
409fa072897d9b45f8d952c9bedcb1c3cbe9b21628abd887a5919776e3fb101e

SHA512
900dca2a857072eccbe5fe4e45d5cfd46be2dd1ec1e19791d9e89a294415a2e7510e52df4f911e83a5896933a8d7b9944ab3aa173cf2ba911543c03efee29a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9ccc66e28237dea55e1388d1ef072811

SHA1
68837d6440799283ae41953d0e5413fcc7fc3ca4

SHA256
4b2468f4eba1523c58e6b85e9e501354e3df6e15d8268bcb3ee333820e75f562

SHA512
d83338d326d4391e2405d42bd912d90e736cc80d762b53588e78a840950ebf9f3566d4deef32bcd0bdd303b6cf931722d8ab7f97607ac99bbb7468da334f8db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e93ad0bdaf003e4577b11fee9a1aec7a

SHA1
3c0b1fa87b8a46c53e1b332deac87c525380c8ed

SHA256
f725ec86f0e491467e3558621c7daf7e6d7cb38c634c6a7c5f9fa8571c8c6662

SHA512
9fbb46733fedb0cc929c8a713d247cd3915c09e57f9662470fd9bba3cca9f60f4ef4ec8e6c4c3f148320aa659a647c7cca3da0d1429a8ce31201653097565929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9da06c13b45cf4b151809d0da301929

SHA1
1b267de5c6f9771ca4a4eab833fd02c7d2263a36

SHA256
72169489e8c2add7ac8cb9a41adf7acc62fc402f1637262a66961c5044124162

SHA512
4f8e848e6c273c647b0b7213b68d14188fe720e59e27ec7b8c57568802812bad953d02f560924d14029aee42a362b66276d2f95351eeb09aef86fb537e35553f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7ad8f7c71777bba884a9894b8cf8a07

SHA1
9045e9fd7f6aeb743542341aa15cfcdba212f542

SHA256
f4b1ee24a75491838f9951e83db1bceb2bbdf9a4107be56374800c388dc55103

SHA512
a48da95cf3ac1e8ea8d7723e65cda19bb76e3cc982b88102cbae59fb3a6b7b399859fd899d6503f31936645748dc0546edc5b64ae4f378f02d25802e5305cfc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
727e972e91d9b53af6839ff762a92e46

SHA1
0f386aa5ba638f057f4752054a868fc545a0ddce

SHA256
ca0f1625b5f1e48f2047e890c910b3d19904bac64fa3536fdaeb5e53442325e2

SHA512
5de00f7c8f9c829eb5245f223290fbae3bc2b198e415a93ebab63dd84d8f8cab7d697479b779171c17385a95a19a0df7e8389baca6ed0f05d21081ef60f337c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8faee821bc16edbccab4530364ecfd70

SHA1
4123a6b15000350a6f21c4077eaeba3b0130c003

SHA256
191eb0796a65cff2af7cc1916477ca738d644fcd62951ba36682f5bdc03e42b8

SHA512
45816b95cea5ca4d7e485487c420ea4729b7366be7d7ad0c9dd5ac4d1f96072c5d2fcca2ad1b4082dc63c775c976a712873a3258b735fb2de740a6ac7f503abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
16c75c9a7417320b4b110148a0fc6ff7

SHA1
51918af79aaea199f8e040780537d9afe111e02e

SHA256
95fb891660ce1a39f1a4a4bac5b69e2c91cb082ca2b642f1bd6992aacf8fc1c8

SHA512
42b2c39be617965ad25ef34d27a273d5dec09c5ef4dbef50c7a589cbddcfe404ae97486f754f56473167d503d76dd695ee7bef31112851c53c187cd3a07672d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1bfb18709f0f80e24b2266ca389d7905

SHA1
01a8f88cc350058c7c4ca7244373fe3a5258c008

SHA256
91c7cb152e1382e69afd8163a3fc23d9e44814f036b8eaa6b3fddefd81daff93

SHA512
bc17abf4dd832576c91c860c8f3210a2b991b70452603e6146a0da3bdfde8ed02727ec655965250450a8d64ee465c1d3d7dbba3b28f8a1e7b252b22520a09ed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8173b78bf8f0d386bc9e1cbdc4aa6fac

SHA1
2eadfac763eb8f7c89c61e32a41974b2244918b8

SHA256
1adeaf8e0ca384f07961bd6a98d51d70b132639af561118894dbcc240c352e1b

SHA512
9d943c571d9e847c2e6a73e2804d64544a5e1df449e76ee0df3c16581c6aea8a70ba95939f03325981c43fe0db522ea98d46f4c01342a109a13f09e729846d80

Download Submit