hxxp://lego[.]com

Resubmissions

30/12/2023, 14:33

231230-rw6ztacce9 1

30/12/2023, 14:32

231230-rwrj5ahgcl 1

Analysis

max time kernel
160s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lego.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4936	msedge.exe
4936	msedge.exe
4440	identity_helper.exe
4440	identity_helper.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 1956	4936	msedge.exe	88
PID 4936 wrote to memory of 1956	4936	msedge.exe	88
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4968	4936	msedge.exe	90
PID 4936 wrote to memory of 4836	4936	msedge.exe	91
PID 4936 wrote to memory of 4836	4936	msedge.exe	91
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92
PID 4936 wrote to memory of 4676	4936	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://lego.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbad946f8,0x7ffbbad94708,0x7ffbbad94718
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9994960631379820302,15876231258933549486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
2a1537dee435c896437f46c378bb90ac

SHA1
38e13976d3b00932e77a050dd5326a9b2f28c227

SHA256
8167e510862dc0a65ca83f6bc198c0825064ac6b90eafc0ecf9f2a077c612c79

SHA512
6b81e916978269343d3af3ac3124ffbc45663d4a1e241dcdfa03ddb31e5f64a12d579af0619a6fa07179ba96dcd7b40ceed3745c9d6885bf7cd24e06cce99653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
664B

MD5
b5898b8c2a3c9eb2b76c419b551a878e

SHA1
2ef9d8af39830f3b5708ff95983aa119c2ae8cb5

SHA256
558c1a204e46b0b4871808cfd80f612438ccc82755a1d577d0f6372fc09126ff

SHA512
f5ef919b48a8fb6fa186acc290260175875096a66640ea59053232a3e08802e47033d891dc79f73e9f3176a2edf425d94b083a447ea00f03c54db0a8a9f7c6ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
667266f6e7e6519662babf84a93ec5ca

SHA1
229813cfa645347652a4cb966501017de882811d

SHA256
b0e23a9c0cb5a5e27d14f01b70ac410c317c330155cab4266704f614cde32823

SHA512
10399d7436155303e6c4359de1ce2d910c5d8cb93489ad77c5cf60084c449086c46dedac1c53b519a173931947d21eb15a8387ecc1670c55d7491c4dc0ccda19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8401e775b1d7566e389e094fa2abf5e5

SHA1
9fe0e10ad8e90f221d4db9482d4d84fd6799de97

SHA256
6cd38b48bf6f2c8e8d27bf9ad45d2c75dcc020aebbe72e434bd923d7f68071f2

SHA512
9a7c921b62d2d9299f221341a4361f3de9d86c149cf377a0b6a7bfc24bd3aa0cc9fbcece7bf4d31a004c90e33c92fdd3541ea5cd42b1e33081e36b7df666145b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a561f3e3e09f41653c647d7da73dc83

SHA1
7e6a8b30793aa0a1324daa402a015646c7104673

SHA256
c0e468535b8cda536ccd611134acea95c147cfbbea4887a33aa438be6234f28b

SHA512
c81b491adfc6e68b3871742ab939fe18a4448702c19072353aef3132823469efbc976888402d10c2c71efb244cc6b747e26a39ae8b67f2d3c7bd3313d1023e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9191fd24d5c627bca3fa5be0df3bfe69

SHA1
06002b673db4d0c41bd4a309e82f3f7fe22ac45c

SHA256
3feff72a4b0712b421ce0ff6187c4f3959adc4c230a85c72a0b9cb2fc9765a6a

SHA512
a22c05efd3da8aed310866106888ad6b27b6304a13d116d1dd266cfc9b3209c9947868e15236adde7ed99461a899127ece912afb0d9d8fd59b21b4bac4fdbd68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2bbbdb35220e81614659f8e50e6b8a44

SHA1
7729a18e075646fb77eb7319e30d346552a6c9de

SHA256
73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd

SHA512
59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
865B

MD5
a9a5713d5dbaa840804ec31495d0dacf

SHA1
9e0ecf2eb78125d1c0136233472b0b3fa744474f

SHA256
30e4ea2e687b84dcbe4670675b060e537757e0f99fc2bf3ce089d284cc1d4dcd

SHA512
ecace58a0a0d1eb7f488701c6a745353f56bf670a4cf522cc08a3d71ccea66bcf78446f41c05e68f226b82e6116e540006a3579690762a053eb1017ab1403bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
f7bf424b69b09c559ce1a505a698d15a

SHA1
713b1219e05face31fe68cbc34c1afcfb57e5bbd

SHA256
33774570bced1ae773c24475395931e82f87648803f4daef1f840cc46450bdae

SHA512
c307f40f9592630196d1a2e5c418b16b948cf330c17313448222c04fab74604f3f1450de9de9cb98af1ae7d7fe0d486e959ae6010ff365e0226e03881d0b3f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585995.TMP

Filesize
689B

MD5
3eb07946217426c1f11956e95d9e4a6d

SHA1
123fd78e4caaabc8164692b94520b043d31900fa

SHA256
faf1eadbabf1ccd83e585255b9296ffab64b5236c05faad41ffb8370b5f16db9

SHA512
1960138fa70f045e47d4c90d1ff039291316d21510d4a94d6e89e5b8032fa94348c63ae079daa28032d86b28515d6316a512e97a90618358bf6c527cc375ed09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
781f438076382eaa48d2cedb27171027

SHA1
4e992f1efcc0e303f1dbea1fe53631dced532c06

SHA256
b86dffcab684b6f7995c129146f282a825f8909e6733d7be61b5621d3d2ff0f0

SHA512
5b68eefe62f8443bfdadeacd94126b59cb7e94f2b601d43dd9a4aa57e22a6366f0b0f35a25d03282e80cd94272aa0f6e9cbaed1771d21fd4aa1ca92d31b2e0c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fea5fc9c70dda5e801b6006c2009fe4a

SHA1
7e233c1f90e2693e7a910061c45a5e7f650883f5

SHA256
277ae91f072a7a65f3d6daefbc1e92a5de256775a662840e00213e62a718d0fd

SHA512
5d8436999c912a465944243c0ca45b2d4d623d42bef2d8d6bcd342d9e586d121b2c5f1f0fc34abb70465262479d7618ef172d172aad0cf2bf724e2b08cde1409

Download Submit