hxxps://we[.]tl/t-8LNqwukZhW

Analysis

max time kernel
152s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 08:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-8LNqwukZhW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
1924	msedge.exe
1924	msedge.exe
2940	identity_helper.exe
2940	identity_helper.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 3296	1924	msedge.exe	83
PID 1924 wrote to memory of 3296	1924	msedge.exe	83
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4552	1924	msedge.exe	85
PID 1924 wrote to memory of 4668	1924	msedge.exe	84
PID 1924 wrote to memory of 4668	1924	msedge.exe	84
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86
PID 1924 wrote to memory of 4008	1924	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://we.tl/t-8LNqwukZhW
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd25e46f8,0x7fffd25e4708,0x7fffd25e4718
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15819966506342593624,15090099990420878387,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
107155f13dd3b62301bc105051a3bfca

SHA1
752815ec5b92d41ebde9fafc87b757ca8ee6a84f

SHA256
3250c5aabf5f12eb777c454ea07d38432833a7355a915e58d77e919237d01778

SHA512
4df430d7407abf0725ddd0ac165fbb4d751b92009852356c0314aed3937abd4baae86d646101da60c5096f00c52f4e9c77e2194b98c3bba2f2abbc8c461955c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4acf4cd7de09b58eb3154dc3bedf941f

SHA1
43136b32b02a2d2ca90643a82cb9456ca0683037

SHA256
0660ed88025d305feb1a5acac81b657cf3b3f6f13feb1c1208e1e7b4ecea4983

SHA512
0f94f88a1961ca4c06a7e6da052c893b3d11b11db1de7c78bee2806ce2ad2bc86b985de7048e0e61c741fc19dfe43566681d958b4e25d09fb67213fe8a3783ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
537c5ec08c1d7b05825cd5675b2482cd

SHA1
57248e35b7e08fded5bdff6c1ee429f867c04746

SHA256
2a2f4328937051f13cdc24e6f842197daf5ca5e82da2542c3004e6105435a419

SHA512
cad4470223f01c476089e91a056844b03239254e5208fda209d182bd1cb41a9f559bc96f70d33ba5319f07755342dedc67b50f7db787d55af2910fbfe928796b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
83dcc7be30d874a7da689269970c41a0

SHA1
ba739c1f9f47676d8661dfa636efdef7fbe01ae6

SHA256
500a33bfb3f2336ea7c1bdbdbb76faa9316909969fc8b8ccd46ee18b0d625eaa

SHA512
46f5208ee726c5115f47886884181628971cea7a3d858a13a1de2cb5bd7c941fa85895a6e4d287a1ccdd36d37b16fd6d7be86c4edd1b2dff004077df86abea16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cf6e5bb14a89597b2b49adac5672412b

SHA1
9377ce6dd4d6f26f9b2c0c8e4f2e96ef835e3469

SHA256
5e8d0f1bb9aac67c90a63d2801ab885ae712f4a4121c8fcb10bee227c7b7f683

SHA512
e253eb5aa66a8dd50cac6220c6b8812092cb5ad1b8064d829903d10edf40eb5ef4fc54d7557ac40e6147de65561396a8e821d2ba5ccbf9400d5aabf7728bd7e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8c1af07990a6f60705a5e0c2c1a78ff7

SHA1
f61ab871fc72fef86d25781f5d55cc276d409da0

SHA256
5dde2734b13275cd60463ad333fc00e9be04a9228f10907d153958c81ac0ba0e

SHA512
97d5ed0445215e7473964aed94b8eb1cc5163f994fa634cd2e81f581507e4761ad7c292a6409ab59b8dcae798d7c4c42cb91d533abd20ff6cb7a2eb8c8f596d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f6b6590889f7646167da75f071e31ed

SHA1
252b3ae35ee094c88cefd2a2ade05ac35100ecfc

SHA256
2c81db14cc19a6837ac863d113a290e603d663b0818e0895a96306653582e79a

SHA512
779e6912b0bdaa1ef140203027690c763724bec1234ff0e607253a2071c6f2aa66af8daacc8af9d8bb64e8110a102649f0aeaebee04475669bae60839191a6fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d555d038867542dfb2fb0575a0d3174e

SHA1
1a5868d6df0b5de26cf3fc7310b628ce0a3726f0

SHA256
044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e

SHA512
d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5664eae2e6ddefedf5dc3a01b0215c1a

SHA1
5563079c9c8d5516bd516ffde34156efb74f9a5c

SHA256
9c2e7f9423605e05ba0f23f8c670ff6261468e1b4c8672586ffe26ecc5486721

SHA512
255a1d3e5672406ae727f84728915796f0258dac728ebcda77608f24a07fca046576c2867c402c7a78ae965d3d9c4792dac4a8c52d77cbb13c3278427da19cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c24d06bca8b84b57d36f14f076a23ff8

SHA1
864a23f7e3b9f8df757dbadfac28ed4dbcc00733

SHA256
1d41b2e668e73d8b4f3dfbc4a9d77d26ae77e300ffa6a49a1d9141bb9facc60e

SHA512
c05f4c9887ebeedf8cc7220125fb204ca96f930e8b59c5194de8f1e54aae2032c540fd64b7c1148a6f7a9990c91b8676b1b7dc7ebe9d9777826981660dbae084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fac99a472b8190bb6cb365d002bb8b8a

SHA1
9099434e545bf01f07c31326ecfc69c77a365936

SHA256
74d128a2d4451f0b6465f06f45d21ef8f992df3195688829b5d969f9b06be6fe

SHA512
4a8b1eef79df447343c29e7bc1cebc550399bc4274398b65fb7b1231d126f96f10e3cdc9887546ea1dca0a3c1648e4fb39d80af714df3751909cb0c5cf2ab1e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
65006e7fe8e61b387f53032ac7f0f438

SHA1
bda27d2c1ffe03af06427bc138cda14ca3a8257f

SHA256
ef932686e6534a7964b168baf200f16a997b8e6762424ba1cafa5e7c0488cd4d

SHA512
1410b16a26dcfcc40da851d347e41055dc6d98a8a036acb42b381111a2fccc64f111f717e884057185ab22b3bda1207b08934919bdbe6f941eae76980a3b67cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c2de.TMP

Filesize
2KB

MD5
03e4c3e3c85fdc52023a353c52c38c07

SHA1
7c83967618803131dbea43387285e9100b0cb5b4

SHA256
32112e7c0d87cacfd2f9c4f90f6fbcbb5382406aa0c962825b6d50ee999c3089

SHA512
6ec8fda538a007565ffec99e201b6fe65aa8b1c723f84aab64165ea04927aab5fca4b7ffc959c0f2930168370576f702f3cf91522caa409897f57379f52a38fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1c60a38be1b139ad6e4807d130ee835f

SHA1
b202b245433206f76fa01e8a4876e8dc7f15c86d

SHA256
59bd302fd212d31d47c65155925c3cd24d1a317cd9b673d6e84e504f5cb30fa1

SHA512
ff0b355d7a5724d21464f806c19c28903513f24c8577f1e7045e9bc38c26dea2cd0828ed5f1dc061e6156d1bed91d7ec8639694ca25dd884801ffd6aeb0c809b

Download Submit