hxxps://app[.]capacities[.]io/home/5d794ff7-43f0-4d84-b11f-27120148a815

Analysis

max time kernel
321s
max time network
340s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
12-12-2023 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.capacities.io/home/5d794ff7-43f0-4d84-b11f-27120148a815

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
3060	msedge.exe
3060	msedge.exe
956	identity_helper.exe
956	identity_helper.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 552	3060	msedge.exe	86
PID 3060 wrote to memory of 552	3060	msedge.exe	86
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4580	3060	msedge.exe	88
PID 3060 wrote to memory of 4412	3060	msedge.exe	87
PID 3060 wrote to memory of 4412	3060	msedge.exe	87
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89
PID 3060 wrote to memory of 3804	3060	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.capacities.io/home/5d794ff7-43f0-4d84-b11f-27120148a815
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd936546f8,0x7ffd93654708,0x7ffd93654718
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9773054403557043109,6106544129610916426,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
0c7bf381ed48808c99eed5ab10b48444

SHA1
c17f03529a1dd6e2dc921e9cde69815fe748c1f6

SHA256
a1c804723ab8e38acc9cdfa170a282d1f6667e745d66ed40671e63587b0f7105

SHA512
5ef864071fa8eee5961508bd995f0154d5ca25268de45fa4e2d5d9db2596d148a4d78d924cc9891776bcfbfd643f4acbe4dfd28ba9b97586a4cabd719605f577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
951B

MD5
e8b5677bc3ba6182ca09de94d484efa2

SHA1
2ece7ce8afcef534ba0f54a994600a42e4ac9676

SHA256
41d4aeefe0c406378fa2d0216a91812e5052c9cd7ae48ae37ee8bffeb2c9fa15

SHA512
ee201cad239defc98dab5bb14132bc331e30ba925f26467b66c676475e954beb9a0c332dbdc2736b971bc0140e348d2cbfee7b73eea02ebc3d720d3a5c18aee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c92fc61cfd555f7c4d6ac71f733b47bc

SHA1
ccdcf6ffe885531d5018791d206a4e98e2ba19af

SHA256
bf01ecf6816222bdb2cbea7904d2fd44eb63a6f47e5e0722045a2d7dcadc51b6

SHA512
4807f3dabc602f39108ec28233d469477e6cada1e7f3cd35efe17607ab010f6d7e81a29ddf6d12d74bbc3bc6ffd63faf1cc02cc7db3b4d95ae07acc8010c6853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c872e6facec0ef2690f96d2f4bf9463b

SHA1
a440d3314d7e3d56f0c8e567dcb9614d33cde836

SHA256
912ddf2e9dbd6ae346f0fab837cf169afeb5362bb9a8af794b49a9b3b4f4ef5f

SHA512
bd04f7968c97d2b120472e3302ab59a685f1c36fdacac845a2c6d277a1aad10252f7cc60c001df4ec15b6c5efd10f618769f299373258a70b782ca7ef13a218a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
df687d1988f19b1be2a6ade65e9c7500

SHA1
f4a86949d36dbe4230ce823651f7422fd0b79fa2

SHA256
5eed252020c20226db3a6b5c54a98d3a24f5cbbf5f970272c46e21a5b6dcd408

SHA512
e723b185980f6b1ebeb56b80358dfa1df7042a33ec94bbf529f5c2a418756600fbba0950aec0fb6893d85e095faaccd53b80ad44286ea69fc44b2ef6991e3f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
09ede99e072e3cf219272ef9b7cee91d

SHA1
5af718084a9a24c370d2a52e2079398273050ca7

SHA256
4edfb85394b931d88b7518254b81e1869fe6e4da3f209d8a2eaf0f3bc962b470

SHA512
de72e4174ca31767881257583916b56a834144db24e82f2c1d5d74cdb56413d62ab4262fb09cb11dbfdd75e9681112e7a1f2493ef85c67f5f169e1cc4d239a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5a6206a3489650bf4a9c3ce44a428126

SHA1
3137a909ef8b098687ec536c57caa1bacc77224b

SHA256
0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28

SHA512
980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
677981526264a3069b4730b77179b29d

SHA1
48177e4f741dec73f0f7a190da9026c553d31450

SHA256
bf74b04476146774641ec8ea74db1215b00015800cad524241bc9a7ae9b32f00

SHA512
cc1f081df4c391a111e6d3716f3db5f6063286ed7143d39b2aafe8a6380d137e27a5c4bc95fdcd54e3a1f8c0c90cff61eedc6ede5d8ec216885580dd8c481fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
099a670dabc97d88c3e72426614cd53a

SHA1
52a6e7c50755e51989bb076c8ba8e28b968ced6f

SHA256
36f7142460bd5063a2c5cdbed40da1e34fd7b71e3737bff7d74996a940fcd6ed

SHA512
4a53ce0ebcdd5cd509a02e99f179c96872dd60a1fb41da05b7808413dddfa4cec3c6aa3a2fc7c6555c76477fcabe0933a1327e90556ee6162207e49fe21fc62a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
410428186aa802c89632634bbc81545f

SHA1
a484459364a9a7b303591c4c525099d6dac82855

SHA256
b8f56af933e6f795dccc508fac291ab86347993261d627dd5487a5be47f8eef4

SHA512
62beb444bea1f9c73af3c0d3afe20f78647058a5ec4a4f31195d7dac6d502cbfc49804ecb6774c33475941e596f342b21a3648d8e935fba51d2f51a53b03469d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
edf981fc8025d413d4f0280f79f3a034

SHA1
7640748d93545abe3b7e77fc09950ae9c86f94f9

SHA256
3a31c520e65083b42a81f0eec25c83a08b760bb635b64ed64adb2335dc4ee345

SHA512
9e88c2fe5b6f4395259a1811e994f742e78f6e020cc86c1073ca3016277a2f441f230635599364b7d8f537899d4be197b11a4b035d127161805c1148bf36475c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
7b676c35325796390d5f58f88da335cc

SHA1
48db07723644b6937991d6ffd8bb7649d0f423ac

SHA256
aa3670b94aaee2b287d669c47d7eabe7dc6c88b4b5fd70da9157a56681cb36b8

SHA512
e0ea127e81eda65c63e3d9115bca83ded5890b12eaad4019a7f48dedc4d0f8fc61d933aa3c41ff804fcb18a37d53a16b7119420406bad363483b6450717b6da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
47f449eac72d4d7e6eba936adf54c186

SHA1
afe3ba51c886a8c40f19b582be3f2baad9bb7cf5

SHA256
0d5df3bcc2fa2d0339c93dec868d1c429f1b208e6f9bc4683ff7c2b5e71e47a7

SHA512
34f97c5cd739a269e6a2e2e118f6b7bdeee21fb33639a2bee203e7c7cc9a0de67aa179b1999bf95236dd8ac1d8ab15798e268b35d8a12c35c2102522a0ac011e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
3d6830bdba1d4e6f0938c725673958aa

SHA1
632fc0e4fb8dc4ce521cd18072f43345875866bb

SHA256
f67c39cb3849991ff9ce77539bd0d98d325998f9a627f387fdfff432945afb07

SHA512
7299ac8166cde1d1697b845bfa050ba3ebbefa608c563817060aecc6f7732c0618e9cb401f1daa22a2b511d8d0246c2d3379d79111e525ebb5e634c5530f1369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
12b5df26bad545e4794717c87f1e214b

SHA1
9066be5659373a1a9ff3a72d9b06b69f79601a7e

SHA256
1b4b69c315aa843c12a3d9cb06d7c4c22e1c079345b79406135ca7ce033880f2

SHA512
a431dad20671b5e11a4d3a1adf9ae27d2c17b6d629f80286f0e3753a8ed4c135e0d8d9b232b62f03fc07b5f048b2330089bc9803e93786791b4a19e3ade71490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
0afef79041f898f12e6c9fec872e50e7

SHA1
2f1a44b4407ee1ba2b941edfa9af453b47f67e44

SHA256
a84c25e323baec4c49f9fd4f626dad93d99212047c6ba7e9b3496ba9249757bd

SHA512
33e2ed011756f7d653f4ae5f552b24291528e9a723ea024209d7cc3e60d067fee17654ed9059ea1bb77d00e3128e0a71f79a93423fb9950280fa5e988abe4675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
5a57076cf862d9dadaf3f14d089fc3b9

SHA1
fa76b786080d2652bd32456ffc1b5e6c2dab2f51

SHA256
07eee73170984fe35ecbe71d0556ba0974d00c345c1cbd86fde89134e207ab97

SHA512
334e45044c0f97bc7516e2b8fd37f04564b7508aea8b885e2001afe18aa8eea0d246b1b615e82d716410000d61cb6503222055f143fc137d5b9e5c166599dc75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
46b16497cb4b6e814b6327c48f177db8

SHA1
217a558c4925ab3c4f03e4ccf137df55e6ca2e87

SHA256
1265be7a048d711749353ff9f476162da4ea0a3a5fb2b31d76b1a4d91e58b89b

SHA512
89c4140644a7cc695ed7a7bed05b7ca5cf6435206c96c629770a2bfbc84d8d3670b112d19c11269c9ddddcf51fca191106d245c60dab6fec1dac591450457399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
e9d93c18eb0d546d9533a9e66455d64d

SHA1
2e7199f7779cbcd46b1cc450541dfcf9da0940f0

SHA256
904d892ede6abb263ee3aefd414f27442ad83f0b864a9ad8d9abf905c97163fc

SHA512
7415b2b2798bc619c9c93ffb746cec3410db8d323fb4c8833d5704b2f5ff690577bbe2d5cc7d10b9174e7d2f28a8b180cd339f55d85c288df626d41132dc5b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
02abb429e06847849c8424c9b249d708

SHA1
a40b9831f191acbcb7343c2bff7e4e89fd506687

SHA256
e753b25d78d3bc5e645a0e1eb0fc2bc629351cb41714b4f15639d0d9cd3602a5

SHA512
be15ffef5124ecd77d0462fe1c6ea9c6b4102b4ab5162710a992f910ae2e5e0941b40304f6dd794e1c7f5d25a3f2e3a951aa91d2e57bd3e013b9e10c6845fe4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
7033eec873ecfd67dfab887e3400e91b

SHA1
e44f2b42b8dedce4790204c39c552bc2c31198a6

SHA256
37931d3d3231461210654a0327e673ed15cfe9713f52438ae7c82985e2fec305

SHA512
21085980bc67f5555d0516e6b72aa500f18a5bf0fa992fd88cd8b179a77ba3f458b658fd59e44cc121d543c163842a432107f4ce9703acd200ab13cfa760ce1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
e54dd15b1da18a64512080eee90cfb75

SHA1
e36aeb3011d428d3482cd698b15b1c075f9a2457

SHA256
2091b467090b36c69f9600abc5f680be80dc20c93b50fe337b80cd9785563f2d

SHA512
7897cb6e1950311f769912359ff5ca5871880aac3a7777bf607f0600e8b88fd520696c71734a7e787b6efaede74df9342b9dcf303d229032d08927bd8c887710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
9ba77988662be625ada0007dc4a26c26

SHA1
9bc30b2a31d6a8db6a0326bc9a8e4c20b09fd482

SHA256
03eb2438463cc545c9054128b029320ac3594a1ccee5390d65473d796da6d820

SHA512
2a2c4957b8a2f986ab9294985af0659015052ab03170864b19325115ceb5906c398e18adf4fc16a214dc8d6564b39bc2d2981a73ce7960e0dd13c26eb976f55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
e4b2cfb994d232651c19e2d234aac022

SHA1
73e5973deebdaca7267c58d59c561dc34df7453f

SHA256
92f8b47c7a43221a0bfd6f92f0b3128e949f951d8ff88600fddb4cb25931cc44

SHA512
b2978ea0391a7b8a05a716c863477d45028322add59fe7163563aeac2306939af52614953d559a223bc4e00665cbfe7c010815f5defc0058d3361683e4baaf6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
be0e506af108892b55e76e410d3dd9b5

SHA1
23b80c704364aeb325bad9c296bd50efbe5923f7

SHA256
4d153315d85ed443f6f6bceb8782776436a66e8e278948973a3f022ecc9301d0

SHA512
ff4f554470080866d226be47cd860f376fa123118fbe181080b23bb1b4f8c16b87bc4b180d99f76ab614905782417b8c61a62c58ad229d07ad9b44e4e937752a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
3a560f740245bb0cd157ff74c4a6c449

SHA1
8e2780a0c75b666d9501b0e407077c4dd98f7de8

SHA256
ac7ca2532a44816ea726acd52e7075ed56abbea694a2e4901ca63989be1102f8

SHA512
af6a49c3f685fd44b9c27cac03fe59a1205ec867fe8a1dea30ba35956a7ce5a6d5ff441695f633a290a064654aba6bd2da9ba737f1a5f49e3d7e134b262808eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
7c9d1784944fd4e01aff37158e2a023f

SHA1
f0df4c1747d1d2fb3255cead63039b590b8445b9

SHA256
e9686b1e0167bab151d6a4a599635f2a52fb3a0e9768c2b759e102dded97d655

SHA512
02a6146976f576d2e8a22778cd78f1f44c5327f5799207bec11998b350bf5431dbcbe5915395d615239a238efcc13168fa848ffffd8d5311dd9730559e7dc2eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58844e.TMP

Filesize
371B

MD5
c3a8bc9fa79b2fbd506481744fda13db

SHA1
ac84fd91e9432f16f8adf441bbcbef1e9e583666

SHA256
0397b8e34244ccc3aabfef3f985c66f4a51f26ec50a9893a04347463ab9a6915

SHA512
b93fd60761ba5a11336207d03290a37c30ff6ef7fc4928715f62db1d3fbaaf48afc405ad5694775a8f74f78993519a8a478b7b824e0fd845fb5d27a8e003b7a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4544d2da48377e3299b9cb935c3ca2a1

SHA1
c54e4918df27c9e7ca22782d45b5dd9b3bce7dbb

SHA256
04a1d0dc8ecac370ed2c90ac701b7bf680c40907b5ff70a9e605d60b0f05cc41

SHA512
a0644f97ff0bdd5bcbfd754264e3cbcec8c6fd57e3f0584bf3e32287f08287dbcdc44921b713d066eea9ff3c852e704f5841e7bbad9b2e098ee7423cd7693ab5

Download Submit