hxxps://assets-usa[.]mkt[.]dynamics[.]com/9923b715-2c83-ee11-8174-000d3a35772b/digitalassets/standaloneforms/409e537d-5b83-ee11-8179-6045bd033ad8

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://assets-usa.mkt.dynamics.com/9923b715-2c83-ee11-8174-000d3a35772b/digitalassets/standaloneforms/409e537d-5b83-ee11-8179-6045bd033ad8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
2764	msedge.exe
2764	msedge.exe
1444	identity_helper.exe
1444	identity_helper.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 1156	2764	msedge.exe	29
PID 2764 wrote to memory of 1156	2764	msedge.exe	29
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 1340	2764	msedge.exe	88
PID 2764 wrote to memory of 3040	2764	msedge.exe	87
PID 2764 wrote to memory of 3040	2764	msedge.exe	87
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89
PID 2764 wrote to memory of 1288	2764	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://assets-usa.mkt.dynamics.com/9923b715-2c83-ee11-8174-000d3a35772b/digitalassets/standaloneforms/409e537d-5b83-ee11-8179-6045bd033ad8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffab3746f8,0x7fffab374708,0x7fffab374718
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5847732542756602253,13324864491098401188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
bc15ec44a1d502bbfefed77260c3f0ea

SHA1
8ff12bd1cc8f515f71dbc9134fdcc6334899b54a

SHA256
150cb92666c87ca15caa184cd0f2d3430fa5fc8b65761cd0cd880ab9a4ba62bf

SHA512
3f437cdaa68aac7ff027f6f3481bb28e326f7ce66ff22e92399f19a2bf11dd652d36bc00b36362c49f23a91d3744e643cbd3e22a1fa829ee622d1df9ca24844b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
779e91197943a872a7522c70af91152b

SHA1
b94211d051b6fe7f7ba3d26b9cbc2def8ad2c55b

SHA256
a214ea2ef228ee2651aee23d85148c229e2b0b4410378618cda25eb0237e6d41

SHA512
98cc6b8b214a1b0faa8a3fe23e8968373eb18a44d91726e4a9fe3181c8c2445d5dd3e55fc794b847ebf5af9360672e5d3c3426bb63bfd935bc55329e16a087d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
299B

MD5
670ede0df4058c9891ee6eeb124baeb6

SHA1
db7e917a4532155bc6267bdf3c0353f4c405315d

SHA256
1640357a9c47099e9dfd8fc89ac80ab6134cbd990136227e35310b522db877dd

SHA512
4dadbe45000010d8d2fc638264768752cf4455acc3d8a9bfb287c40fad795e9021fb2b16b0461955c223429ef0bc1e4432acf1bd4bce990becad7aeb7758e8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e8fa88ab1e065319bca1642743d5eb36

SHA1
7747c1ea3ed20587d37e047d798d0e87cb2e3740

SHA256
77eeba2d1194e51c33429eba35b07b8a11147142881ef101bb0f4eaa1ce39d0b

SHA512
279dd77d41fbfc430f6106294513a62060a9b71f197aece5b754c4dbc310c73225d7c4581655b967bfa3c5bf4c1e90222eafb08ff5130bb15787db644cf5fac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
516e5c04263f87174d5a96ecb9b4639c

SHA1
70d4e9601aeb7bdfa540754e6a053edd889eafde

SHA256
9b98c691a7658713be6a3992f13dc545884799a6d3f8b932973e8dfdb95ec421

SHA512
81d45e9855a3eb2be7860ccc3d44c34cfa4ace10a479a0273b1a5f317ea67e5b8fbbdb74bbeab1d8377b74cff28c9f7aea5aac5cab44af50a3a4f75eca532148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
469fc6d6e1abba7b4f48779d4154f3aa

SHA1
fee9398d925bd8ca012afb3c6621450ec05ad15f

SHA256
688321be3ec89056831a6e59df8a2c7965bef51116e36c0ea5f31e2563ac266e

SHA512
82937a1b39fb657b0474b1e36cd013b243e48c167e21ed833ced250488b8fb2b6aff6b6c375d1f476768f5f3c84d85265b0519503da3eb20ab6914746e438898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
cff258aa35961768db902e48699a9396

SHA1
dd03e1d42a881875695e54ca1f42e633d00f5fd2

SHA256
19dd767fb80a7ffeecea8967c57398888d1f717a7f37575ad70f0a861e7f73af

SHA512
115fc309ca8eb71763c2a2302744712c900b91e733515b2c3827ab0cfcdebe95b058af744621d164742f41ee474b135c2ab10e9145c350bb1d76861c380eb7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
7f093ef14ecdff831053a743627b4c29

SHA1
8773bf87e3ad2343279bce3501c9ce82cd7b42d4

SHA256
dc138937a78107005256ddccca8170a1b106199a94f2bacc819d393cca39fbc0

SHA512
7fafeb30fcd41d2f37d574281656a0c40cc29c527f32fe409e79c6f6724a384a4d96bdd9f88aa70406b55494d16d91ec14fbc7b75e75d1a4cdd56c5348cccece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
ad0332618c5f6471ccc22080243bc61a

SHA1
5794e865442abd2164d9c596af17f685d5c59f87

SHA256
80f13af62a2e1b6177349a58864f1cb6f12acd62d9729894506915978f42318c

SHA512
38de5b6484e329241e62b49545c5c464f3e3b5ea19e8b20170a00d412fb59ae8eec1397421593e30c4f6975bc539ffe57ab9cdad6694a0956c38178a7f951098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
b8f9cf3ec8caf490f7af11e2976eb287

SHA1
b53413942e70ac1ab821b15fb650dae811df466a

SHA256
d9e5cd35b27ed09376d6d94ad75588f8b8b089be9127c88961511c8ad5ab2b7a

SHA512
bf99d58182e97b9b2c5e82dbb563016b8b9607873f666d31c9c267491cb82a55e89f42221c7215c5796ae211cd8b6000b91a149e40edb72c8086487d8e800a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f8b8.TMP

Filesize
372B

MD5
716161178f5dd8b497fc2f2e509f393a

SHA1
47900fbe04e8c3918f74b4600adcd9d051fa0da9

SHA256
6c4af93188aa10f537e8f3666c7f81b665b5ab4f14bd06d1cb69f33b222ffdd3

SHA512
3dd6be921d5203ee39b2af861fbd10243fb00a1f7f914757131a48a6ae2f174d9e706bd21d48239740454276333dd752d10d8dff4cb87d47605c87eed961c3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
68f77fe180bd71c602a9e25cf7ea8b94

SHA1
75ec3b3aedd30a4eeeffd31095f9d83c3d0e4769

SHA256
5cd76038d624069d6a74939370955b48a64ce179dbae5ebe59c10208cee37d17

SHA512
0669724bf901fe4b83c390af2e57ff7438306d3c06d47c1dd141350a7fb4d58f3cf54cd08628407513a1ddce5b8614bae3c03660e7d87e7c8f77556e884fef90

Download Submit