2bc3c65fae825cb4d7c1e34a579fe6aed5aef201db251649ce16e7cf13dcf7c2

Resubmissions

18/01/2025, 16:59

250118-vhmksszkhq 10

18/01/2025, 15:36

250118-s1wkbawrdw 9

Analysis

max time kernel
1586s
max time network
1432s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18/01/2025, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Logged.exe
Size

74.0MB
MD5

cf6fb14c4dcb8a424d3154953a86fdf7
SHA1

d181373763516d4ada6bc1a4bf7b88cfed0032a9
SHA256

2bc3c65fae825cb4d7c1e34a579fe6aed5aef201db251649ce16e7cf13dcf7c2
SHA512

c3f4d52efc5bd723b109dd7ad832130d64b8367bb7a57e6f6ccba0e4351b3e1dc2199bb6bca26852a5f1c776191d0bcb0f9c671fe87f2448915c96b0d3de8c74
SSDEEP

1572864:/QwYC+7xMkRCtQkTMT2Zr9yre77nD0CpbeQ/KZYlctCqkFj23tWoG8g2cnr5:/306kkQkTyCAS/DrbSQctXkFj29UbJr5

Score

9^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Loads dropped DLL 54 IoCs

pid	Process
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe
1192	Logged.exe

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	54.38.216.200

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c71b96b9-e84b-4a36-8dde-c7278964fa4c.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250118155127.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3404	msedge.exe
3404	msedge.exe
2996	identity_helper.exe
2996	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 1192	4868	Logged.exe	83
PID 4868 wrote to memory of 1192	4868	Logged.exe	83
PID 1192 wrote to memory of 4560	1192	Logged.exe	84
PID 1192 wrote to memory of 4560	1192	Logged.exe	84
PID 1192 wrote to memory of 4224	1192	Logged.exe	85
PID 1192 wrote to memory of 4224	1192	Logged.exe	85
PID 3404 wrote to memory of 4976	3404	msedge.exe	100
PID 3404 wrote to memory of 4976	3404	msedge.exe	100
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 2408	3404	msedge.exe	101
PID 3404 wrote to memory of 3248	3404	msedge.exe	102
PID 3404 wrote to memory of 3248	3404	msedge.exe	102
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103
PID 3404 wrote to memory of 1296	3404	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\Logged.exe
"C:\Users\Admin\AppData\Local\Temp\Logged.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Users\Admin\AppData\Local\Temp\Logged.exe
  "C:\Users\Admin\AppData\Local\Temp\Logged.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffb7e7e46f8,0x7ffb7e7e4708,0x7ffb7e7e4718
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3088110556963229177,9647969943891805883,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,3088110556963229177,9647969943891805883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,3088110556963229177,9647969943891805883,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3088110556963229177,9647969943891805883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3088110556963229177,9647969943891805883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3088110556963229177,9647969943891805883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3088110556963229177,9647969943891805883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3088110556963229177,9647969943891805883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1556
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff683e85460,0x7ff683e85470,0x7ff683e85480
    3⤵
    PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3088110556963229177,9647969943891805883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5408de1548eb3231accfb9f086f2b9db

SHA1
f2d8c7e9f3e26cd49ee0a7a4fecd70b2bf2b7e8a

SHA256
3052d0885e0ef0d71562958b851db519cfed36fd8e667b57a65374ee1a13a670

SHA512
783254d067de3ac40df618665be7f76a6a8acb7e63b875bffc3c0c73b68d138c8a98c437e6267a1eb33f04be976a14b081a528598b1e517cdd9ad2293501acc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
254fc2a9d1a15f391d493bff79f66f08

SHA1
6165d5a9de512bb33a82d99d141a2562aa1aabfb

SHA256
2bf9282b87bdef746d298cff0734b9a82cd9c24656cb167b24a84c30fb6a1fd0

SHA512
484a1c99ee3c3d1ebf0af5ec9e73c9a2ca3cf8918f0ba2a4b543b75fa587ec6b432866b74bcd6b5cdd9372532c882da438d44653bd5bccdbc94ebc27852ff9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ea55956519253527171eaea559eb919

SHA1
89e1939abd8bd18610b912f13dd1fad246794a43

SHA256
1b04020fe6b8f6553dfc2ef7dcc8bfc17e9f871a2b4b65859cf0f256cfd8b577

SHA512
146c113b68db0b8affbdba1e26b5f256341a8146af0aa164169410aea23b17c73d2a69d6b44c7410b5d9e57bd7940429e85f66b9ef50796ed81ccaaf35788516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
09db0e847bda194d4a71f1a4d4bcef4c

SHA1
b706baec0f788c09f3a4a6fd537bde0364d52cd1

SHA256
d78947e1e3f39421f52117e2c4fb187500422a9470a5ca9ea33fa10483748b88

SHA512
f5698d612c36aa870a3308bc9474a8c303dbf60c85bb350a3fb1dc8b7a72b293b465ea8b341424f4279198a869db0896a9aa6c85a7f2b59438e69a51251e65c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
48febe0b0625901956573dfb2378e7ed

SHA1
c324173a8f8fd7a6a7398f6bb24dd2ee11d3cf24

SHA256
f0fae7ad33efdd05845d0d631ce8341ea4b6dfd4c45be844f0c117738df9c0d0

SHA512
fc38a0c64e67e3b5d43f787fe86f700e6f753d8e90bcebc446d4a8c631b9e4362a74fa862a5b2ffc74f3f5236d3ecf006b341042b5469d1cc24f2c325a607a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c7372f6f9d0923743d6d08f6c8bc97a0

SHA1
fd0a415ddcf1bd2654e13ced6c05ecca2bf1fd7b

SHA256
d83590f58933f76e77c19f2b22cb9a251df97acdac420fb0d58dbf3e4dd3690b

SHA512
eb02d57f466d111e4f4b362b8cce2f0768ba9b3ed4f727092d4ac4c96204d3470b91e1b46ae297fe2be83b0485cd25b76ab7c2e1b20ccc141899ba41aa27ea2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
ded79ce00626aadfcb464679b5dd924d

SHA1
abd66e26c891983fc403c152426d1b999bf85061

SHA256
3d69fa42fac464eb28197f0675b222c0ca970b718aa44e590a6a70d822c218cf

SHA512
1c7a44d3124891c214a1621383ee6b48ea0170034e2e034f261939e448cb4ce927d91a88e86134600486d56d5e148e3edc955e140cdc7b3ebd55540cb1c54336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7b4b3b761f7c0ab0590c7103ac2557b3

SHA1
0b2d5092469a268ce56dc739dbc7829e0457c4ad

SHA256
4c819e194b222135cd9993bc78e44aecc82170c26cc1ebfb73bfca5da4b4633f

SHA512
6edcafd968b7757550534835eab0265177c705eace2e4eed2007ee3dd0437f630a0babdad5e15a50585b4424e36451a4a9293749ad070526f3cd837fef56f83b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\MSVCP140.dll

Filesize
564KB

MD5
1ba6d1cf0508775096f9e121a24e5863

SHA1
df552810d779476610da3c8b956cc921ed6c91ae

SHA256
74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

SHA512
9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\_asyncio.pyd

Filesize
63KB

MD5
61a5ae75f514b3ccbf1b939e06a5d451

SHA1
8154795e0f14415fb5802da65aafa91d7cbc57ec

SHA256
2b772076c2dba91fb4f61182b929485cc6c660baab4bce6e08aa18e414c69641

SHA512
bcd077d5d23fdab8427cc077b26626644b1b4b793c7f445e4f85094bd596c28319a854623b6e385f8e479b52726a9b843c4376bf288dc4f09edc30f332dbaf13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\_brotli.cp311-win_amd64.pyd

Filesize
732KB

MD5
0606e7d1af5d7420ea2f363a9b22e647

SHA1
949e2661c8abf1f108e49ddc431892af5c4eb5ae

SHA256
79e60cd8bfd29ad1f7d0bf7a1eec3d9abadfce90587438ea172034074bc174ee

SHA512
0fbb16af2523f374c6057e2cb2397cd7ff7eee7e224372fd56a5feada58b0cebb992a9889865d3b971f960ca5f3bc37ff3017474b79ccc9b74aa4d341b7e06fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\_hashlib.pyd

Filesize
63KB

MD5
787b82d4466f393366657b8f1bc5f1a9

SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b

SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37

SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\_overlapped.pyd

Filesize
49KB

MD5
7db2b9d0fd06f7bd7e32b52bd626f1ce

SHA1
6756c6adf03d4887f8be371954ef9179b2df78cd

SHA256
24f9971debbd864e3ba615a89d2c5b0e818f9ab2be4081499bc877761992c814

SHA512
5b3f55c89056c0bf816c480ed7f8aad943a5ca07bd9b9948f0aa7163664d462c3c46d233ee11dd101ce46dc8a53b29e8341e227fe462e81d29e257a6897a5f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\_ssl.pyd

Filesize
157KB

MD5
ab0e4fbffb6977d0196c7d50bc76cf2d

SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714

SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70

SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\_uuid.pyd

Filesize
24KB

MD5
aea6a82bfa35b61d86e8b6a5806f31d6

SHA1
7c21b7147b391b7195583ab695717e38fe971e3e

SHA256
27b9545f5a510e71195951485d3c6a8b112917546fe5e8e46579b8ff6ce2acb0

SHA512
133d11535dea4b40afeca37f1a0905854fc4d2031efe802f00dd72e97b1705ca7ffe461acf90a36e2077534fe4df94d9469e99c64dbd3f301e5bca5c327fdc65

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\aiohttp\_helpers.cp311-win_amd64.pyd

Filesize
37KB

MD5
4b5dcc46170e4ac810a59ca5b7533462

SHA1
1eacf60fdfd427909b54f83518612a4638930225

SHA256
704cdcfca773ac658b8f84335f29630707c216f739f7fa5970b1be57f13a5b82

SHA512
c2e5b9b40f267f375234be9a562882faa1a0e82f32a951233464d27879d0b1620099bb800de3e96be277bb3bb44ff421a98a2f0c125f28652c2b6415d0fb4dea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\aiohttp\_http_parser.cp311-win_amd64.pyd

Filesize
203KB

MD5
a7b4711c5ba1866745485abe14101ac7

SHA1
c37158cbd0fe67f8acd61596f63cf62bd2985431

SHA256
6688f3dd5b7efa8008c5ba776f32cecf5b42887b1b9ee21555ae3e0d4f13d2e0

SHA512
f952ad3c21b649e13e64540713a61db6d49b394ca5d62add7a5fec2186a8d27131ba038d449561b77670d3deb2358a8254e4e205ef20228e27b1eb8234d0e843

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\aiohttp\_http_writer.cp311-win_amd64.pyd

Filesize
34KB

MD5
2f2a2b2343549e990419df0977e3fac9

SHA1
5724b63e32bda7d36285f79dc9ad57fc97ba5415

SHA256
9569b0b501a0235388d075baa4c84e5d571169ac6ce3ae9220cde31a5f208b94

SHA512
a1b99dcaf01666c3ab9755d55001f3a18344cd70c386ce1b2233b5c6b8248b59d95804b450f9ee9c2f51d6293c4e748b9347540ae3f247418a1673bbd6ef466a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\aiohttp\_websocket.cp311-win_amd64.pyd

Filesize
23KB

MD5
aa40ac7a7d1d9a10da426701ea49508d

SHA1
bbd083535e20ea00bcc40de7b9e625ff5c74851e

SHA256
b892cbaf1a5b363fb66768194cd4d466916e81981bcb63c2989277114a4b0c10

SHA512
eaf14159f5f1b70dcb5e6416804f306ec5f4c235abf431a27bc421861117be8c6ec5326c8c703c4c3764b771e5dbac37e6b93ac05f9a632bc83788c476eed8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\base_library.zip

Filesize
1.7MB

MD5
df673df8c5f4b100f5588b8cf1834b68

SHA1
dc82a6a581fc4ad98ef94046753a107f3079e2a8

SHA256
61f8ceeb90d4321ea6b9593627ee414acac0de654327e703c679aebc8c520c6f

SHA512
6836c4bc80a15b89401006d1b061a7ce7c1431b742dcc903bcf027713bf8886189f88e8937dd13bd2c5e21671063adb09939d1c1fcf2db755d8935abd846dc3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
fa50d9f8bce6bd13652f5090e7b82c4d

SHA1
ee137da302a43c2f46d4323e98ffd46d92cf4bef

SHA256
fff69928dea1432e0c7cb1225ab96f94fd38d5d852de9a6bb8bf30b7d2bedceb

SHA512
341cec015e74348eab30d86ebb35c028519703006814a2ecd19b9fe5e6fcb05eda6dde0aaf4fe624d254b0d0180ec32adf3b93ee96295f8f0f4c9d4ed27a7c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
113KB

MD5
2d1f2ffd0fecf96a053043daad99a5df

SHA1
b03d5f889e55e802d3802d0f0caa4d29c538406b

SHA256
207bbae9ddf8bdd64e65a8d600fe1dd0465f2afcd6dc6e28d4d55887cd6cbd13

SHA512
4f7d68f241a7f581e143a010c78113154072c63adff5f200ef67eb34d766d14ce872d53183eb2b96b1895aa9c8d4ca82ee5e61e1c5e655ff5be56970be9ebe3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\multidict\_multidict.cp311-win_amd64.pyd

Filesize
45KB

MD5
b92f8efb672c383ab60b971b3c6c87de

SHA1
acb671089a01d7f1db235719c52e6265da0f708f

SHA256
b7376b5d729115a06b1cab60b251df3efc3051ebba31524ea82f0b8db5a49a72

SHA512
680663d6c6cd7b9d63160c282f6d38724bd8b8144d15f430b28b417dda0222bfff7afefcb671e863d1b4002b154804b1c8af2d8a28fff11fa94972b207df081b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\pyexpat.pyd

Filesize
194KB

MD5
48e6930e3095f5a2dcf9baa67098acfb

SHA1
ddcd143f386e74e9820a3f838058c4caa7123a65

SHA256
c1ed7017ce55119df27563d470e7dc3fb29234a7f3cd5fc82d317b6fe559300b

SHA512
b50f42f6c7ddbd64bf0ff37f40b8036d253a235fb67693a7f1ed096f5c3b94c2bde67d0db63d84a8c710505a891b43f913e1b1044c42b0f5f333d0fe0386a62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\python3.dll

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\unicodedata.pyd

Filesize
1.1MB

MD5
58f7988b50cba7b793884f580c7083e1

SHA1
d52c06b19861f074e41d8b521938dee8b56c1f2e

SHA256
e36d14cf49ca2af44fae8f278e883341167bc380099dac803276a11e57c9cfa1

SHA512
397fa46b90582f8a8cd7df23b722204c38544717bf546837c45e138b39112f33a1850be790e248fca5b5ecd9ed7c91cd1af1864f72717d9805c486db0505fb9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48682\yarl\_quoting_c.cp311-win_amd64.pyd

Filesize
65KB

MD5
0edc0f96b64523314788745fa2cc7ddd

SHA1
555a0423ce66c8b0fa5eea45caac08b317d27d68

SHA256
db5b421e09bf2985fbe4ef5cdf39fc16e2ff0bf88534e8ba86c6b8093da6413f

SHA512
bb0074169e1bd05691e1e39c2e3c8c5fae3a68c04d851c70028452012bb9cb8d19e49cdff34efb72e962ed0a03d418dfbad34b7c9ad032105cf5acd311c1f713

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ffd78d55698e4b5bd347d3c6f34c16ed

SHA1
f2f66a737f9d7677fa7166b7ac1def178deefc44

SHA256
59302cf5edbbda45995b57b77895b6dcb89ae2a4f172dbddd8376d6256c0f21a

SHA512
2069e9836b8656b211c53f1d47f1034a72c5da80a7ba77748c2e004531414234db6d5b668748765051cfb836631adb651af100d22af06105ad1391239ee76685

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7b58e95fb88e27980ee933eb9be8e28c

SHA1
1c19ffd870b51c8f08257825ae3858057ded0044

SHA256
e8e6496a166782ff914fc67f79a2c225cc3f5fb9d2a63071b4ef13c33a3a7cf3

SHA512
f57b283d278d8dba84f72c9f822999bb21ae1c2597902f69b6ef873d08cfb8c8e4e57dc581c0f98df18a58877fd1c0e6d9b5320e49d2ec4cda7906e9a022d299

Download Submit