beed8252f2a42d067f0e24e333ef0abfcafc5a506e1331c94aefd49a4b52ec6d

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2023 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

www.3dmgame.com.url
Size

122B
MD5

49cbfed4fa9b3fafdc9d499b6163fa62
SHA1

28decd9138bd3f7b3ef38bf9e40cd0d6305d1cdb
SHA256

03df27e82600098c34c413cc2e45b43638d3ac33666960cfbd913f1c3f9a0b11
SHA512

64e91ed564ef64d7687599012c4728b811fec2661dcb7941374cdd3a8450563073c67c452d97d43545f49182fbda2c26702dd35088723ace21717282d1233627

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1160	msedge.exe
1160	msedge.exe
1752	msedge.exe
1752	msedge.exe
2176	identity_helper.exe
2176	identity_helper.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe
1752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 1752	452	rundll32.exe	81
PID 452 wrote to memory of 1752	452	rundll32.exe	81
PID 1752 wrote to memory of 1972	1752	msedge.exe	83
PID 1752 wrote to memory of 1972	1752	msedge.exe	83
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 2468	1752	msedge.exe	85
PID 1752 wrote to memory of 1160	1752	msedge.exe	84
PID 1752 wrote to memory of 1160	1752	msedge.exe	84
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86
PID 1752 wrote to memory of 5028	1752	msedge.exe	86

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\www.3dmgame.com.url
1⤵
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.3dmgame.com/
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa905f46f8,0x7ffa905f4708,0x7ffa905f4718
    3⤵
    PID:1972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
    3⤵
    PID:2468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
    3⤵
    PID:5028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:3656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
    3⤵
    PID:936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
    3⤵
    PID:4780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
    3⤵
    PID:624
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
    3⤵
    PID:3700
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
    3⤵
    PID:3088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
    3⤵
    PID:4520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
    3⤵
    PID:4032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
    3⤵
    PID:2496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,10825134142243896020,14373117062268046882,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5944 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8532eca3-618c-4545-8749-138a5b50cfe9.tmp

Filesize
10KB

MD5
c13afc49e49170986af46bcf965c6b92

SHA1
6826ae9eee47c1d36b1ed43bf695d9757b27d4bd

SHA256
1157628e78c3f3d2792e307c0cd1e7a6d23e264e6562055f706f2608cc09ebbc

SHA512
a3610b167f476dc01a8981a2c88c4387072ee3bd606c644335742d65b9280691566f406c5efac66f421b5000c8e027ce0c5f9f7dd73a65811e3cf04cd80f55f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
c1670e3bb38b9b3ecd41c52154d944ae

SHA1
949b7e4496cec2840d6239ed917463a6e71d54f6

SHA256
2c984393f046551373ba6393b82f5da6a4abf931fe203d0006f010bf13774d4b

SHA512
f306c663e9fbdce78650f85b5982234f973833137bf75a1036773e3921407aaa4ffcaac462fbd15c5a906db3898eae162a0da73dbd4ead52b4a9c99473fbfdbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
990B

MD5
3d25c484504e029c2b3d020b25a5cfc2

SHA1
cdee148fedeb85a36ac9db26eebe12b6e160aec2

SHA256
df482e11d4daefe5a0fbdda4f2705a32b491d3e6697fb1c1fde6c4908614cc3d

SHA512
9d9253afb051e46e870e693cdfdae4f5347e798ac37691c5c64a3dfd28105a64b48cac683fc4750a76da0988cc60feec2cec0c1d965a2d37735f10457682b6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b75983684a4c3646a350d3581a58ef29

SHA1
6fbeaf788bd983186ae7af9158e08adef45554d8

SHA256
8f5869b24067bc0a3573efe89b3c35a61917a5e85e9277c7f4124b64a26360e1

SHA512
45b08fa796e2869a6efba5137d5d24aa30747d1a60a8b5cf3edf98c6f04545d6dc229a635895fd461ad8ff0c23caf967c849d2e08b1287353d96ffa9f0bde624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
94f5f1ab8502b51e4fec3ee153e31bfe

SHA1
6fd683bf92c82b7af0249b711a471e580c7ecdc7

SHA256
b81015bd9f6ec1fa29314788352618c1d41a9e12b2905f923f965db291d5d31f

SHA512
0e596c9b32e2aa2c76ac30e0057655b790d5b91b304af7c1b46c86207adc4b59701cd20a36e100f792f602ddae2a09543256204d643b2f49dc83755084b01cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
40223e823f7ddf436e0e1d10de39ed94

SHA1
a44ea350fe919bb8a7967dfe1df7fd2338917d40

SHA256
0d7d3fd07d32e76c0b8f6a975754bd62a92cb3d94a6dc272e8d902e8b6668797

SHA512
5a44b06ab6e7c0ca5c4544b430ec55ff55fd068b974655066c5758624eec0d53ed1d2e8ef69db61bacde11a5f060c106337c3f4dd241b1eb381af1db5f92a168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0cd5ebef4f2546ed48eb1ebd2b77af59

SHA1
9c6cd46097ca135303a092fccff803466f6d3014

SHA256
0123b618f135e7e9106476fd833500ad6aec87aeb92b8fddb866420e7506d077

SHA512
5646ab471fe3cc2a6d059f7269eeea88260da875d095dca2100b5c830213b693709eda656fc9e157a7bf6a6cd3a0fc4e9e0e9bc550994040e8e31d95fa322bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59c2e5d1fad1c4931d4d135526ee9f3e

SHA1
875c39f28ab97983a1c5b5894564c198f01f0ddd

SHA256
650b9e56ca4e6adaf8a06f13281c9babe9aebaba0728f92a1d9cc8676b05cf30

SHA512
e3a7fd4b776e1ff4ad518aa2f3d9551fc25f3d30ec407d822d23580b8c037451eb80abd81a168cee691e6d83ac92606ed9403d004eaf51ae577dfbe60db6b1c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c4d1ab41e4f184a6dc2b44ce969dd30

SHA1
efd165de85107509fd6d177445c3cb06d1ab3c2f

SHA256
9531737218bd65759d6be8ad7edb3f86b5e609c815c28de556b541f968762793

SHA512
5a8a09c3985ccae784ee2674c7032427eb3db476f629622eed1e80ad02b899ba3d5fdbd8fa3c3646ad238b7934a8aabfe14058187f88fe3b6f759248f9fd3e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bf065f618d7ff10816acbafe1aa4117f

SHA1
bf5ceac2c14837c38d5f4b9d258de64bda980165

SHA256
d7a98bf13c0088027f2b75389630942ce42ef03bc1125c4e104389cfd64d5ef2

SHA512
ddb7aab3deaa31ae030b01d7440ba7ee53c5325f387098ef4a1e5a7875c090201d467ae49c8ab0fc6bc485bbd508f369185271150c3791f8f795d973d835ca67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f29d.TMP

Filesize
704B

MD5
bdb460e073c9cb4ee008da840e0df4e2

SHA1
3715c211b6d482d9c2c6dcbc36ab3e8d15d4d6e9

SHA256
5650f1378c1980ba9c7f915bf1509e638d856e583537dcde947daa1306fbc979

SHA512
eba2c753a644a18d1c66a50e761825cc9faf4d8a09f5bf71919deaf6b787420ed2eda5168c4461dfde2ce0f8abfe04d76e167b103aec40b5741abb61ecadbb2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d3727661-49a0-4603-bd9b-a467b01e7c2b.tmp

Filesize
24KB

MD5
96f00bbd6a174879c58220f95f0115f5

SHA1
d3d7f82b0bf27daf1b3903bfe050c2d05422050f

SHA256
644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

SHA512
e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit