hxxps://www[.]amazon[.]ca/BosGame-Computer-3-4GHz-Desktop-Office/dp/B0CKMKBBFL?th=1

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2024 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.amazon.ca/BosGame-Computer-3-4GHz-Desktop-Office/dp/B0CKMKBBFL?th=1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2140	msedge.exe
2140	msedge.exe
4236	msedge.exe
4236	msedge.exe
1032	identity_helper.exe
1032	identity_helper.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5064	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5064	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 3356	4236	msedge.exe	88
PID 4236 wrote to memory of 3356	4236	msedge.exe	88
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 3464	4236	msedge.exe	90
PID 4236 wrote to memory of 2140	4236	msedge.exe	89
PID 4236 wrote to memory of 2140	4236	msedge.exe	89
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91
PID 4236 wrote to memory of 5076	4236	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.ca/BosGame-Computer-3-4GHz-Desktop-Office/dp/B0CKMKBBFL?th=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf21646f8,0x7ffcf2164708,0x7ffcf2164718
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9318861371543069238,10093184014018611236,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x474 0x4bc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
28KB

MD5
55b1f2778f16d9a42261a13b383935ae

SHA1
af902a507482aea507bd736433a6aa89bd7615c7

SHA256
5778fd0e1b268e5d450122de7c607877f127e62108c8513d51bea07ebb885a47

SHA512
f03b37eb6d408a987b9986db59a95ab0f270237769fb0e7ab3b6f0fbe3f057106e1bff0c33ee769a6f717ae737a9bbf82ea396a4b2f37879d1244bfb73d47c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
1024KB

MD5
e926aaca80725ea04dd02b13b645abc8

SHA1
74706e3ea811ff0d34a40f871eb0acea32784247

SHA256
5bfd5c3f7974555fff8742afcb6c1e4460a4aa73b7fd14158670ec8fc47301bc

SHA512
9a5a1a22066ab8bf13052e8491b5fd3036c34491ac7fee63f76599334199e93d672091c60b3253e48a1227b61e6cd859f9ce0ef51101179f0ac0dce90445700a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
01291378d57e7ea979aecc06095456db

SHA1
aed5bc6c617d0f83d5dfc0d4b9831ca2e29a73fb

SHA256
e378abb0b93d8c2a8d15305a338a63aa3a51e08dc9ef4274d5d86f241dc04cce

SHA512
23a55fab62baa350d68203f75f6bb7934ebba85c34e2aa1c4209d16f4f3b73157b2d19d595c9570afca6b4861e43b36cfa68e372a35f0585be2bb2c1db74cbc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0291c4a059b14d7201cb2a0b6cf15175

SHA1
0a4736b4902a2e00ac5e36b63b70dc6cf5ba0819

SHA256
25a3a513393dcb6bfc7dfda92c5ede926c4fd7d76c34c364d79375ea3edb778f

SHA512
9e9b0344c0dd86a3aa1d2b1710069adccd2dc0f9003296de492da905d629d541776f4c36cf489362b798439e1d8bb0068624c47596eada81071e7ddc5a9a974c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1be918878b5662a892e4a759a4a023bd

SHA1
143fdc7a3289c7b5ef1d4a3325df541c4d8956ad

SHA256
bc11e4a9cba78af6b8620b2f9441b803ace63e16ab8a61b97a9cee3444f39266

SHA512
4c05a48aaa46df36eeeeb5b852d0bff70abb8056e6e9a479666206086e9e541840d1285c6a689bb86f1366abcdac33d7b0d8e9f2355664cb533c0cdc8101aa7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
856f28f18ddb30847bd50d107eaef035

SHA1
c5fb93153a2cf0e14ecf699e4b355df4db6bddba

SHA256
07b33fe17384b927a10afe755afdf25cf2ca27e839770bb45e65492581ea9a1c

SHA512
6486ae898cf0ce95270a47a9c7f5a9ec1df2cd6c7cd5d56e5981a341a23dc2888e623577534d5addc497629f24d1100f660f5543b1af8c71067e1fc47c919d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a827.TMP

Filesize
48B

MD5
963fea6c42beffbdcab0a36da303dd24

SHA1
6ae672010e84860a63a575e007b3c15ba2d49f6a

SHA256
39f2d6649f37ec8090b1fd4b5e8af9bd6602286e2d90625e24883ee01696c2aa

SHA512
4ed1f1b1266ab38a979de86336de824ed79b947efc57dd5a272aa7568ec91b2bb2bbc32aa1b0da83f077a327df4e14f89fa9eea7999b40a5523179283ee96424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f9fb3d8597cf5dcdc81cfa8a9c17bdfe

SHA1
fbcf7300ec87bbd7f5c9a55f5eb5c04df6c52027

SHA256
458c1ebb85cb3a79748a6d3165dad4b7f0bbce97dc56b49e04788a6889db4015

SHA512
922e105528a321b64032a4d24384d32a6a32900c6ec5d4b75340a32e9adfff26a2a34f4b65fd79848a4162b63db17a592a8365817a756ed2b476478508d6a135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b3ee9d61d09b0f30ad8c30b9f763f2a7

SHA1
84095f80679ac314ab4e937f0a550d3f568d9b12

SHA256
4406e96916b6f3d5f9f1ca3cbf3f61d7fd7f89c5734003d8fae49dccff912c7f

SHA512
6042d6e358fb93ecafff96661bb94b522f9a8ea80343d3c4418f90f4468e5d7eade35ceaa0356fcc894803347cbff52c75eba89f3138d33233d3dc0490591d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
10f23c04285ebc9092f6dcb40924942c

SHA1
f1d470d26222f01da90ea1fbb7920bca6f5e850b

SHA256
890970db81822402ddad6869e9e515913074f82d48a64333a9274ee61a8a9723

SHA512
f9c4b3e30d8c01956cdf522267f79412d3d85658aa1496d32cb1149482e421a955e9467408a808df1b98e768bb1aab90b040581d56700676b6de20a061027f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9477179ab98ce99c737a4446369ee851

SHA1
5144fe931b02128d03e44683db5fc5cb91ad7eae

SHA256
472ff40c220a2b33f702e87d614fbf37951e54b236de3c00bb53c4af984cbbe5

SHA512
401c2eb8a604d7b769f71ffed23d9ad8b0716dda0de102d046ce817907d0bb93c85fd454a77f1cc704df1188a4841a2ee55ed9cfed8a6b9de7062272aa8227c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2808456c50ad3ef4ea7b254c462d114b

SHA1
3b1702594c32bb9412cb30f4f5898beee489caa1

SHA256
ce29de4e9185b73b12a6d0006e1a3444403579922a2834f8d28e4d39df4fc500

SHA512
5f14f065c352df27b9fd16b0e9d8301bd11355a5e45a1e251e13e526322d94d88b9a00534d46bd3b16c1ced6fd1dac64caa2c4c1cab172e8f2a13abdd8cf6b9e

Download Submit