hxxps://assets[.]adobe[.]com/id/urn[:]aaid[:]sc[:]US[:]603a9915-78db-47c7-97f4-ca3d64d55656?view=published

Resubmissions

21/11/2023, 06:40

231121-hffm9ade9t 1

21/11/2023, 06:11

231121-gx2rdade5x 1

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2023, 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://assets.adobe.com/id/urn:aaid:sc:US:603a9915-78db-47c7-97f4-ca3d64d55656?view=published

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
572	msedge.exe
572	msedge.exe
4704	msedge.exe
4704	msedge.exe
5244	identity_helper.exe
5244	identity_helper.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe
5392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 768	4704	msedge.exe	61
PID 4704 wrote to memory of 768	4704	msedge.exe	61
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 3644	4704	msedge.exe	87
PID 4704 wrote to memory of 572	4704	msedge.exe	88
PID 4704 wrote to memory of 572	4704	msedge.exe	88
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89
PID 4704 wrote to memory of 848	4704	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://assets.adobe.com/id/urn:aaid:sc:US:603a9915-78db-47c7-97f4-ca3d64d55656?view=published
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9407246f8,0x7ff940724708,0x7ff940724718
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17973702467606532718,10378245887708713434,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
da6f916aeb8003ce1c2d4fd3e7992a08

SHA1
86e99d906029535f163e13e8de0fd9e77b83b8c1

SHA256
465e528b5691e2067b59e5101fc345006309e2877a49c2be3370b394bf109159

SHA512
c054390456e92fc37a0e280b56ffe09aa80c5882f3ca7944a8c0077a994e4eef16aa1835c551818e5b4dea5dab5317a9452eaec05cb2ccfb040c21719723bd8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
024240280d126aaba48d3d1c14267de1

SHA1
b50cc6ff040ff2473425dabd5943d91da2da5af7

SHA256
f41e5d1eb97a8be45990c46b779ffc70215eaabf9416ae1fa36afea0c4679a8b

SHA512
0d06baa61f75faeb236a300dad8fafa9428521f40458cefb2d5156380ec0742647d23b1356e27015879ca28f0699df959d86ddc509cbcd8a11c0a47f8e1d0783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c67251e9edfc327226be91e228bd9a37

SHA1
8b7c79bf289aef2134741016e1b91195a1407151

SHA256
54f0feca7b0078b3f90d621847bd8d4c2867678f82448afee11bbc7fd822f506

SHA512
169f6d85a1f4875986ef66c038ab3835b9c9a9dc1b2eed1eca9fdcb01324341e528c05815416b2a2d1a52c0a0965b962ff76d734010b57b96f9c1e95d4ad4152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a9542ff290049151cd4088d2565cc6e

SHA1
19869295cbd48470d5a04bc7a091ab804c7fd774

SHA256
ebc8ece747469936296e94c117346f0b3ce8f13c681be7d8d50b13de410b3c0f

SHA512
50b55afd3935f8f4680a8712278b061752d804b6097e38f53c9c20c2ba0dc5d8c41a3accce2f748caecc1d49e9c3ff5d0fdf841a51bb44fbc3fe64e2bf54a019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
caa8bb04b81337e42f01a4496cc38b96

SHA1
e6453ed9242af236c8c70df4469f743b4af8a097

SHA256
f16523ee50541408d28741b6c294a2c1b0bbaad05ed207d499f0dc6f17b37b67

SHA512
22878dcef5ce3095823e1fda1f71a5aee20274085921dfeb3b670e5069b08297b6258d3ac4b2cf60d42e874a2ae888afb7f37341d8c6c8c30aea66af502cfac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
63c465b968f19315759aa179d40a44f9

SHA1
87aa32f5b9943465f62d6be65df56ae91fb1afe5

SHA256
8d55a515e47916f12dd0825289bffe2bd277cfad07cce407d03bad56463fa224

SHA512
cd57a137bef164caf887c5a534ae8a1b096deedbe9728d066a8db07c38307c0ead9ecd8329d96f6b2972da16d5dc02c00866b86b4eae7aee15b7e3ed7a5193c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8a72cba54c052d4acff350ff6ee94cad

SHA1
bcd2529c54bf6841c3d313f2cf700b1eae18e8d8

SHA256
cb9c7b80d8e91873b02a265688fd1c6d424137330d2abbe517b4400ee798533b

SHA512
422736d9e25f63c4ad095ffdbff2138bf2570fab8de6b8b6c5477347c7362f966796563ec73adbe39871b753236eb28e682d593d1cc5cfd415761dbe3ff97425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
14230685240a46f82936c0d6784a0e24

SHA1
4588d4f586ded00d710d138803c7517fbf196e71

SHA256
d65de78fc29d3db6ff0a98773b625e311994ce16ed55f08bf36102009f3d6758

SHA512
77c25004847d475d0369105f277571c6d08d2fedc59b3879b04f28ab2f1c5d5dc745b04e1968fe525ceb1704cec55634a567164d821c974fd2874e7eccc0a258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1cd3b71857e9d8c983236c2f0bc1aa33

SHA1
eb939ee1cf93e3fe097ec09233268a21c029f9f3

SHA256
98849451f5c2531b36939dd20f3db1f888e75dd4172804a7d95c8ea69c155c60

SHA512
eb839a215f7c1bf8d300fe1e8d7f42a20fb0351b936ca0fa04a77cfc9b2aaf761b4c929ebc9aa9fac4984ef6b5a26c675132215d9fc4ce35fdab90a50a755393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9005140294fcaa015476ca108a91af82

SHA1
a2fea67315370ff0d6ff5f6034aa86fb30a82d09

SHA256
59f8ba4db7becf0ca3c7d19e92d24f0351141fc21952ee74adffb40c6de00e95

SHA512
829fd3d16d26c01d0684722973b637f163473425debc8e6d422f0862f62e7399c1a22e935ab8180497008579b3dd51c6f98d9c0a8e1e3f1e7a918fcea2de0a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd21.TMP

Filesize
1KB

MD5
bda6d6ca6f77142cbf5c1d83bc346678

SHA1
ff074a1d89cf3bcd7ab4c4ce0bde9183ab9816cb

SHA256
095d0b12e1b0350cbec09c127dd9669f1dd0d4a4a753449c3e215a78f2edb79f

SHA512
7545d8a812a93cc6b02cfd9999b5a3651ee9f42523109401f3ebe73b0f9dc30a4673d9ca130ed00a9574e26606646d0d18741311ef6dcac9b8244b3ca2651799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
30774440b0f4713b9d939e834ee7849a

SHA1
3b319db9a2e13734d388107f47f572c17b75a87c

SHA256
52fe0952b489188848d83f87587d71bf1064930b1645faa5e5fb1aa24991748c

SHA512
cab7e006fd45ae7b30c18615bfea403afd6cc47b7870a7a02729ea54b9967f8221da3fcf55da6bb4c39e43cd2c61aeff87db278ccc495d19c878aac2413da7fe

Download Submit