hxxp://elan[.]nl

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://elan.nl

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
1380	msedge.exe
1380	msedge.exe
1112	identity_helper.exe
1112	identity_helper.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe
1380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 2888	1380	msedge.exe	71
PID 1380 wrote to memory of 2888	1380	msedge.exe	71
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 1864	1380	msedge.exe	83
PID 1380 wrote to memory of 116	1380	msedge.exe	82
PID 1380 wrote to memory of 116	1380	msedge.exe	82
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84
PID 1380 wrote to memory of 1852	1380	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://elan.nl
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb2ab046f8,0x7ffb2ab04708,0x7ffb2ab04718
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,1160003788199640811,6500919355447652160,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x40c
1⤵
PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e2e6954b953053c0c4f3b6e6ad9330

SHA1
cb61ba67b3bffa1d833bb85cc9547669ec46f62f

SHA256
f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

SHA512
eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2ba761b3-659c-41bf-b88f-7f746d2d9d47.tmp

Filesize
24KB

MD5
5a478f1e08816969e8214f982850b754

SHA1
1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

SHA256
665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

SHA512
7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
69cdcaa362477a59458650c10a5972ca

SHA1
1cd567380ec4a88092815ede88eb276246fae292

SHA256
ab58b1a4f438d86212ea6eb9fc47f8d75df4da4e98e3f501ce896f363a20ea62

SHA512
ecdcb5aea6cb797c32d03f89703ab6cf953a0ee049a2007a6b2ff1a03b99a6533a5670b09daa1a86c1c6e0dbe6d70e4e6d8fa16351c26ecbc7301fe05bc05ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
65ba284ba70c5ce54ffe10844572f5f8

SHA1
ed89478c248a286c314687f86856b22124305c15

SHA256
f90d2ef76596c1089365e427a6c3417ef6122dda268e8897e1aca8142024f107

SHA512
337eb620a49608a95048b50c24869877ac2d8af4da024e59509126ddb1173a3504e722f8ce8d905903d63c276b01261a8d4d525530070ad7ba66aae8d352b2ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a40306a8af0f630d4a7a23b461da0f97

SHA1
d5836d5cd678846b986c5a178be49c9c7f345aee

SHA256
71561c87577988f091dffa20cb051c5b50f920b27beff62712dcf1cf442f4bec

SHA512
704f668b1d84296f2f43714725525c06df4c8ac47442a2f6cf3101592d03cd44b8d9ca3bee0c814f34635f7e7b38decfb6b503e81733439a119f2d66b163e333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b151917e024d64cbf33e91ecaadccbc

SHA1
35e585afccbfce75a74c26e12ee51a68bd9d4938

SHA256
a351f37b4d5cf4e4d9f659246b8773c802881ec081c061ef35627c4e2aab2d27

SHA512
f7643362a522b4a33b45b522af467ea16a94abde1d6c05a2e445766e40c89ff1c4ab65a54fdb55c65093e7bc9f0b25d55b4a06da1bade3474a15250f3d307ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
960483c4b46c8a2957fb69176b0de37d

SHA1
23bff8127fb88dc82af1f8122897079d3052301c

SHA256
08806eb8440a75960147a383f7694a2ba101e83f599e91317e4be5c9715693ea

SHA512
4c904611123b81f3ffcdb7532fd2a006efa4364dcaa02c0a514d112ad38757eb29e83bc17f4f1f45ccd8df4168af9f496738ae5cec63f25b7d728de0d8cf8307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c47f531ad1f6f5631a1e0538c6d32e05

SHA1
5349d014d03894669d902783b52e8764f6ebc38a

SHA256
9b914b5189250ad8e127e255c7e9b1cd2668483cf862b6403404c211438ed52b

SHA512
539547da0fd085063b609ef21c2307544304b872bd0717c46e83d7d35f060cf760be95b7b5bbbd387ba09b9f02773c295acb7efd26384dcfddab6709b5d6dba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b7f26b0d3f9e2f0f477ad7f9dbd7043

SHA1
328d9de103b059edc0b047fa16ff7dd939fb3aca

SHA256
dcb6ccec7bf5f08436bc5c2e7789c0a9fe4bb2898d3b8f0abdd4c91e4e882b3d

SHA512
06be445cef829046d8991781506472428e377612265f2a9f4002a506ad4f8193db3ef508999284f64aba920935dd5f905266609b817d4f7d141f306cf5c29440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26f95780244b35db3a2a9a2c34d368c5

SHA1
6ec562d0581333c5c1c039a8289f06e4031eb190

SHA256
ff4d3dc6b1e6633c85e9f5a496fc1a6ca5a44c764e5a560e66d2942266bbc440

SHA512
29ff3dd68c138fad52d3d9ad556a27da4f1b7dd14704c58fa3cf331d0fd0df9f30a529b77a2d014dfa30a1556ab294a3f24b79343184ab34775bd7821649b067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
30f469d0177f11da5692a30d07f60c6e

SHA1
720de2141585d9a640258c1e9632a23645750f74

SHA256
047be0c0a457675fc0caee252b59f10216cd21745d1597320fd331cee3d33cc0

SHA512
7c9b107d83d1ea25b8c578c8ebbe7484559aed6acc5a4360a91ee9c44ad61bd68932ca0117eecd18fb35273995ca1885e8d8b14d17c18e6524b4cd0018b5da4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f56dc8559f4c8b20d8f0b513052da2f

SHA1
6ffd783581fc3be126843f84e2f8d51a6fb08d42

SHA256
3e81f25887d54358ea1e46beb77564c267b8ca4b3af069e161a3c52371b4d1c5

SHA512
8b2cb59bf59513749bf63a37d1aee52c8d6dd7f748fa088abc74adf96c32a5e4329ca426ccd60c9f045ecb3ffa1fea9ff1c196020591e4e9302d7467d6d62579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
224310c33ca9e9e280e28ecc37e1b88e

SHA1
d1621a03dc9d5f95cc7c3296136a8673a6214f54

SHA256
e45d6951c0e2c717603573818d0a1331895c76fed6964ec11833c6ab71b12b59

SHA512
5be16caf4a7d798b948ffcb3408e1a33260ca9b883c1e0370c1bcc01f0d044fc390f9d986e0f9bdf4226d86dd260592b353429152c82183a08762bea4f0a014b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0fb95619c8fc9a72727e1147fede742

SHA1
6125debbf04261ffb6ff5225e630eb141e69f4e0

SHA256
af7494095a5266e0020b813f68dbf5c20dc2536bd92eddde1389d8ae60a62061

SHA512
9b458d905835bab0ff9916a0fdcc64f669f2928c266b0f032f283004c240f661b5b971aa0b13f6116a50b3385a74cc2ab0fa1bf8a4dad8e4b8ada1930b1d26e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5610fae127ea01218256a147d3d07d72

SHA1
ac0b43643c267b298b54fd9dadc24564892325c3

SHA256
9db82a6a6cd4d1f2ff75d1088b22ae0150f7bc63944725d6d1e69503672a95f3

SHA512
096feeb865bb5c36e268c41145ce97bca2d056187747f1f479c90705966227e3fb13a955f5dac767754000e2486a73b42949c220bad7ceae011de9b25e1b4207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0d6c8ffeef20160ddf4ea060e3d9f88

SHA1
7fe98e452166735c298275a20eaff9413f2f75c4

SHA256
fad488eb9309b0a0ce6144a4a1dcd87338bb707efe4443132219f7d91a764450

SHA512
70c0036e51ff021405d516d735f0ac44c6c1ca57b62c3b0a3b6d474a2e17b49fcc45e8b71d49997053e0de7ca8687126829b0ae3300b2a21c66218f93a214daa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f201.TMP

Filesize
1KB

MD5
bccfcb4b931b0dc829cd6cb864953045

SHA1
c712ecc8bd17d24f4879b31d4ad8031c1e78c35f

SHA256
f6a7893209181ed19b40cf01756e0655471221eb07a57d1653d47c2fe481fc3f

SHA512
d4b56cef0c391bd841fcdc049b2ebfa1b8dc1254314541a069148940ff746777aadae399e66989c42e2fb2560e2f500d469c0f12eb2e0816ef20c1db2b9b37c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d5cd209c0619af645d555cec27451015

SHA1
876e689d014289ad063ac3636bb82c7673ffc0ca

SHA256
b1ef69b5053e063a1b9e89cf5a8ea756c713d08dcafc7cf4c17aa3a2c434ca77

SHA512
ec0566f47e4147206659f6e1f0e270e04306b4c281126f84265a6ab518c23796c4d80a464bd7ff48cde450a96548deabebdf2dc638b4142e34559f81fc8c4a49

Download Submit