hxxps://urlscan[.]io/result/503defd0-edb9-4835-98fc-83419a49afbf

Resubmissions

28/01/2024, 21:16

240128-z4lb3sbhcr 1

Analysis

max time kernel
501s
max time network
503s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://urlscan.io/result/503defd0-edb9-4835-98fc-83419a49afbf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
3924	msedge.exe
3924	msedge.exe
5068	identity_helper.exe
5068	identity_helper.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3924 wrote to memory of 3096	3924	msedge.exe	85
PID 3924 wrote to memory of 3096	3924	msedge.exe	85
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 5020	3924	msedge.exe	86
PID 3924 wrote to memory of 4004	3924	msedge.exe	87
PID 3924 wrote to memory of 4004	3924	msedge.exe	87
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88
PID 3924 wrote to memory of 1660	3924	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://urlscan.io/result/503defd0-edb9-4835-98fc-83419a49afbf
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf24e46f8,0x7ffcf24e4708,0x7ffcf24e4718
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9836435779402221483,4253365691969941833,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\20b50648-9559-4f85-bd8c-2c5108d03a4b.tmp

Filesize
371B

MD5
09aa53c9874e376e471a73740d28c7bb

SHA1
bb55837616be5b6ce3615b003d27d9f4eed9cdcd

SHA256
63b18e39c37e10666bd8b2d485e5e6fe10f5a6ff54ad7a380d606c9ad61a2b85

SHA512
ed906a85c6422ebe0e705a84951497e080aa66415ca37d9f76ec55402416212b3402f0b85daf8072d291344d36fc807871c01bdf5d7cb3be1adc5b90e79fbd69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b5adc6a8400222a272b0671a1482269e

SHA1
cf551432dd63bb6bf29e196ea79f9822bfea39c2

SHA256
716ab853ebac53ba76c9caf8187cee6ad250cf7b2f0d6453719e59dc92aab78d

SHA512
b3e9a3f6ffead0952814d0df82f52e54b712cb0982db1db4a5648f5c24e91c742aeb2cce9d38f7796b1c4dda824c52523081dc2c5667a1303787e77f2ddf042c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
9d77c98b5c8a4f636e27c898fa24533e

SHA1
68a8b3a477e086b83501984a8e525d54ff46132b

SHA256
24a218414d17bd8aeb3018f9e43994f78827891e4d106b2fced0c18fe94c3337

SHA512
223d57eceddff7e5e1789b180053cb0e8dd557668253236cdde15aa8edfd11f34faa55e87715a4895207c95902572ede16e9eededa9642d84de71588e89ecee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e0ef810392dde18bae26afdd8f851655

SHA1
c4d184f6530cddb5dd1328deccf29e2e1d65a1ce

SHA256
7aa1dd18cf183555b0e85ef3f93bec5811b13d0c343a9052d5ffc2c47a9e2276

SHA512
3a5e4e8c081cec6bef6028e1bff8b585b91a01bfb153d89546632d30382d6df8a56f58b617b919883e934ad80daa67dfdb4aae83681e503364c4d4c5c5f56fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8fbb7b75a0bb9727ffa38a97cceec6af

SHA1
a3cd3e5341e005582bc3ad96048e5f52c2017207

SHA256
8d19b4f4ad56c26f8b38a2936e4a780f67a022313ff723b01691508b70227178

SHA512
b78a193260548b84267a8be7fec21acc18854da290462dfe19a4d924b235ed06002e5b8092d2c013794b128d6518086de20d6442f53c5c323201c8842405f730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
9b4c7dee936d6126786565810a4f4308

SHA1
aa1843b5a5f17fffaea1390e5229c77e74b6eed5

SHA256
c0fe4008f8c680feb95a6c2de759565aabd5f95156184d0a24fac84c99454e17

SHA512
062658a386678ce356cb7aca9f2769fc9c1b98978819c2839bcfd357c4f8cfbe182d1f2ef645d2a4259c80ae763b1574cfd2e7c1497a50ed41abf33f1a46d064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
852f0bf3a9de57042f46f9250c1580e9

SHA1
e6050ef06e9f78e69b4ea64f0bf8d7de57c767c5

SHA256
5fdcc410554811085948488848583282f7825491c6d5a200efc85e726fd01f7a

SHA512
a26889bf271d59729fa228a705f3e7bb183c1f6d36f99388206321653eaa394d270b0807869e5644ea64cd095fe1c3c3aba88dba84ffe99e814b921c61f350bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
52f425d0e16ecabaf7c64941fc957ca4

SHA1
6862a3e13a1998bba552610463d65729e9758b97

SHA256
b3e3462096c27d32ca67f2240b4eeb46fffd1de26243ac2891e4fa029a4978cd

SHA512
06ba76d3c5916acbb311535e34b8099f6c7910484f478bdecf98a28173f6be82558e02a286ffbc9a0c002572950cdc3010bbe41d09b8a36401fd641026fe5fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
631cb06266bcd9dcbb083b61602b3637

SHA1
dc92bca194ae1bb1bbc4f87759fa4f5d2ec1ccb2

SHA256
b5e0773f5ea0c79252dc64d19f74ca467c279edd6935745da34ab8f3b3014df7

SHA512
8a00431340d53979da1b3bde73404fef07cf461d089742c33e3a69363a05bc375ec7d993e483600262848a104bc78c1bd73c4f155874239acd9c071b89514944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ba178de93af2f05a99c4eaf3df56deca

SHA1
c98a77c482d9b8f6d614265c9e4409b4a1c99e5e

SHA256
da891db229550b5c40cc97c767e1d66c97aaf9809c32b18d8ff66fc4313d6b2d

SHA512
3241ea85e68f9625801468a84bc9ce2863edd1d9002fba77c436a62a84fbba5c171264b289885e93278b4908384dd909d15bb547fb3b1933ed88e2de426446a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
a54a46dd9778b6d642c8bb1cac8ec15e

SHA1
61a3f154cb88f8380d82273bcd585bc9a872f827

SHA256
c28d99e6950be5715d7559f32bfdc226cb9181ef815f09f4b93d98480496f839

SHA512
d4217719990bdd194bb02fa0f8ae1216c7cb6d16b168bdd722a6c810d953f0b1fb7eff548cc2f1c8b5f79d5eace6dde643d73fa21f67877f702491376c31547b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
f7ee5fd6b5f846497f3ab686e8cffd7c

SHA1
a5c1097f3780299a1b974b4fa2b79799b97a0a90

SHA256
a3556d8c204cb6e9bbc3c0d0ee2baf048c838d444945d09e19bd3e0d4f2bf2c8

SHA512
0eab9156d9b2d6cecf25124b37137e0d44507b89a5026a6a8a4498e4b83eeb5a45681c5cac08d45e8b207c446626d4fd84a2b135e79cc4c92c745462d3ac44e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
b2d5c5daca93487c171263dc231ddd75

SHA1
efaa0353fdd11d9c6ab0c640e9dfb582dde10485

SHA256
d14d76d3e28c3a522e79643306626632c49c47204b7c3f7492109cc62495bd9d

SHA512
fd233db9031a601f452a4f770ade5dbbb22fc4def033bb098ad0d7bc7ce98f3de99534c4562ea15893e6ecc58c138b9a917af5376b41e1d9005bdb509fa054d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
4dd479ddecdc58f6bc0cd38c9d99bfdf

SHA1
aba16774b7d4e443ce97cdc385cdd088839dfacc

SHA256
267030a976d91a695a63f953b0ea64da77513023bb62c93a4a323bcde8a99219

SHA512
e940c188fcaeb27d00e29f89d3b8fc81f01d8610566123b5c6734e7d5051726d66d811526a8824089e687355b873c7408c4c14af80732e3af4d72f8f6266dd46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
6d95e3d947a8aaa8970d9fb7055d8b2e

SHA1
b3bc430b7fe4b1fdd4427580269044b83569414c

SHA256
27c79ecc9816ff28cd243e2646debab74c6cc19ed0596fd8a1a5cd8b3303ffd1

SHA512
391bd07cad96dcb7617b4d0b78078aae1edf097904e8eb7c43b2d4439fbaad8c7fcf263d0e24636c5cb85031bdb04d261c7150f237bd50e95a426a008e4aa485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
8ce17b637778e109c3c7cbc437d82d93

SHA1
c445f2bf07649bdcc6229c7c2d4403f2f7b96654

SHA256
ef72c57d52ee235126bc4a0a4e559bb260fa4a4d0000673e2be5844ceb837669

SHA512
18ffce104a5172368399560256032fe0687585073b6177a8c5adae8a78ef79643079754083c800e0087736bed403a83cc13c20c4b3e6ef675fae27df4512cdcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
550ee71a3b0c416335d3cfe2adad3eff

SHA1
8f93679c18d9b1177bb87586e76dfa448bfb892b

SHA256
a826570224088732869600fe8f2db4f1b8cb64fc93a4d6db11222eae87d30762

SHA512
11af40d5a616c1606889c1e0cc1ca8325f49b62b9fce56439f91cc4156f377c4a18ef91b9556acd75345a7df2aae0e35b7e02a78b5a9e368120b8023317f13b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
08895fcbbd8748d4a2ce8ac32440c18a

SHA1
f649ec34486248876360570ea8039a2eac3a3d00

SHA256
903a08d1b1816a2d72a4c7f882dde554bf03eebc5b7eeacc0ace5cb367e86a9e

SHA512
1a0a89f0049149d23164bffc04b54cf94f20ef14d67cf35bca5536df51c74b70a828cadbe546d1eac628b73f6e31288fa8a2196596792f42da64cd8a68418874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
499b47a15d4a5058c7e08c7f7572768c

SHA1
039e2ea7f96f093bc7acb9dd5ba45afdbac3ea0d

SHA256
73e059ca4203966e8913740b5f741cdd38a275335709050a0d42175eccb4f0d5

SHA512
3b57bc78e14b5658056bdd3509030d4f9b6fdc44faaf5bb21c7650d818117a87f3ff37bab7c808e84dba37425d54f8b0f5af7ddcd02ad6c2c867bdc5d216f668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
1a3c5765bfb3eba086702f05f4673570

SHA1
8e8566aed73db5666e829ab40ae006859b0cebbd

SHA256
37346407fb2992b785dfec8bb1c17f5a37d64f3601203662fd29ee507b3e92fb

SHA512
9eda33b2dd473c91dd6902c8d39947411786003a52139c21c8e1ab391a4d159e32a524562b0d34973821c35a42c81e435e0761d4dfd19e7a22efa7071023e2cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
1b35ee0eee85890d053096caceae4b44

SHA1
fc4299a8043074722c1907479b603b457b6f5d30

SHA256
03a49001b5fef043dbaa93448f2d3a13c7dc7dd56276d2fc76761f3aacdfc547

SHA512
fa66367069369e2c86c4dd7b832da74cd7d89e628dd50dd43a3c060dfac926afb1cba42b724398934782a1166de0d5678e2dd1781e2c703e0b756e95f7a6d653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
e89fd26f3291394e323547e1850b3fe0

SHA1
e838c2689ac3bd901f32448bf95ccba085d1140b

SHA256
e8e9f2366dc139b5fd0255ad519fa31bfabaffd6af171af66381b1409dd27f59

SHA512
21c75cbb30e9e5fb7f1e24a17e3ae327b1f207148ef44535d5615132e568f07f3ee4777669e03051d09b0aebd31cbdd543ff0accf84c24a3b295f2dec57ba7b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
7fb8bb5aa01e292271bf533176c92d06

SHA1
98ed3ba9314f25769dcb221dee8a0925f66606c3

SHA256
996fe6aa19ab86fa1b23f87ce2872fbb119a09645a045e8a0c2ad95a4ff57485

SHA512
89696ceba12ec573745a2d528b3aa39c2dfb0ef854e1e46deca9c93743d60ea3d3682e6b365b383f20b498aab176b748fda5b15c82b7d89ee2bb4c2ed83469d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
19d1b7ce55250a45b2d5332e818bf138

SHA1
d01835811178ba2a41d2a25784dbcbfbe8e7eef1

SHA256
263e72626643567a294b888dc3fb3cff36485315f56882ecbe7d1a7eb07ffd44

SHA512
78705b7b138d32c55ecb74540503bf0da89b18b7b50dd5fbf9fecb95e5b89fe38c1b845ee5f48cae92c99081376641e7765c45603ad96a0beff8e6daa2d7f318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d0f6ae66e7dc6fae875a99443f20688a

SHA1
8c802beaf8dec4ea838bcceeb911145c27be605d

SHA256
13b09c5d83461f2f51d783daec84e9c1ba5aaf846215345fc7ec3bee5c954101

SHA512
06d1f6ae34e50b5ce606b26b8f15cf76a5b937bac5bc53aca959f9a07453503d283c98aeb6f5369c9c646d684d2e56f16b7d72c38867d8d66851a08403651171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
bcac888732294ab154afebb7e15f9b5f

SHA1
d086cf9ed12185f47a8ff4ac274928cac822002a

SHA256
898fae3e085c61f851cb531688c774e1b60c9e8c295ca6e3914ad7a9ef7ebb8d

SHA512
b409ca3b9b1f23b03408711ad4af7d6b4c2cd394dffc2181bf0374a63e5cd5868e0f64307e7ad7151fb103f5ace1f11766289ba8aec2a176b8bac8a9c3b145f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
71fe14f1d42202a88f56e666e43556b6

SHA1
3fbdaeeb7dc46bc4b706bd566922d216170d8bed

SHA256
068f71f5056afa2e2b69429d7dcc2fcc964c97298209427be047d1229a0403d6

SHA512
a4e503732bc4578e11bee84dd1f1e9ffb916e0f10978835bb8e8fddeeac01e3c9e70a9a7f27f52bdc628a3741b65cde2e6e6ba8cd58ad4b9b3e00bcc594dea19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d66744140fb09108d6574055d8c08c1a

SHA1
0890e6cc4e7bca7dffa08c726d1c400dce72186d

SHA256
8d25f7823f765bdabf87cee2019bdaee68605393a5dc04ada1c34691b6fba5ce

SHA512
5f2f718b9bab2eb3afbafc000205f0cd0887d4d34109fe321ef635b8110ad700d76670e58659f10da2dec081896127adf06db18333d66267804e4a6d25a7e5d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bde1.TMP

Filesize
371B

MD5
b86d3e7a5cc886348782dff31931658e

SHA1
dce3060b003ce569b4ac6f93dcbfdd069f51adb7

SHA256
55902bae26e68e755944d150667a9b967a9dfd74a8a1c5707afcad0d08c23760

SHA512
ccbf136a211080e6263d087b5d3bf97dcf000b194432faaf63f81513e2f1c39c8c62cd2acacdbe8609a041f31b14d0a98ec6d570d67a2076528e6d95e8f6452f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1341dea54e2a40df74a665067fc553dd

SHA1
b0bed5412d00874f023af54242ada9857b2a7499

SHA256
dfa31ef33144c55c197510d2b7b9f0a2f214b34692aea618a5c866b28524259e

SHA512
2c307f5382b7543748e2f68280b9c10cf298b87c725ce7d832efbb9cd976d878bbb7a3f4b58f6e81819f95f54e8111da8654f8760b1672c66e4ad02539a4a667

Download Submit