3a37e9638bb18498156689fabcc98cc5109481faa85a9c006187b14ba3e3fd05

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
03-09-2023 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

www.3dmgame.com.url
Size

122B
MD5

49cbfed4fa9b3fafdc9d499b6163fa62
SHA1

28decd9138bd3f7b3ef38bf9e40cd0d6305d1cdb
SHA256

03df27e82600098c34c413cc2e45b43638d3ac33666960cfbd913f1c3f9a0b11
SHA512

64e91ed564ef64d7687599012c4728b811fec2661dcb7941374cdd3a8450563073c67c452d97d43545f49182fbda2c26702dd35088723ace21717282d1233627

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
2532	msedge.exe
2532	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2532	2108	rundll32.exe	85
PID 2108 wrote to memory of 2532	2108	rundll32.exe	85
PID 2532 wrote to memory of 4328	2532	msedge.exe	87
PID 2532 wrote to memory of 4328	2532	msedge.exe	87
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 648	2532	msedge.exe	88
PID 2532 wrote to memory of 4440	2532	msedge.exe	89
PID 2532 wrote to memory of 4440	2532	msedge.exe	89
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90
PID 2532 wrote to memory of 1164	2532	msedge.exe	90

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\www.3dmgame.com.url
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.3dmgame.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffdeac646f8,0x7ffdeac64708,0x7ffdeac64718
    3⤵
    PID:4328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,97328279330707392,13672300605299394677,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,97328279330707392,13672300605299394677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,97328279330707392,13672300605299394677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
    3⤵
    PID:1164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,97328279330707392,13672300605299394677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
    3⤵
    PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,97328279330707392,13672300605299394677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
    3⤵
    PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,97328279330707392,13672300605299394677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
    3⤵
    PID:1844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,97328279330707392,13672300605299394677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
    3⤵
    PID:1276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,97328279330707392,13672300605299394677,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4316 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f7e75a88fe92d5147528c475c6908243

SHA1
7831682352cfdb17da7174cea8674e61e6fe7ff6

SHA256
4faebaa12ccf24466cb17632b61174043ca23e183a44b29e9e3f6cfc2ce3192d

SHA512
f210c56502e232b9e9b47c13eeb941a2ae7ee5b7b27742902172935e8986b23292151f21dd2d930d384b4dc74af032297b36947d1f8251ce5208cbdf93a56ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
696B

MD5
d1fc37a76c0c56a8c409dd044138ca79

SHA1
ec0d8b59cabf395e993afcfa06f0651bd1553fa9

SHA256
64135bacbe8930a42e1f570b7a34f38cf1ab0db14b1198a6efa6bf9f0a9b596b

SHA512
284b3a729debc365866abfe054fb800b9848f062b6f52ae7bddad9ac6c3c41ee13c6f25fca2bd5510c259cabb6c5a90f96ca76aee1d3ab89484046fb31026a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
46096b4a4a4ff5e9cb2209fa12f053c1

SHA1
51c787dbe9d7f464e1297f67c51161da608c3910

SHA256
cf6fba61a249b3cf97646f2176b360b1ec1cabd9f0f612a8fe44dd179b606ffb

SHA512
14685f49a62bb68616b937205846394cc10f2b8bc5f8307348fee1a9b41e54f6fb952af350e12b1bf1f8f0facc004047d1d8cd556b7d8e5cdd44fc14330477c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
849B

MD5
6840cc3953e157888fdcb9cacad864c1

SHA1
fbd519a935786878bcd294bd6889d64c0ad7b323

SHA256
0b4bbddf151a38dbf891faa6f091716240f67cd85b4efac0102d4fdc0967f1fb

SHA512
7f19664b4dea25cf59dfb0eae5cb94d82c18a1231c951f15d901c2bc4254f150fe0eb889b9942c5950af089f4367fbfce258f9bd01bc5174fb18585f50d3990f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
854B

MD5
0aac30f2051c9b749c7ff561da7e032e

SHA1
d4168cdeab2016fd20aa2dc3947effb8381744c4

SHA256
da3953cdd342715f18af42b4d4bfdf1d93e65519e5ac4b647e2a220bdd4ee160

SHA512
402efccd19f9879a98fad16f74ddd330bec064dacb80e3478997e2ac474045732517277c5504f9900ebcd770344f95400abd0479efd4743d94941e13fa5a0268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
995B

MD5
3d2d3311682ba1454fb1b28755625ad9

SHA1
15b71df164b5df2530fc887ea51545df4ef11180

SHA256
28f68bd834707b869beb132e30ab48098be28e31ef5ed59e6be8b00d1dcbf82c

SHA512
26b9231466fd8f52bd45574a8b348c830c75da41a5e000296116f15daa5232156034d480967d314ec6f75584c241d38191eee6345b7718da09110e57b991db77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
63570ec11fa1195b66d4bd4f27a439e0

SHA1
2079fa36ec2e041140714ecda18c5ab4fa698b5a

SHA256
87dbede8f1d76051e4700e0e4cd658eea973bf4f25a654dceb53f6c040acf3f6

SHA512
90990020bbdb0bcce02f8b46d8c57a04c379f9f56d069e3eed652bf62c5537d527c056102c2f35639747f01e70ac66834ec0e798cd03266d127255f6c9d84db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d748acb05a7cdbc0a72c389535d2eaa4

SHA1
29b7b237a7efd5e5d35550492923f55af14a2731

SHA256
ce758ab5352451d23242a645517e1ba436143be4185f5ff6d838b32bba4c9187

SHA512
d8d2cfe27a8e3a90f31be75720d10afcb6921fef2daf21ef65d200bceaf0f96f6fe6cdd46cec82daba2694a46210d7b86a4dfa08c89777e8d1510bc6b43aca66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
47a2280c34e448a310b5495dae852db0

SHA1
58cf8792f512f4997f2e6945db5c48fbb61c0a0e

SHA256
8181050d2b122421a1b9a477b6939435ed0bef4bc83a2eddeabaa6a397ab04ec

SHA512
687d7fbc1d66eb95e6857b804815fbf9c87457035fc7de02162005155a9171c0fe2b4578219f89e78e2da103577ff5eb1b9c235c3945ba260d9dae6ed842499e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
88d76733cde18621ed7567c0cfda2ab7

SHA1
41859bb156cfd94dbd7bd185567df2a9a5479998

SHA256
17a4767dee231bad758aa0b51bd7b7d8e6201c936e5b58aa76bbe5275c0c89cb

SHA512
e6555a48831412daf4af0a0039b47611428984d22ab0f851c62e68dfc9f91546542d0d68c759a988cc997b0fb1998e7aec10fa918869ed15742bfc4899f72f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c78e2bd97a7977818809fad7fa3fbf00

SHA1
2f2d6419ec5d3e881c68481e4a0b0a91b8073e7a

SHA256
0558ad64868144b531cbf48d76e1c3800fd3e758555b97e1d61fb926c45ffd39

SHA512
62501b91da4cb349c91f4d262258f209de5e601c52d62d81bb6303cc4b7929e07efafe1640a9b73f6166a61ddc079a0b0bbfe37f414ec0e66c22248dad58aabf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f43dad239d783960fbdad8123b4a5904

SHA1
21a1c97bf75a2a0b0130712f47e390c09e390df4

SHA256
cfe6c972f2241eb47f6f1f86dc0d6b1158be8eb68f1a50c3ab06924cdac8dca5

SHA512
ddc6e567a5388487e0dd39f00e7c1bbb990ae142af3868b377d19beb2fdd285aaabd2214cbae465bd67b89c26a7531d5758fc2030a4e27c51457f4cc66ef43a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ece3c8ae0ca76d6e7b6e32961a76a2c

SHA1
1a73410fe30f05e0be6170d82dfeccdfdb3a2bc7

SHA256
a0bb3237c18500528b7ebf0880ab893e2b9de32c289902b692dc072cec47b5ea

SHA512
369f5ce5119b566aa2c3b87ed9d1cc514233100d09d04035b6229ae803305ac0438a6ffff111d84bd5b1e039eb63ab08d19c141ec387dbf87ec16df8a52d64b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b504d019bcd65e85f857cc1f384b7bff

SHA1
9b46967afd749763ea19828262ae7e72b8927ed3

SHA256
011c5321f34fbb0019e8bd82c9a63432a171691f9c14104548c5ec11e8b7b360

SHA512
093c7bddf147a37aa9afb65132537252d211e8ce7f24b0992fd87a39b382da61f3c65f5773c5dcd2f4c26e0784e452e36da9f87e061b86f22a9a45953fb873ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
877d4b308ba51eae7d674f4a9b02379e

SHA1
5f29165250267b7c287cdcdf70c01890fc2011e5

SHA256
07aae27896bbd5e458efc4eea112f3d470ddfef75b4d9da9dea10dd9e214f124

SHA512
7d9b860c806f326ad3f2a30730491bd8e92d077476a241abde57a0ac79dc954d70e274b4b4f4748cd401eb53ffb635e7ae9b00d9c890d6c14c1046508e22babd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
705b44b2aab09525f027933a0c2fe7df

SHA1
9151232051fb5ac6416a6e7db9b6adf28aa50eac

SHA256
51dc7bd210e32f577319cbdd814c33b3077529b2efa18158f59b136105fbc02d

SHA512
21e1c65704463b01deb9b0a6bb68a4e4622f803e94ec8c2919f2446d6b5601045b2153c30c8587412d5fce71c861054e83d6afcf8470efb6b4c00674f049adb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4aaff8c2b3cc81a58be2331542969906

SHA1
97a288e1c932b98665f38b222d467f916e5dbf0d

SHA256
873c7e9c6ddff1e7201d9f4ba252f282886f6dface93616062f0a7c276e5eef6

SHA512
8f6f289c8846b1a8d15849e6af4099fd00f95cfcf3ff08b4c0ca0d4842b3855d2ee59c925c25fb86fd22d5969d3d2abc2e54fdaaeb53b23c278a443223896191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ddec.TMP

Filesize
704B

MD5
f096a29a7d6e1d6df85cfa5ac06e533f

SHA1
7cf0b0ba9a4640c9342cfadec57cec8b1c54890d

SHA256
be69e89f7f39b251ea94ad59a16ea8ba5c0affbe9fb2d976798cb595c7103c59

SHA512
16f79a60798adbd9d8b398eb77db2b4260fd41df8c3dff01a468890fbaac4aa48c639706dcb2923cefffe6428790eed94c9d4af5e14d11d409b5053a1080c4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9fa27c7696c5381c0efed9276fdea2fa

SHA1
b3b671d2afafdcbdf169cb68d0a2688c76e7cd8c

SHA256
3ee496df5636d7a7f803e021924b4452f10a18ec4a47b10eec5772c842e83caf

SHA512
3f3a08e34efdd7b3878cd9ba1fbd4e6a4c3b079fdd5e53d5484c90b8870d9ec6f7ccf6ac36ad280798c943fb6c672eb8a3d7319b5d938936ba9f0524304d1716

Download Submit