hxxps://www[.]linkedin[.]com/in/michael-allen-b304973a

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.linkedin.com/in/michael-allen-b304973a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3803511929-1339359695-2191195476-1000\{E0212100-EEB9-4C42-B18B-1E5DC3FF983C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
3864	msedge.exe
3864	msedge.exe
4760	msedge.exe
4760	msedge.exe
5076	identity_helper.exe
5076	identity_helper.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 3572	3864	msedge.exe	85
PID 3864 wrote to memory of 3572	3864	msedge.exe	85
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 5116	3864	msedge.exe	87
PID 3864 wrote to memory of 4640	3864	msedge.exe	86
PID 3864 wrote to memory of 4640	3864	msedge.exe	86
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88
PID 3864 wrote to memory of 1124	3864	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/in/michael-allen-b304973a
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3fb46f8,0x7ffba3fb4708,0x7ffba3fb4718
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17521421085238705485,2344390763807606519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5432 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
87e7313bdb953fd86b744d606b36197a

SHA1
576a9bae1a57b303766e540be53316daf18b3962

SHA256
d6857bd702319b8d4e8c78c4bfdefc7140035d654caeb4b673b9a0ec28755ad8

SHA512
9a22cb8678239a947afed7b37572fa6b3e4fce127725a78f7c240a05b452a57888b1489584ed8ecd6abb976d06e64e2145ffb3c70e89ea63f626f2b77d45aa16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
79e71ea6a2d326c8af21b693862a6700

SHA1
288c0838721599a0819f76e9925eea6c66eb74c3

SHA256
90a655bfb618eab246fe380982bc7703a849bb537051b7d0bc0fd87ad3618e93

SHA512
078ffc41264313ad537b4dc9f388c4344c700abce2248f46669199b8012762e007eae55298c4ea28ff21bf5cb5803de961e7298f5084a16a941a10869f87a1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cbf9c8f89a9fefc675d1da9dcb605983

SHA1
245e815472b96696a30c831fbfcc2c5e43518211

SHA256
b81b2729f13619147787adc20822c3caed07252470eeece8265dfd2a728484b5

SHA512
43df8539c6a1bcfb14843d636268a15b84c291a04c76db077ab2745cbb2b2bde69a0c8b4f452ea8ad6aa9a9f229065f47d3ef7094bbd4d95bce442b9aefb0068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
787a52471dcf445b2a385c46297d7810

SHA1
9b3b885219d5be01f0be509f32d07dd15ab82f29

SHA256
2244860bee71e507dcf937df25ab7cd0cfd725c4c57406b35cd4cf3a715ae39d

SHA512
0956a97982887f2f26c7cc3b8c2824bfc88d3cb04721362041bd3bb800aeda2496c0f54524b714c1e3811d3d083251638d746f6adeb9f2add0c6931d76446e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
ba3ce05d380992cace904af850cc01c4

SHA1
c243caa52e785fe084915a81dffbdf7bdbad7682

SHA256
ff6497165b370b72c6a2d751ce4249b417fc35d7dff9321da815e98e614dc98c

SHA512
4c21a3f2f10ba1eb74287d2dbf272fbcb5b32c59dabb011897ab1f140469c941046f92bec80467c32763193e877b7580db0c61fabffb4ade7a7fe8630ded4876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4511157e74e9a9359553d49f3ee65d8b

SHA1
47a030d1b04d3d8a6796df943e65ffab9098f1ce

SHA256
fd84bc5655185b5d0c3f8a9a1beb579aea51c044e404afdc9b1de396371d05d5

SHA512
35d8ceef83eecbb70597516b17ddd8368d6b5401a43bd1c06062be4029134c703361245af3b87f26a4c944ffb69077e0690b7bbbe4b1c69ec3666cc7154a3f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
adb840c10056f45df33f989512bcce80

SHA1
198d1b843c74e5a0e71d8b679150d5bcb75efa7a

SHA256
08d97c345da50d7d017aa218e691c97286c855cb46d017548d8b3dd1e38f83e2

SHA512
3465c304f007424efc7bbc8a7fe57c6174cfe719aa1b238c1b999009b6296c9da45515035a895a012fc35fde51e01dd0f5bae70a70feb62ee27a30331a73da9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
0e94305e59b1b1c8d4f374c30dc1a446

SHA1
a7096f5e48a2223c5160845a0a5ae37772b3c35a

SHA256
c7a300880a2875dbaf92d904edd0bf682e17b839647a9e94195f0c74f5239bf2

SHA512
92e2e7bc258db689dfcebc8081a51fd4210966d6f327b2971a18960338ef0e7ee72db46abef408eae4cdd29c2d0f51e3b40921c0cf9c637e53b3a86a9d781f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
ab29ce4c9bc85c630fc16d4970207b72

SHA1
c4124bf4d1c4c12ed6e25c6887bfda7b1c56a71b

SHA256
745b46ef76490f716a47703d1ab2953e2bbb95d5dc5d4220a45a14ba09eb093a

SHA512
3181da31cd777ecadaffb02c1752016758b2aa3fdecd8beaf66923f93a4781bc2508d08a1366700ce9555857db75d146640c0b1e2ae57bd4332dbf843975bd8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
9aa967179fb0ea8ae7b970f4d3e43edf

SHA1
7e87dd3b2ceaf20ae97ff87192e233dbaed61072

SHA256
374e19651c46ff76bf42a8372353bf545532d4278fdb85ecce552337be1819f0

SHA512
d859581cd516419f735976a9fa6fa356209d6a0295bbfbaf97ae9671a18aa2ccdea89aa0aff35808cef82a5373c6becc4af7b83f02b67edb42c8144afcb31d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
b25161bd1799014657923a8d480a3847

SHA1
8b0d5f0e292a8338692b85e27f33a474f3bcfc17

SHA256
82166b835eecfff0d7e409252ecdc481bf10c481ff9c55908f63b5d684373913

SHA512
663595272c5390565406984c1d00cb0e946d296fc4ef039969f1f3b0470b9c0cec1f9319801860a58a12df778211bcd890143e0bbf86bb1a7b71d097a1447af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
6c2c7014d386b095a45490c3fa82f91d

SHA1
8d2ec22f0d145127ddb32c0b03d1ff598a96ac90

SHA256
e9a9ba11b48b75c0584678dcf41075252a3df84feb7c77286c9947a01ff9c803

SHA512
5ca14b91f6d3e95cf1577fc45cfd4639431ec109b51a71fd6b6c0b27f9d00212ed90eb914c303e09955910752ea1f1567c590855aabf85c8452f9a1b455db1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
5b6bd2f4954343b8f1b9aee5bb38f9e3

SHA1
036e0548de1bd2fbf1a05ea464e5e98d299239d6

SHA256
eaca80237eb3ae9f7296612a552ca390bc3d286f6d90e7fd170ec1c23b6d32e6

SHA512
48cc846f95c4ac8ecf9bdd35825f8b6701045e2b6d3f9ac7aa498631a4ee45291f447aa3ca38efbc8c3073ac67095de2eda89cbfde03fc6fe6fad9552cb1a553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
dcd0e8a16db9985d2b8228950c118654

SHA1
f1624138c0b583f6b42dd0c1b8fce3ca6a6a99fc

SHA256
b02324a5ddc520f16b093ca1d3ba4e02e81969bc5c8e654972717de18e568058

SHA512
51397a637e40406b343c4cc33d420248633711eced57f5c02d550734bcff2a143b9f4088624ef6a6bd8c0bc39ca632646dad0f0ee30a3c478871a655e80ac403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
bfbe49cb0cbcddfacc5b8302c71b87bf

SHA1
a79f8a2f88cb88504b8fdc2e90436f4f02284557

SHA256
1cd9236b4eeb4f7abe8c46c71374f8705eb2e835dd03cf88283aa3705173d6c0

SHA512
71d36bf3ee14db77bf2f2f7037fc6034cda5877159b045b09a3981e7612a9fdcbf3d871e79a30fdb2459bf83c9c0c8e2b03f861a7db601418351b0b1d5c4ae70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a930.TMP

Filesize
204B

MD5
b9f0b7776361d633c0a208cffef1f237

SHA1
4b73219e2f7dc006f68bb6313f89107f69ee2d44

SHA256
6ebad0bfd7bc1fb3370b15aa85c354899064a111c66cb567825ab48fd0bcb0fd

SHA512
9f93142a0d9a24df7a35ae5f61ee381f8a332a214ae6922889f2a080a4579d1bccc20312507fa0934547ea84ad8d8b0f383e75a16bc95e9f9490d8da066ce044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
068a72bb1ec99ae6579c3b793cb124f9

SHA1
f72e939ef87aa75bd11beb34cc1d55672099d36c

SHA256
3fd36f29bb651b8ace0ebc4e42dc4405a470d8357d02979e06f6566b446e943c

SHA512
b82ab796e919825b00cb0cc8ee224bb4d4218e28c1e8f4f9720feacf2800faa679ad529123705e279df43cdf5bbd1282a0b8c125f42b3200d3f06be5d0cbe4a3

Download Submit