hxxp://go2[.]logrocket[.]com/NzQwLUxLTS0yNjMAAAGOoGapiIbeY7RUW1_2T8RBCMh0DPXZmYrF-7R4-DpPcm-rr8C9BLRUFTvuGJTiiTwpQ8rkMBs=

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2023, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://go2.logrocket.com/NzQwLUxLTS0yNjMAAAGOoGapiIbeY7RUW1_2T8RBCMh0DPXZmYrF-7R4-DpPcm-rr8C9BLRUFTvuGJTiiTwpQ8rkMBs=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
2504	msedge.exe
2504	msedge.exe
1412	identity_helper.exe
1412	identity_helper.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe
752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2444	2504	msedge.exe	86
PID 2504 wrote to memory of 2444	2504	msedge.exe	86
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5020	2504	msedge.exe	88
PID 2504 wrote to memory of 5040	2504	msedge.exe	87
PID 2504 wrote to memory of 5040	2504	msedge.exe	87
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89
PID 2504 wrote to memory of 624	2504	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go2.logrocket.com/NzQwLUxLTS0yNjMAAAGOoGapiIbeY7RUW1_2T8RBCMh0DPXZmYrF-7R4-DpPcm-rr8C9BLRUFTvuGJTiiTwpQ8rkMBs=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff880aa46f8,0x7ff880aa4708,0x7ff880aa4718
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,11750730439540405279,6631105383997210749,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16c2a9f4b2e1386aab0e353614a63f0d

SHA1
6edd3be593b653857e579cbd3db7aa7e1df3e30f

SHA256
0f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81

SHA512
aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
0dd0c769796f55bdadb9a4096505fec9

SHA1
2f667aa2df84dbfbb550882f21a23a303b49f3a6

SHA256
9c4e3574ce0ab83be56da7e5129e371f7a10a94ded1e85e5a6ab811d1c6bd645

SHA512
e61857ee077ef4c39a7f6edfa25a75ecb9e386b527fe30f2a7df76f5f6e27c213782dfc5944f8b7743c50f79d4eb40de8887a93e4639c7c2f15e281a4b31aac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bf9dd6125ba77dcf99727702f0fb34f6

SHA1
bebb5e246a6cfd0643899eec9a90ac60e95475af

SHA256
3eccd862490a01c48ac206694e6c6c2751a807e64ed87bc06c82ae3b537a2367

SHA512
82ad6faf06d94ab0e8452bd2dae9de5e6d837206507e026f887fa9f90de104f2941554cc655ef9300d50e4e90e7d03be0f7abb2c35262a6b07ffcaf807292a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a5e31efd437a9c8e6494dac972bcb7b

SHA1
d1a4a3bcd22849364e26d19915f8b0484b8cf805

SHA256
0b805b8212cc70077c3c2220d23bf8b7cb961b36ee91aaf0e1881ab07dd19d66

SHA512
9df87c870968ce709541a62292f185078fc4b82be834473a49e0f48c6038a95e4f1fb74bf31ed6c77e6174d222f2cc0b46eb587df14c71a03f7e1392beecb641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ea781ba4ce27b37531d9fecb1e66b4a

SHA1
5a77eeb0888178f301d03d718bc6fb255693e64e

SHA256
d71b0bb4008b6260418181674f58063c0be49fa974f4a49cd6ea5540b34ca16d

SHA512
a6426855176cadbc70efbce1e499f477e32b905e22806e15a7095e3d643bea531ba1e17046111ba808d83ce00569900fad3479e6629b9773a120255270a2fcb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dfe8452ea1392e052f03fd925b97435f

SHA1
6667e3ed6ca3bfb0c860c86b8659e0ef133178ae

SHA256
86a8386fa8f640b481eecf7e1dd56c4ddfcf7b4f8feb9019ce4f4b6c0564a2e5

SHA512
597c6398b1d78e222fafb3769f47f9d8b6972beb71200b52a53fd3cbb83bb06570bf030199238c4da7e26c71a6f9fabd8032cfa2f7550993af08322f2a67090b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
e1ef2d15aff2ec039f84656fa87398dc

SHA1
852daac2a7b8838085ecac3b5c8db5d2f704cfdc

SHA256
6fcf5f37130cda664c84ff4c6b21c60a823f85fc7ebe9e1a6d2309a1b8545dd1

SHA512
f9d4d4a06a0e41eb826bdcda63c12ad64119cd92afc18ebb165e870e9331b1c5b666b0aa8bb0bd98773bf01e75200a8d3c56327cd7dcc5e6626da8b3da900731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a579801580546e47d0ebc5f3d12ba242

SHA1
83a101db8fcd703a1c918eaf477668e56060989b

SHA256
ce5b3a7caea0a2789b212be104ae71a1df6f859e693e57d98b6e8092d72ed146

SHA512
34d6a63aade888bc52355cabd4cf74e225d5943b3458975210d3c5baf1134ba05b86bc0c96f8d2e753e2ddd5084b75acf6fca6686f9686bfcd504d655d6c27aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
0ac247e2bd22121735d586ec755c8d8b

SHA1
8011f51f04a5285f776207cc61c55ab89cf630c9

SHA256
ae59b6bd553753b651ebc9eaedcdd0648c5a04da4c0a9f11e7150dfbb93bd6bb

SHA512
a80e791ef5dd223bed06878f504ea271cd7590088e03bb04197b0acf5c6c0d07757f9843ed78e85c5ddd4f2b6bd8b121b1a0fde85487993aa4a0e106d52d064b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
75653f3b8065f942f198ca2537647314

SHA1
c431701e2be741f7ed96646c380b59f250c2f387

SHA256
62757281655961ed659b7ba9942f1c6247295c8425b929d5a4d591f0b7bd845c

SHA512
f5e2b67e341ba5a636f41796031efe95f9e0d1457052bcfcbb77751f0131d5e1014eeb1273897c8354979d8f70e6244e110ce1597e2b9002805261219ecd7e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
066c00ebc8b4305bd196971223f3894b

SHA1
54fb2d8f7e4281d702096d88572e884f1cb11bcb

SHA256
2843b5a3a85ddd7f984a5c11302c4ff7fd61f3204f43f203780e3168dbd2c12a

SHA512
50bedd3b4dd0cc0ef691b397ba2b29f3e0206008981356131d433d2c7fac471f190eb5ea54292109e6c213596ce35b8f6ef24eb699e5f2bb3160770e50412d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
ce0291b64e157104c0141b1386d0b793

SHA1
d3513949b4126486182df7d3e07849e5178ac350

SHA256
2bed7aa2100db6cd72bb9db7a45b8ec73db7d80765d29e7764139ee354afd511

SHA512
ea80c5d0a8ca66bb81aa14589cfc5e6a9ac18958fbcec37ecefd31c727507c495a029fa57ee7cb21d2c4e48dd0a28893ee50e2e27b8a98e6703e8c0b625041e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
991a50ef747df545edd2c6df7c9ed7ce

SHA1
709da545e45668df624c6976f62f6c496c09c912

SHA256
4702cbbc2bef2f3a23bd40060e06e8b92d9bca93c17f5ab6c113630e3deba902

SHA512
44453ad6016150938b368ebe04906318474bbe3ac3b74ace9bf6e03af1b1252ae82e3a8e854a5b7bb64c52f7480b0db8cdfa55a7d6d3f153fb617dfedef0aad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a459d4301740c98b1b77cdde85c2b56c

SHA1
bea26a905e36034058409f74ea085ed38409bce2

SHA256
ebde37763a96177f25c40750ff94816fadf858a4ef1682c00bc2985e2fe2c500

SHA512
0f1c09709d20f5aa0bb425b0e0699ac436e6739e134e6e035dfd33d41a2b0e432d55fd2178a71e7e1767cad145e52425241c653a43ad5c07eb924ed6372a5def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5856e5.TMP

Filesize
706B

MD5
4bc14972523274632d9f0404d9cf9b21

SHA1
72cb6588376f77f1dc1c131d45b9e24542ab96cb

SHA256
6b25ed4b242834a0246b18dc1b169b076bcf4e3e1f6cf1b052dae377ad144ef2

SHA512
f07ba2a525633c674daa8a618f69f31144279699e5b9bf36d2c1660e8401d68c4a0a31d47581101dcf157bc922fb7b91fef9a582301a0ad1ea14dc633a683de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
5d87847fee124dfa3759bee8e4aea065

SHA1
dd2b8566a85cf2f91493d431f2ce4c011af96e1c

SHA256
f6356ed608018e9d832e0e61fbacba806bf96857cc8492f5abd453bd7324fccd

SHA512
b9a09fbbf7101bb227040ede9eafa29b618769fb74e734ec2d5fb50d6fa9a84ecea61699ea43bd822ba65c78d3f02d324e44b5c1165426ae3c353fd6306eda71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
1cbb47961c194c19fd27cdc5a1444767

SHA1
2846a7469ed8fde4764b2be5b624a89ca8ff5a9b

SHA256
190b798d4d329e633d465595c758121f6aef3175d6e985a04c549a0eedca5798

SHA512
3fa5916656b1d37ee86c9632fb62296531fbf3ddafd6b760fb7c6cd9bef14e7c8d8bf57b8b619effb3349068a7f9effa1be1927dca9fa6b6a02913bb156676dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
d436043871ef7f163e5008180a173b20

SHA1
a3d0a3b36bb852ce19d0073f9ab83231ee21ecfd

SHA256
8143a188a882ae2a46dea7bb34708c2897c4dfb683381cbd6193c06455a7a23f

SHA512
84ea24b1bc29b9156a9cec88aec22c9bf1d97dd7c553990c72b7c511dd5a8b2685bde4162d4bae987145e86057a1cb52423468e2221e1a9e0eef7f19ed8d3b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
5KB

MD5
c8216caf1dc52168071d5ff61d8b9d96

SHA1
91ffba58b0cf9b933f592a0d8ee8a8e367c7fcfb

SHA256
9c86b69c15baa1e615169916fcbb40953de7fe166eb99137215a1312e33015a6

SHA512
93780dda715423344f65a37ce600dbc9bcfefb54ceccdac8c8bb176d8672c4e60b0e65cadb997a5ac540764f0db77c8c1783157a703b01b911c843daeee9c03d

Download Submit