3988742b8d62746d446ad9665ac82c101d49686ea259f930085447fc935c7da4

Analysis

max time kernel
1171s
max time network
1172s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CrucialScan.exe
Size

276KB
MD5

8747cc9732175511bae83e1a6a1f3dde
SHA1

f802b0ebc000378974dd3aca26c8a5107b2341ca
SHA256

3988742b8d62746d446ad9665ac82c101d49686ea259f930085447fc935c7da4
SHA512

aa463200e839bac041735cac301d6aa5a0f74ed42475719a8de4b83ce4deece558fb48572f9eb966cbb0edf748964d1c1eb03d1a40e451ff7558e94779e7d4b3
SSDEEP

6144:o3MKXGqCnP5f+hF9U/nZ+Su/2qNoF2VCZHKa9BAWv:o3MKW9nPkhF9aZ+Sun02IZHKEBp

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4552	msedge.exe
4552	msedge.exe
3204	msedge.exe
3204	msedge.exe
3160	identity_helper.exe
3160	identity_helper.exe
5176	msedge.exe
5176	msedge.exe
5176	msedge.exe
5176	msedge.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
676	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 3204	3172	CrucialScan.exe	87
PID 3172 wrote to memory of 3204	3172	CrucialScan.exe	87
PID 3204 wrote to memory of 728	3204	msedge.exe	88
PID 3204 wrote to memory of 728	3204	msedge.exe	88
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 3892	3204	msedge.exe	90
PID 3204 wrote to memory of 4552	3204	msedge.exe	91
PID 3204 wrote to memory of 4552	3204	msedge.exe	91
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92
PID 3204 wrote to memory of 564	3204	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\CrucialScan.exe
"C:\Users\Admin\AppData\Local\Temp\CrucialScan.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sysprofile.htm
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8caf446f8,0x7ff8caf44708,0x7ff8caf44718
    3⤵
    PID:728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:3892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
    3⤵
    PID:564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
    3⤵
    PID:1196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
    3⤵
    PID:2256
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
    3⤵
    PID:4900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
    3⤵
    PID:4728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
    3⤵
    PID:2924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
    3⤵
    PID:468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
    3⤵
    PID:5304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
    3⤵
    PID:5832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2740100496276908573,5193776753417653009,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3852 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2764

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8c0ef12f-35b0-4407-82fd-eb82015dfa39.tmp

Filesize
5KB

MD5
e6b403be7ac426636b79b556b5d63bf5

SHA1
60610711a8d58ab7f35cf320f5642ab258fdd1b7

SHA256
0b185404d96208669f7e835814e7463f451c7854f749adc0ecb65376ad3b5c1f

SHA512
42a228b2dda8317d6cac64ee3d7c474a4700e74dfd5f3a6ddc2a2c9fd75f571ad2d3c1867d71cdc735f9a57ba12a3e4c6bbc8189cdb20bc81e65dfc53ee7666d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
93KB

MD5
06066fee0fb491f3deeac18a75f7c695

SHA1
b164988a86c94260ca4f0ca12a03a483478568fd

SHA256
cb8142cd53a5e7da3602724103ed5b184c73d846c40325b18e4524b08b42901d

SHA512
4829e1958da33153cd5f5a78d249050c3534a888a1bc873aa49631998ba3e62ee5de380eaa409fadb2cc3db1fcba0d3b8b309c3f58e2dc74c7e61259e49bf89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
816B

MD5
f18bd1976f1bc9d81782d5886b145f4a

SHA1
3c59371d0a74d029a051d2b1418bd9002f6bcc0c

SHA256
e97c9762f377bf63f4edae88aa0c167a44e0856fd617843f919e34e7001618d1

SHA512
6e49f8571e623ac5e86c737fc3f18f2b60ec2fa1487da2d4b55af53fc0f679f995c822a61ccc976d1eab483c883dd4915e08cb3e223df214a5ab75bb8f8cb906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a622488ce4b4a861bbb60b6efc473ae7

SHA1
97009ee7d4b1e2cf5fd0b6ff3ade3eafef74c551

SHA256
d6fb2c8259986cb83ee0713d209fd29d1cb1af179b557603b5ce2fbe2b22384b

SHA512
48b465904ba13435bd4f324a2a124c0f917aeee7b8daf728c56be4285f0ca6b47902fd65722d1ac96a4eb10d6c689ee87f35ebc8b7d9e3880adc1494d1430b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2f46a868d05add526f993c998e3e431

SHA1
5b8917c1aa78a5f5517c3f56f945ab6d5f06178c

SHA256
879a14b9aa5112d1a180112c8b57a233d352586f2a98987ab50981bd93a4c0cf

SHA512
4aa0f6d3f3b0441087f6007bac498af97b7a8b60b93badcde32c77cad15b822c0d1473f7c9c987bdc95ca0bbdb30e37fdcddf51751c03d3fbf855038dc84ba2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
165cd2ce89f2cd58f1a536e82e0e7aa3

SHA1
00839301fae07c998dea797808ae3534d6fd34aa

SHA256
438a130d04afd6bc24b9fe1ee7cfd1ac130f082a2e85b680f12b8e55f0eccbc3

SHA512
09a31602c3b3763af5d2b91e2711a392866404b1b3a2ba2d60943a95691502dd9e9d60566b815500d5e351740fd881747f3f0763bcc54fe1b02e125f2c9adad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7a92aaec5e1f1e0535686a3c68c4bd2e

SHA1
5e08c3e22248cf310bba544b05fd7c184cd986f3

SHA256
20fbcb037d51bc42011bec84e108e2a4a3c7f4fe314745fdf65ca19c982755d2

SHA512
52bc8407de8605ca7ebcef2c34820d7576745571c8fec37119b2d2bf75bd6bedfee384a6223e70140978d8ac9297d0f022ce51787c1eb2fd81d71917b17009eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
34936e92bc5f249f19de21ddbfbcb486

SHA1
cda86f5f7ae4eff2fbce89513567b0c77af6d580

SHA256
9b0354f4f1f6505a7dab780a9c9272e3c74629c7a0ce2b42926cd76dd9376976

SHA512
6f789ac397a0fdd3ba9215bb2852befa3b5d9acc717eb9b38153bf2894732165f54c3918656f38c1906c8f3e05d44469c0cba278ce1f307cc436f23dd69521a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
aaf1a788d57fd03bfa83689067c99034

SHA1
427733fba74545fe3461ecf80f5d0978c5ce163a

SHA256
60622f7869862c22e3411cf01b8b7edef5e42924ea0692e2426964fa2fbff333

SHA512
d00f703e53603cc6129365666513a7110d4895872d41e4fce6a642ae09860bb622b899523c1e16d63b626554c5c2c433905d3d6942318a82fa733a732c52c332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7bbe034f725295824161517f1c9e0a6f

SHA1
5657e439b3602a9e4a515768fba1bb69551241a5

SHA256
51ba4df1b12e5aea1307b9ef98b3d2962a52951a7bd90b3230ad56b1d88e6c70

SHA512
577d23827382a437d55bd6daacd698a00ac265e133f694ce2e9f10823dd923006a3aa6318ece4608da4960dbeeacc6d0469d80c49e6ec3493f6b5bb870d069a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dab07170f5250c464e16359e1581f3d3

SHA1
8955e2b7376212d5722a177e6b4f82b18fd0bb53

SHA256
c542afbb5d0b652005f5cf1f8139dc98a664d7cd2966124303e340833a10b30c

SHA512
725afc10c2e44eb8c0857ade94f6d5dda14d7bdbac83a35f09a1dda5c1c0c31d9f85799294ee6bf9d665de5cf3ac1fafc2558b1044a120ad8caf1974debcb431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
55408ddd93dc198da6e5bf91ec2aeb49

SHA1
eebf41e546fc8ddc844755aa7452cc1f65a4648c

SHA256
ba9448882c891af8a02a619e8ccdf0ae4ffae76afeb9a837919f93d96bb1b196

SHA512
20cbe5c05f90e8e5bbc0b234bba4ed904b65c442fe37215830454fcc057c95f9be4e07208130f11016d067e61ec7154f416d749b2f8088af3bc9a166a6c28258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f43a75f5460d4103f69b6143df5dc8e5

SHA1
e3625addab670cf9a91cde2e4dc08d5fc69f459f

SHA256
2d7e9f1559576215c207fa6d949e7ce6aab2e24c463015a8de5e695de3626bda

SHA512
7a1e324c47e48e0f2cefd9fc4fd3fe157a92596f91741d063406f11622722cf15915370b92b0c55251a5145ba19650edfd764dfe307d2bea6bbddd9567f49a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
203323a56ca6bad65586e9a0af3a9292

SHA1
92823baa3013c3fe0b518d540ea71c465716cca6

SHA256
6e4027b750ae78b18b2e32264d171ab52a80fad7ef35831fe2ef9a63445dd630

SHA512
a7214901dec833ba2209bc05538654cdfb5a8a2c5126fce0550c3274fc39e53dd4132309aaf5889e2af0d40b92a7ab6e73a215c49d1c973f245d464696446f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b637217121d0b0be2d0e767dbca2f6ec

SHA1
8aa0b5a790a93a462f990f9c636bae262423b908

SHA256
9fd5b26b20453d4be896850427ec3626fce2b629de89b615519cff6c547fa158

SHA512
f062707119a03498bc6d5533c6c47a2f81895b4052ef3f973d6bd3ccbffc6bf5fa712ca8118563fa9e1e1f24bb2db553386752ae373ca871be069d9dcf8193e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
987a5d00674844f6b0bcfb4ebf2dbadb

SHA1
d663100b3b7fca11b5573ca94e4fd35021970f2c

SHA256
d4fc39559641fadad23efa4196e03168589befbb71950c0c87ac4b22361c932b

SHA512
716354c12849c4a50057dd1455bcc0027900adb84c613a925bf9a4fb0e3e7f7b918ae2270838ded34f184a1a9f00e88e835e224853259fbc732c644a6dcce9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b73a.TMP

Filesize
203B

MD5
07f05b359b1b383aaf94674c2ef23c98

SHA1
f9e967892e644019a4fe68dcb2effaaa5046df47

SHA256
dd89450ce0ce5a2d85103a90df289860416cb668ac80db64d49680dc574c23ad

SHA512
ae74a47aa62ec8952142621b44eeb3c8029567e697a9a7ddc2e90445cc02ed4257f9f216384b68de62791f8fd24b3dc2818910d639d820840c96b70b2f20a501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
509a536f9f7717050532ba1a65888b44

SHA1
baf400b67511665f0bed33dc2259212e9d5058e6

SHA256
3ecad91528091ada5522098183c4eaed041e03f889a03c4de3cbd31506b88c04

SHA512
a93539c54aa854288319a67b71160ffc822e6d677f1243652f3cd1c0533cdd6a5cf0f3f0cb37ea41f35c5e80beed63db77f326410bc3825f76c703a8056e0313

Download Submit
C:\Users\Admin\AppData\Local\Temp\sysprofile.htm

Filesize
866B

MD5
8ab2922c1121a92472b6105341c90618

SHA1
4d232ce9dc96d9bdfc08bdd2f250741840799828

SHA256
9fb52ad8cea1fa062d41206a0c24298c3a785ab4a9440f8c85468d63a84c6953

SHA512
ce94501f35c315dce52325680d337ef341b31bb3a6c96de773f776ee127e23f7a77b7585c89e46fa4d96755a1c86ab24adae0f176e5a3ed7b07ff16ace662ede

Download Submit
C:\Users\Admin\AppData\Local\Temp\sysprofile.htm

Filesize
31KB

MD5
7b678fb26666041e3e0871cce9952cf5

SHA1
b5a2ece87267f77c60221c1dd168497d39c53036

SHA256
809739bd6c09046c67440f5a7c38f94cb96b83eb959f71e1b955fbc1bda979d7

SHA512
ae9ee313087cc34f217f478e11589b3aa6bd09d0a0699e0de0c2e5dce7fbe32eb61aeac3213b077ea9f6b3d52ad9fce747925258e68e606b003330ee40f6293b

Download Submit