hxxp://Booking[.]com

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2023 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Booking.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
4932	msedge.exe
4932	msedge.exe
3704	identity_helper.exe
3704	identity_helper.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 4696	4932	msedge.exe	86
PID 4932 wrote to memory of 4696	4932	msedge.exe	86
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2784	4932	msedge.exe	87
PID 4932 wrote to memory of 2428	4932	msedge.exe	88
PID 4932 wrote to memory of 2428	4932	msedge.exe	88
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89
PID 4932 wrote to memory of 4992	4932	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Booking.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecb6546f8,0x7ffecb654708,0x7ffecb654718
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,14179016441637937336,15031793880854781795,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\31619a92-edd5-40ba-9225-8142b1d8363d.tmp

Filesize
5KB

MD5
a6ac43cb9377800b81ad2a24f23c8acf

SHA1
18cf8b6a27bb05bbfba52e0064c7d79d92ef3d36

SHA256
ec068ef49566dac211d4de4f032d8f923abc4123a664c34550231466136c821b

SHA512
e6e59065a8f70d347b0a0c0dd4f0e29a1a0e522b4cbd4cddf2f693de2ffb31ca3e356e9ff7dff8809df215e6364cacf95b608407530f3b40b5f84cbc72c8e63d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
184KB

MD5
990324ce59f0281c7b36fb9889e8887f

SHA1
35abc926cbea649385d104b1fd2963055454bf27

SHA256
67bcedd3040fc55d968bbe21df05c02b731181541aff4ae72b9205300a4a3ecc

SHA512
31e83da1ac217d25be6e7f35a041881b926f731fff69db6f144e4fe99b696a31f9ab7766ca22cf5a482743c2a2d00a699ca2c2d67837a86c471a2dd3bed9ea1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4bd237fad6273aae94da4ef966a82b24

SHA1
e537769f2a615fc276876ad4f4a11649ef8b850b

SHA256
36787b28cb2dac0ecbb20ff2581934c89e1076c83cb18a6c520fa5f8c4d647e4

SHA512
44b0e9c51ea108e86c486d13f113d40a6aa6fc9c239039a87bfe290cb405ebb6544acc55cddaf3490ff219607f247603c7a0fc31139a3a2401605387743f796f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6e4bb6454c318c87749f3aad4c04e973

SHA1
6ac80fd82deee227e79a98f12b9dc92bc2a06926

SHA256
b504bd06d8ab5b9e6ddce359b7f6a86931552d996d974612176eb1588578b05a

SHA512
361fe99010941186b46243654481549e6397a1c3a5b6fed16d0600f335cee5918f751f6060c3a59f951d23f0de928c19f2ec91ecfdba595de16159ccf0c63e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
595f1e9872a3ab7e56af37bb392d4f2f

SHA1
efc9a353224101d886c3cc59923b23e16b54b5d8

SHA256
9eb4379dabe01a32fe9bbd94c68ac0750c06937fa15144deb9256c7e6a3fa50a

SHA512
eb0ae97c7204ce39dd61cdde9f8d9c642923d16d5a84f874ab2fa2410350e48f46fd7e893d9e91b7d2fcf4a4e36acb485f1b194d3e4e3cd2d29f1fcaf587f130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a23bba35ca3f1c2d56fc1539c55e0f3

SHA1
88cf26d914ea424e96032c32ad23389c2eadffc6

SHA256
02fe5531d5c5b45b3a18a1f3f85eb9aec0f3c92d5aca53c49a6e2fcc18bafbe4

SHA512
b890370722c0acf81e3d2552db7b8f96f5582bbe304d25203c6ed5814c052fc190a320ff7dd8980a8ce2ee3f5cffa40bc84ceb2d553eb0788a188679be87b07d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a8adf2722939f62a6475ae59fb57827c

SHA1
b596024e06a2ab23e77088d388fd0feea4c86b0d

SHA256
3a622eb6ebb22dee97569378bad427945bf1ae07fc48d94e933a69bf9fcd83a4

SHA512
8d5becffeff5122fa649eee3e37c65317384ebe15fef500c68296d530b6e7ce560460ea16e369305852dee4b132a7a2b7c84da459e4f5c09955fe0c8e6fb164d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2524cd12423f91299d2925b901f539dc

SHA1
753d44ac7b603fe52deff33c7d9e66791ce2b66c

SHA256
0508ad6e566030aa1179eb0934f6e942058317b10813fae963a79aff235a8aa3

SHA512
510841f0894bf38da634adf0888b9f5d7c37b3f9f714d28f8c5694c79964a111e121285d0e8b15950ba4bbe62abd7658d69e2d865a74801b1b956a3f685d4407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7143c5dbfe87e5980034f559a02177b

SHA1
5c025cfce54721c533539ec34e77ab8033429b6e

SHA256
8e9e6231ad6d7cab397eeff0ad145a81596ee9c304f30aa49259bf517432f432

SHA512
8762106b9ea8990a4ef0c0cad4c891e8a05f627141dcf5bb01223b359ab7b8cccc67c276cc11e727e0fc00383d535492d15827e66db35effd682007415aa8e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5838de.TMP

Filesize
1KB

MD5
360468720ba65c24892924f979f9bba4

SHA1
3763dab0e5ea804bd421efeaa365330c94f28c8b

SHA256
5a392e286f4a7706ab4c13d297c5cb9a81cf38b57a9aea5d9c216a3387692258

SHA512
4394167a70f1692fd5d85fa591b76ee1c1e3bd280c53bb17c724709197a2be8fd695c89d7d4d51f9b20b3bc74ac9ad3b6aa28ae61861a42d123663c44942a2bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
acc43add1fd6977b6d94d4e73d6e0e70

SHA1
050b227a43bcee358d1cbc4f25d67dabcf71cc3e

SHA256
3c124abd2439337ea408a82d5894d6df941ce6466cbefe0a81d0e778927a1e87

SHA512
0b5e704f1766233e593f3bbded8b7c266e23e757757b739c202b9fbef02229392644e62706f353e4f8d9f6c21d12925e8c56904ec0696c68cff29acfbf68ac2d

Download Submit