hxxps://www[.]reddit[.]com/r/StarlinkEngineering/comments/phas4h/starlink_has_published_ip_geolocation_mapping/?rdt=62909

Analysis

max time kernel
1048s
max time network
1046s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 23:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.reddit.com/r/StarlinkEngineering/comments/phas4h/starlink_has_published_ip_geolocation_mapping/?rdt=62909

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
4132	msedge.exe
4132	msedge.exe
4068	identity_helper.exe
4068	identity_helper.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 2448	4132	msedge.exe	88
PID 4132 wrote to memory of 2448	4132	msedge.exe	88
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 4196	4132	msedge.exe	90
PID 4132 wrote to memory of 2224	4132	msedge.exe	89
PID 4132 wrote to memory of 2224	4132	msedge.exe	89
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91
PID 4132 wrote to memory of 224	4132	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.reddit.com/r/StarlinkEngineering/comments/phas4h/starlink_has_published_ip_geolocation_mapping/?rdt=62909
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6f0e46f8,0x7ffc6f0e4708,0x7ffc6f0e4718
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13814345294379716923,2476831564758495616,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
760970b599ea05621bb1abc105ba643f

SHA1
7531ee04d38206a6bc1c03154479c2f33102a136

SHA256
4efa4f55f559503363bad21929ec2492e80da620ab7db843b8a1179662556120

SHA512
00a32377dbb7bd6a363395807c23fb3be06f8b913388102bf43904ca1d33b01d81a06bcb176b6ea7f49606a7b034a8c6b267f5799cc82339582ca541af569a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
876B

MD5
18895c78eedcbc34d22b5d379f685bf5

SHA1
aca743f946a85307dfaeab7f8820d2569bb7b1a3

SHA256
f8a1f62faa0e415ea9a461c11fd9451001f9bd28f22aa55aa3ac9d1e30aa29aa

SHA512
6e026f64a4061793829002962c50bec44d5dd0878f7099c3faf68e24b4c72f038493db21b4b3200d0bd8d118863e51c23d240e5196cecaab86d16ee678bd2d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9cfcfbaf4a3421777e06f248c2fd08b8

SHA1
c7ee54b42ac83897343d6578ead1d408ba8b1e61

SHA256
bb5968d6da2a4eb29306c8b75dd06b583721b6cc9a17a0e288b7fd4675a07db7

SHA512
c0c298a8cdb4a67e5e6ad439269eea1e238ba4f3c9f817c74b796708266041ae08b0cd92947f606fb7c9f453dcfaf0f46fd5625e1d02b1f7d8eea732a2f68a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
90ca3afd66ccad252c294a69de7b70aa

SHA1
d17d03eb1b2749264a31756c3f88e7970d5b4636

SHA256
2cb47b93994cd0fe60b5911301d67fc61a30ea7c7bc8286ac50ad0404a0e894c

SHA512
dcb713d7eaae2aceb4410df49c7759dde1ae2da1a5d03a3aaeff480fec0641879eaa88f93b9c3b5b1cd2cef6628f0293a07ff928a4bc350de9b858f9ffcf2fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b67d48027730f2b2b99c2bc875d9b1a2

SHA1
2b685e453706b92e0fdd39219fa4e61f60af45e5

SHA256
ecb3420a18758b804300f600405d1c1df3f5bb4f2d7b627b1640c345e37d8812

SHA512
98668cc44fded0f24201801e5b1b893e51cdd323567b82eee9b0b23db7ea820fce3c7181a1ffd3483432d0a58a9d718e2646872d8d0238e913bc5d1e76051d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
1c1a5ebd3c9022fb0018ee40a925ecbc

SHA1
4c95800583ac149ffde9bcadb000ab6c9d66d7be

SHA256
a404d02f05bf67974afac5a100b4f0b2960642d9d97718da72698523d1862fe7

SHA512
eec2f057f8d96c54891c3b1f5f9544c1a1969b7da294dd3695df59d61b615fddb4802c422c46db3bc1923659f3dd7ef0d6703da38bf3d1f9ff10227980a8d118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
531B

MD5
0f6333408e615fa9ada8cfb87afb2a8c

SHA1
f8196730ee6b18f3ac4ab7cd402eea620209a227

SHA256
75f9dfe19d81273fd34b2f2382a1251c8b5fb433c2d1501b3f43f2ec85235675

SHA512
eca19e4d85b7c5b67c690b71968455ec374bd921eeb1532cf15ead454598f7870d752ae192b5835d3417fe52819be356be402f6ff4ee243fb99e106b50c07341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
7241a01506a5cc9d3166d0619b94cb7c

SHA1
7445b7e3576a808f18247c4c1819b2f0a9540c1b

SHA256
bd31cc2e569013a52c5b3f6289045136c887ec761c2fb5f5b1c493a2982e1f65

SHA512
7fc7cc50ce2400e047f2ef5f8cf5e7f653a350fe9b4d583d1672c8e73f06d8bd58609afe35428b4c37299def219c699ca76f35aadb9e184fb8a7a0d459f20503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
6145e0081fe01748694046c2eaeb62d9

SHA1
47e7be0df908a1679ec64ce54e4c107c4dd222e7

SHA256
ba0b670b52d749b916183a03ea958f8321b6a10d5c2642fee9b2ceebb4e9c020

SHA512
715abac437bf05476de00ec6efbbeaebeed2bfd4c2f8dc3253df1906b7b51c6853b478d459ea891812154419bcabe86668f75e7b39e2d62be66aa0f9fb217c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
5a1b0ca27f530eed8389c47499db6932

SHA1
70268a5075f7115d306e5789a53d057835562a29

SHA256
0979e47704cd2fd8e75958f0d2a54aed0aaf749b3d6beea154042b53328801e7

SHA512
72b708e345492eacf3a39291010b324159379461ac7498f86ddfbc1c8a39eb272742329a2eb7b20e90fd9729f179f32959a3faff0dbfa252381f06d511fa39cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
873099c3a6ee47796796d2d29680e991

SHA1
a170317b5b2efaa8b6d879c109e475b6e65dc841

SHA256
2ac2af7e019f505be0cfde73a89c5d32c0a395fe71d7fc437ac9eea7ef0bc231

SHA512
7b141b8bc26522a1db9b708f9b1756a65652c077fe3a603614f98f43e520bdd8309b508d5317781e155009d5d0515a659d11fd8887a59e65fa5558786d664658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
b16fd9dc9428010937534b71f8ff254e

SHA1
3b98fa1e7c218108cb5e6e4b531a84abf804558d

SHA256
670c395e51e6375f8432ad9e4c90511e45716bbf148737a3e06c9ec8e9a44c79

SHA512
c10851416c7e8c274d60aa1d80e60e667e20d47ed39e3a8fa4746e1e1af6ce8ee556840169d1dc3d7215e7bca883d0cd67fabe56eafdec823f36d5b791f81c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
1ae5061f4aea9c73b5af7e7c7b7c127f

SHA1
8f1d3839a2a80945243dac4237b2b022d0c35a23

SHA256
3e3b141cae476de7d26beb1708340273986c0c24da39b8157414cd40a2602438

SHA512
05e4d31f7f8f9d429be679f0fbfa303d48c71fa03493a06c50ee65f78e0916e7e1e35ce304d31f157f8548cdcad9e11e09038aacdfe0d9e18b539f2d8b3b6518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
33e3e8b5fcce6496955bfc3b15ad3afb

SHA1
18481c239328e9fc74903e91744183f96713de0d

SHA256
186eb39571d74a29d46c2b1cf9102912f3b71389a10ede61fd7c7e8638c0134f

SHA512
169f479506e0e03e46e3875b6a378b50a1c136630043ae3d920171eeb2c5182c1b79fa6cbff857913623717acaf28e09e748084bc0bb13b8aa3516f5346fd9e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
c40974f3db448865453da716ffb76337

SHA1
cb636f246cdd685ebc54caaae9a8dda0c11fe503

SHA256
d57f97f8de53d5cc11dfe913e9a83c3fa5ddc66efebffcd8598991a6994cad67

SHA512
7d28a52e65bd048ce144fc42f1ef70b60bf4ccdd9c9da2da58136fcc2dc658f55e924c91e636a152f816599880ef130bb83d7b198bf12ce6654161f29b8be567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
48639d3cc1195b13e66f9e0f37911829

SHA1
79859f36ee5d7062015c4ec6a1814d2e5b185fa2

SHA256
cf9b35f287d8a88fe11208a45a38ddb52f65f93cbc24d7dac66bb2dc674a8d3e

SHA512
33bbab0291eeaa925b9b22dfdaa31576773c350bbe384d766f530a5f10698685f825758c8862eeac09f9d990081361b2074ece895d9621039cdd8c2f299ceb0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
b8fc4eea3cf0e91594efc1431776a432

SHA1
45b8161c67a18cbfeec67ec41e2e89733702e7de

SHA256
8aa72f5f173233b4be5fff24f9074e4f07713d45eee090e1cfca06c441e4a875

SHA512
b4a70cf71560056669e80c30add14b57ad75dd2aa507e4d06b67aebd366cd2395775876c5052f8e7b12c772d6062b8372f93b13ae9b170e80d3f6e9a74bfebcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
21e2858e0bcd7aa6c661c7b362437ceb

SHA1
bfe7d5141cc9bd7bf158c4439caff5c07944b49d

SHA256
543fd9b84524017fdcd4766d2415dacfd017c6a9309c975c7992fd675c51e58c

SHA512
bad195f0b6f5f305f037cd6fa214f5a7343bf7721506520b179c0b84a6ee9725702a855e6a8988afb15a7fb53028400a77505963890741136ef1ffc9c2cc6094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
608b1dd29cc0ba518fb6a07b4a4f2480

SHA1
55c913feed60452017cf6e7af50b3e8586a9e817

SHA256
e28ffe20c236405371a675a9a6fa7bc2b1d38c9d9be51d1dc5230c72a205050b

SHA512
55ba8fe520cd033dbd0029b10881b916ac3ccaf9e2be62063a68f0222e07c3d3f760cc0c21ce81c5910f0454b85e6f488ea1e73c7b74b2339e2502160ebb9060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
bb10f188285d68e3316624fd92fba8be

SHA1
c7bfcd67ce06d9fa09d7147b76142ad64cb1a1db

SHA256
0c697d06cc468265707fef69ec34ff915c2bea46e17daf3c3966e56302d7bef4

SHA512
a1195190ae17abe1b1dc7704f6ae997a1e2e63271d421bcac28f1e3a2149e6dcb19b88b0642dcd2dda848b8c6d2fdaf2224e9786e6639f57e780921269c10137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
531B

MD5
104728eb50b7928b91742495f4eb76e5

SHA1
59b7d766c9b3a80ce1bfa266698933369eea14d7

SHA256
7a2cfd8b2c7b97300a41c2061e74d0af2ef6bd1f0d44a167314ff618f9a57d84

SHA512
bc13f0980b927c818e90f5342d2bae79d0d361d4d07eb672b24fdb7c1cea916322c95e538625cc9d6e5f4ddc1a08951aef44c6b87e767746c9c61b3a22f423ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
bb90adcf1dea385d4ba49a65aae883b7

SHA1
af3fd00a45d4876972e7837f9d008a0aeec13116

SHA256
2f22346d64339b21df6c60b3ff06a6debc6de0e889dd9531ae626cd599a0e81b

SHA512
5c0af4294d68a1a2fd2a959bcbcb6bd2f7c227169764333a74238d0f50978058f70deacf9f4ea09992b546a61280004dd6b9bbc431b716f3995973c649e3f18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fea3.TMP

Filesize
531B

MD5
88fa4f393252083cc53216dec4c66cd9

SHA1
1dbf3cebd9899e386cc6a92a0c8eae3bfb033432

SHA256
f8df98b46e315b209732246baea43f1c62d5f7b2c50b2d88fc24198bfe87d576

SHA512
24ea2d430f34cd9b427d40e395a6e1b9e535089056b8e0274dfe621784048d3139a6cf582ea1bcc097af31c17e2c207f108db910cef25b3a223ea51c7d19d668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bf7dcca0ab53870537ccad6750392113

SHA1
2e5299af05f30a3933e7a8fea9ea5fa0746ec99c

SHA256
1d01cda18eeb16ce02d529eac05287afadd2bb25c7c6fda7a0a9ed177c4daa81

SHA512
3a14e3445fb2547a5876fcef853fb11697108b18c5f2b0e36ba2d7cb8c7b3b5ca1367ebbf9a0105fc4eccf9884f3751a0d0b91e507a650d8069f6d8248a25761

Download Submit