hxxp://mailto[:]p[.]mozaffari@tradestar-lnc[.]com

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mailto:[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
1184	msedge.exe
1184	msedge.exe
4844	identity_helper.exe
4844	identity_helper.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1684	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 3592	1184	msedge.exe	62
PID 1184 wrote to memory of 3592	1184	msedge.exe	62
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4348	1184	msedge.exe	84
PID 1184 wrote to memory of 4012	1184	msedge.exe	85
PID 1184 wrote to memory of 4012	1184	msedge.exe	85
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86
PID 1184 wrote to memory of 5092	1184	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mailto:[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe031846f8,0x7ffe03184708,0x7ffe03184718
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4560316793649385374,4234171276871367460,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2300

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340 0x344
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84df16093540d8d88a327b849dd35f8c

SHA1
c6207d32a8e44863142213697984de5e238ce644

SHA256
220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c

SHA512
3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
dffa33a99dcd091df7b1c48d6fbeb10d

SHA1
15f1cad31b5e1eab7d87265ee61ad3de226ecf3a

SHA256
8302d8b427826dd9155ffe9b587a5be7b3f27ce87f7b2dce382b3f21243fc532

SHA512
cb0c4a391d13e04689e5da0add1f976f987cfa72d96e377ca6a5be12ee0c1776c34f16e193b30f35e7ae0c6006ea41e7f6ce4ce1b1d23f28ac8659ad7c2cb23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
14e3b090c2fd20094879628f64b1e51e

SHA1
6b540501a0fa76ba41fb2f2d4b01a1bf8f9a80b0

SHA256
ac214bb8cb130846b6aadb65325d8422254ace1d2c1ae6e7ded4f616c5083553

SHA512
e07272201912ff1168246e5f4c53d8b3f363f936f983ba1fccc930f80a308f6d6e88ba0e1624b2dcc9fcf34cb74bfeb107a7b151a899f0daaeacbad3f62cffb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
670fd2e85b6b97d4b64ee06ef112b9ea

SHA1
0989e78c7e51c0b007f6ba6a82b2f635fb29773b

SHA256
507da9db26f3f680fb269f3ec78f86720db22642f0b840e2125985f3836b01e4

SHA512
76cb172517f1e6c096ba09b615f61cfa4fa74bd21319c3e33fc09b3205fa1c6ed9f22d50752e608cd72cae70b0407fa76ce341b4cf730c0886053086f4ced29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21ac971b6bb088db66d3c72667bee9a2

SHA1
e46d87cee9e938e264aa0d1b7fc0221ec136aa06

SHA256
90373355a8334bb3849838813df8ec9b2d24e66e52aea64657ba6bdfd7bc5e67

SHA512
241a862fc9fe307578badae2f2be4e3ee51060b5fe1bed3696cc86695cdbea47932b6efa3a47f58dd07003ebe66049d987047efe81a0485bf994a5b96b409fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e729a892732cae2a1e2f29f968e66f46

SHA1
427795794a9e74896b07f03b5b36a4544ff4777a

SHA256
a6482aadf105147a7975232f36b8ce7ab1921079d5289f5f0adb0ca1ea1e45cf

SHA512
2a6aae3670bdcb90a490dce3c28b6901ed9e1927de37ca225e24fd005c63b532ab963d4899dd2640285d1487893a004c38e7540db7be267e0be450d030d9507a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
918ecd7940dcab6b9f4b8bdd4d3772b2

SHA1
7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4

SHA256
3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175

SHA512
c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
55acea3ab6ca5909bafaf05e6c568618

SHA1
94d846161fc42b1b450ac9027be7d2dffcb2690a

SHA256
91b5c69c59c41ec4a48f354019edb2ba290ea5eea4aa010ce7fccd90090cf972

SHA512
fd4549cfcbb20b4128b0bb0f9319a378e964217acdd50e09ac1f7510cb7c02727b1eec96006ff43b3830b2bda09f9b2d45af36a2c299f23517d38ad630643458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22aa8f21795658728059ae9410fcb3fa

SHA1
0c38e36c296ed39a0075abc70b77ee87d86d5d87

SHA256
17f9128d385797980650d7aee900b6a08da61a3294d1fe7e73604a40dda45486

SHA512
5dee013db72a1caadd1b8ed660908f2daf04024401510b92628c4761725df1427945b7c7677ce844a8f2dd9ad7fc30d7ee3b3a64de24fc9adafc6d52c18608be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a00dc56e345a42f76d909d94e9ac0518

SHA1
9095087a8b3170814741c580b040312af7fbfda8

SHA256
460b702cd91dcf6baa16eef5fbc0cf9229b7d1cd9ae203029566802c1d761e6b

SHA512
68cadcba26bc423d368ecf673f3b84801b480f92cbc04f43c4b601660e3ac904fc425df8a5dcb4dc825d863e3ce34201853812e781d53693af712460c75a6a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
057faf312135ea33e36d541daf6ba3c2

SHA1
4870b175401622873140d2771cbae6dde1c7d859

SHA256
6e86af7fa9f93cff52503dd261cf64a1d25942e51498fb4cb8e05b53d625a0c6

SHA512
2d6df0afe5fc242057a4a214a6df342ce300562972afcacfe8efe6eaf7749c0cd1a42e39ea0f1c1ea522d8543c59413d05c0ce0e20f69b60f61605f18ff7e8b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa06205cb774bfd4efb32b677cb88926

SHA1
ed3d09bb3bddf71baa8852e6a561efbce442d89f

SHA256
8e0ea9191be63081869a20805a64be848a4ac67eade6474e5cd593a4ca8352eb

SHA512
63277b78a30bbef3f688d638b9afd6a0a3cef2e3cff14052eb4fb66b2c4aa64fb775ded903bcd6e43b4a5433ce420b68dc0ca221b5bc0a6302d3d7f99047519a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f661c0cfd3564972d77282ef108ada55

SHA1
a0cb028d664268da7c71fb2c35b7167041650800

SHA256
2311b78b278f943093559e5f0ccb346318a4151e501c75e5b435cbed390bd749

SHA512
676eb378f86d06276c50a91fd54daa62597c79dfc998b8694f5954d2fd0196d76beea9c9bab6d4c943a79007cb4119b4f3cf8c679c99e699a5693f820cac0a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c209f0205807edc4396fd69fdbef6f29

SHA1
a31ed58c21c654ecedc4606794a292a041fca301

SHA256
4aa6096fe28c6a937eed106cfad328de5f586da2102d21ee32c1e81c480aaf93

SHA512
ea1590fedf43377574191be11b1d9eb48ec133ee6852cf6b7e84f1a10dccaf22ab55465c098fa6841c8f2249b22d7da610cefbab5e37ccc695d691716b2f842b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d59c134655c9764a89e3537b0797766c

SHA1
1d252e21cfbf31af3278d1fc7b3d3a70f290efd2

SHA256
e336ba2df1077909adb8b8e48ddefff51c27ad6c8cc48f488804d9c0d2722465

SHA512
95323e0ea8cd31713c4c8cc86d9d2316840cc462d08e47b71d2a97fde907ddf7765c9d0972d87596cbce670359e2b5fa88e80bad5f3f57fda524c8c6602f6c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad62ab5e76567273b7837f0aaa1a74bd

SHA1
ba48842ba98822d2b30e0602d54aef5f49f48534

SHA256
572f726f58e05bc3a697dc51bfeadc3d96c702d6a24b06afc0d3d0213673fcf4

SHA512
10e9fae810237346963229b0901a8175fedfa25d580897f89ecfd57d1a08e446261c08fa16591363ac35cace8c50294dd0a7ebedeef17d67f7754e464b7dc09c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed53d8320fdca999390db2c5140821fc

SHA1
3e27ff8c118e0f295bd4df179251131a6c278ad0

SHA256
47e6cf5b639674e5ff892d6f546bcda9dc85b96726e772f1a9a034f96ead99fe

SHA512
7b7cf28df268d6cfcd2a4118e19b97a921ed33767f50a33f3c578b59b7411a195c96eea070de1da937db540749ccd2c7440aa7f896d818857f6d8d08c61a0cad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583db0.TMP

Filesize
204B

MD5
ea8bc009c2c4bbbf1eff20cfab060d10

SHA1
df72761f24cc92fe4373488f13d2740d3772a901

SHA256
07cc65fa33940a3efa6c5c1c3976d3bdc22be6f3eca2c27885c392a6afbccc9b

SHA512
40bc282e89e343e0f3b27d82b1b17bdee34d5d476f70aed4dbb33d1ce0afdfd9f5754f2c2d44d2834103c3113c6295f5da97753ff94320427b61982c1439128e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ad27b397-8b46-4f40-976f-ad8b685e2d6d.tmp

Filesize
1KB

MD5
e039ef24323c6d5b802bac3e9c241120

SHA1
fa24a75b018c297f49bef72b8ab0cc6e40b5c27e

SHA256
e4ff381c9f38c8c353d2e26d230494a0acb2af4fba3fd6974a5092fe907a8c65

SHA512
c98a350eb2a9441c08237a639e369639ec6cc1e6c26db72cde0d359f8b029a05182e1e86510dbca868200689c553fe4f2022baa880e0af16bee0d1f72cb974dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
02540b052e839b950067f3641a6d2ebd

SHA1
a3673715bfcf9ca3c96ad61fd9f216b4cad2b49d

SHA256
9885742abff9f0adeeecc51db622cd1fe86e0294bfafd6ebf84f134482a6ebb2

SHA512
c6d2cf92bcb7055a152641a5195da4acc107a50e8f4f47289b682ac083db11ef592b56eb27a4610aedd526b2326704e9bd0f8e5aecd127d03bd2df8724fcade7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
661f11351aadd6d29f12a469ee244854

SHA1
e6213d5dd32e577c2581329c0ceb7120e690f1f3

SHA256
25d9dc02fba9147365d054cc2344855dd84934a4aae531308a93a31cbd947c37

SHA512
353e1c51b540812576fdb3494e1650478370186e836ab0b89237b202f915b3b7ba0cf21c8e470af7a3a873a364886fe70666c984d9d5f2ae66e7dfc7ffbab27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9c0b96f836a8244220d6e022d9f91bbf

SHA1
3acf7903dfe6765db18cce9ea4a32e53cdc1506d

SHA256
4ba3ad78dcae637aebde3a0513e2d100d689675a54fc08b7184d62874834bdee

SHA512
c1e6ad1de8be1d7f49692d9690836a5e4b6bd5fb0885c59fb3257742ce8bf2ec95090630e08c3a81d3622cb93d5776fa207ec46392b170262ba64e1d03535a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
19c07b16a967349c7ab4a2b46074d4d3

SHA1
6b44707fe000a8dfbc17918ea474a8473e068b9a

SHA256
2c8fd355930281e34f9c763c0709a6f51993a85ec4dd7c000a137eecbcf5bd7b

SHA512
32764c232227dc134a225a887dd05bde04d72ce6673d589e016cd9b24b7c3da1851363b848ee4bf6ba0c469271027fab15312d8fe94ab54eff34e4036db2dd89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09fcbfd95d0f95f26059fdf7b0110f8b

SHA1
91cb47e236f1041e20d4ec65ec600036a94933e8

SHA256
e7cc87603e25b4a61672ef95652efffecc38060d034cb4f393e2fff3e5414b0d

SHA512
9a52dbdae780b5ab6901b548f9ca36d27c941dbfc414dbe3bb0becce5caa7082292efe5287e2a2474832f54a135ef10e2b29df8fca37109876464eea20c118f2

Download Submit