hxxps://www[.]hela[.]eu

Analysis

max time kernel
289s
max time network
310s
platform
windows10-2004_x64
resource
win10v2004-20231127-de
resource tags

arch:x64arch:x86image:win10v2004-20231127-delocale:de-deos:windows10-2004-x64systemwindows
submitted
11/12/2023, 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.hela.eu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
964	msedge.exe
964	msedge.exe
4696	identity_helper.exe
4696	identity_helper.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5968	svchost.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 3572	964	msedge.exe	57
PID 964 wrote to memory of 3572	964	msedge.exe	57
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4392	964	msedge.exe	88
PID 964 wrote to memory of 4508	964	msedge.exe	87
PID 964 wrote to memory of 4508	964	msedge.exe	87
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89
PID 964 wrote to memory of 2916	964	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hela.eu
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3d2b46f8,0x7ffc3d2b4708,0x7ffc3d2b4718
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14904487054288003758,12493006110097817074,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1352 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:864

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5452

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
04b45f02fd06510f69887d36821f8fe0

SHA1
2ec08d88ecfd2cd42579867b38d447e382231678

SHA256
a14599d8f2abe827c44679e51328576037a3945c7e8a268f2767c4df49d70420

SHA512
bfffca796731f0b74f622cbf7e7e66e77738fd373f660daf30601e0e21d60ca128261707e921cb28673e908b29da5ea442475fe6c4871f1781c70cff4fddd547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c89e9212e22e92acc3d335fe9a44fe6

SHA1
c43c7e1b5fb58a40a01a6d8dd947c41a48e0b41f

SHA256
18c46c863404b31fcce434662806fa34daff0f9af0a9379d898f772b5c398b44

SHA512
c6961c171af63ddc7a72aaba4c9d910cc6a424794c416cd1ce51206f7c7f1100ca51c9e41d07d68489105dccded2294c1d761a8dc6be80d22c661014efd6a9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
201KB

MD5
fead6fd7104b8964a2577442a1f28fe1

SHA1
9dac5054530481b3ebf2fa0e3169554491132f74

SHA256
9dcc201f037d4d5531ae38539155e6a20412ff4f3ead9649276ac95bd5770b67

SHA512
b34e709f66deec2103b6e8211a0e653869ec47e37c96d58aac6eb2d87568df25e473c03f86d1027bbd555b371c79518690c91ec50f04eca79ccf42e2ac3a98ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f86f6c823630be32f30f26a59e16aaf5

SHA1
d64ab37936e09a5f072e616b798f47c32aaa6ed2

SHA256
6ed14e751415475a21eb450dbbf62627205e450757d1cdcb8ce4582a7615c657

SHA512
42c22de5d08e93f8bebcd6206fd23547efc1fab10788bbf36379a4483ee3e2c607b7210bd505bf930d3b9da6e4ab062e21021203376363276fcd4c2caff75e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
179B

MD5
e351dfb7548f7ea5f13712e193ad889a

SHA1
6f2be1a620aacf246fc9f5b103a8f721afba4e45

SHA256
ddde96bf752d2cf4f5528e7b52d3b24d6abe0a8895634dde0599d7d92cdef964

SHA512
01ef7d9912bc37d158bc8144c2f2c2b65ecdf09aa640f40b0c9a49279f2ad0ee888eb0328a03b28dae51c3c562c4230bacdf58884d9300fccabbe43b3d4f05f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
884B

MD5
1e402c8225f7d2f359d65af31a071a57

SHA1
562dfae1e53a8bbd5570b6a27697bae01d6655b2

SHA256
36e7ac7cd307eb28710e00ee3cfbb49ab1f85b375ec4a4ef7a8df8b8de040740

SHA512
c19518d882d13caa97ee93d8ee48ae18b75630d7a6ac58c29d96941f1597b2d116d09005e842bfd1f6f48c500f8cc6f381bd121e9245a2adedf95c384d3acdf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b1d86839802e7968ec2233a485bc9b2

SHA1
b90c0aeefe17e5b325c8c3b58d82f3ce7c589abe

SHA256
fa9c3ecc69baf8070e71eba6fc2a5b46977fb29612eac742235fc5bca4a778a4

SHA512
e5b353509d8504964140e0cd4d98f4eae31bf2a1ed2ac80d0b113a468bf622a9b4e86d42351099763bded7c9cbfe8332d82ab814f2e46ad331221b5486751657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5e5b4f3fe3f32297bf82f8bd8b89588a

SHA1
1f5434666700dbfbad26ca8dc680e844724a3f85

SHA256
8671242802884b7b07f713f7d5305c1306ab4931d73454f778b2c2b2b998e07c

SHA512
6f74a7793b5f5cf711fe66ae001e3f751e550fbb759bc830fa885d12206027ed56bcecd6a6125027aa4dac34778887ab2dd5df60f488ebdc9a138684f3455b80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6346ace84df82a3fc2d180e180aa30b3

SHA1
bc64f5f0a1377ec4a9cfb4211f3f9c84c73b4a86

SHA256
141d7fca1d21e792e6e214463e48daa5a620630852a3d4bab76c6d7a5114eb7f

SHA512
e9297dcb5f057135cf6eafe18036cf3065944b8d590073c87698c0cd70a4a0c99d77cc1eac32b3572acc3fad93798c305da30fe6884889bdcb40ba6a2abea6e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d7b2b29ef1d9a33e61e1167984c8ca3e

SHA1
9a0da1a3cf9003ecf6aba220a8a00ca34a7ebd34

SHA256
7d4bbec0e8bf4e62f352750240a0bc0f7844d58fea590bc6a9fc972c3b752dc2

SHA512
3cc40b7e35c0749e419b035a73768c8f76bace77ed44be6a59469a032b643da15162733e5aaa94064494b055858a24e4f79326a863f31f1c28eab44cec35cbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
5c47c1353f21ca870d15d885d13248b8

SHA1
532214d6df7f890a3a1c2ff68a48fcf3ba88e326

SHA256
1a3e1b999d619c6f4f82b5df82e58440fc41336f9443b1cf961f14413f466abb

SHA512
ae39bc376b60ccb6695c49b31d9b4c443567d8355f94bfc5c608bc562060e9e99e5d4aaa048ca93205fff1a355cc840ab1f98bfe6932af81e313a4e55820442b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a57d6.TMP

Filesize
204B

MD5
761d9b02e0aac40f08143253616337a3

SHA1
add5c6c3dd07fe7f4efa7bedf200ce60595888f5

SHA256
d5d4e87e096b76228e2a097040a4140d31a92aee32b7ac57248ff5823e675a3a

SHA512
f517a0cdccedea480f06c686ca40c8e1d372832fca49520913b9fe24808cfeef1a8759b7032cd363ba00f554f7d39a5860c0bb201279d03469706aeaf2a45312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
31f03f716b95c2de0998b663a4fec8f6

SHA1
7ab0d1fb113f44cfa3f44e17e510770dbb5eba1e

SHA256
29b72de0f2908527f09163b4b09f5cbb327cd0b1bc880b61306c2ad0405aa8fa

SHA512
be1d1fb3e2ad841a831f0b66d65724b62cf6724731c1dd659a77f60e128176faab50fe46774444b70f2040bfd6af79adb528d9a268c1a19d598565164575f43c

Download Submit
memory/5968-247-0x0000028BC42E0000-0x0000028BC42E1000-memory.dmp

Filesize
4KB

Download
memory/5968-208-0x0000028BBBC40000-0x0000028BBBC50000-memory.dmp

Filesize
64KB

Download
memory/5968-241-0x0000028BC42E0000-0x0000028BC42E1000-memory.dmp

Filesize
4KB

Download
memory/5968-242-0x0000028BC42E0000-0x0000028BC42E1000-memory.dmp

Filesize
4KB

Download
memory/5968-243-0x0000028BC42E0000-0x0000028BC42E1000-memory.dmp

Filesize
4KB

Download
memory/5968-244-0x0000028BC42E0000-0x0000028BC42E1000-memory.dmp

Filesize
4KB

Download
memory/5968-245-0x0000028BC42E0000-0x0000028BC42E1000-memory.dmp

Filesize
4KB

Download
memory/5968-246-0x0000028BC42E0000-0x0000028BC42E1000-memory.dmp

Filesize
4KB

Download
memory/5968-224-0x0000028BBBD40000-0x0000028BBBD50000-memory.dmp

Filesize
64KB

Download
memory/5968-248-0x0000028BC42E0000-0x0000028BC42E1000-memory.dmp

Filesize
4KB

Download
memory/5968-249-0x0000028BC42E0000-0x0000028BC42E1000-memory.dmp

Filesize
4KB

Download
memory/5968-250-0x0000028BC42E0000-0x0000028BC42E1000-memory.dmp

Filesize
4KB

Download
memory/5968-251-0x0000028BC3F10000-0x0000028BC3F11000-memory.dmp

Filesize
4KB

Download
memory/5968-252-0x0000028BC3F00000-0x0000028BC3F01000-memory.dmp

Filesize
4KB

Download
memory/5968-254-0x0000028BC3F10000-0x0000028BC3F11000-memory.dmp

Filesize
4KB

Download
memory/5968-257-0x0000028BC3F00000-0x0000028BC3F01000-memory.dmp

Filesize
4KB

Download
memory/5968-260-0x0000028BC3E40000-0x0000028BC3E41000-memory.dmp

Filesize
4KB

Download
memory/5968-240-0x0000028BC42C0000-0x0000028BC42C1000-memory.dmp

Filesize
4KB

Download
memory/5968-272-0x0000028BC4040000-0x0000028BC4041000-memory.dmp

Filesize
4KB

Download
memory/5968-274-0x0000028BC4050000-0x0000028BC4051000-memory.dmp

Filesize
4KB

Download
memory/5968-275-0x0000028BC4050000-0x0000028BC4051000-memory.dmp

Filesize
4KB

Download
memory/5968-276-0x0000028BC4160000-0x0000028BC4161000-memory.dmp

Filesize
4KB

Download
memory/5968-277-0x0000028BC4060000-0x0000028BC4061000-memory.dmp

Filesize
4KB

Download
memory/5968-278-0x0000028BC4060000-0x0000028BC4061000-memory.dmp

Filesize
4KB

Download
memory/5968-279-0x0000028BC4060000-0x0000028BC4061000-memory.dmp

Filesize
4KB

Download
memory/5968-280-0x0000028BC4060000-0x0000028BC4061000-memory.dmp

Filesize
4KB

Download
memory/5968-281-0x0000028BC4060000-0x0000028BC4061000-memory.dmp

Filesize
4KB

Download
memory/5968-282-0x0000028BC4060000-0x0000028BC4061000-memory.dmp

Filesize
4KB

Download
memory/5968-283-0x0000028BC4060000-0x0000028BC4061000-memory.dmp

Filesize
4KB

Download
memory/5968-284-0x0000028BC4060000-0x0000028BC4061000-memory.dmp

Filesize
4KB

Download
memory/5968-285-0x0000028BC4060000-0x0000028BC4061000-memory.dmp

Filesize
4KB

Download
memory/5968-286-0x0000028BC4060000-0x0000028BC4061000-memory.dmp

Filesize
4KB

Download
memory/5968-287-0x0000028BC4060000-0x0000028BC4061000-memory.dmp

Filesize
4KB

Download