hxxps://lln4[.]ru/

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lln4.ru/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2308	msedge.exe
2308	msedge.exe
1128	msedge.exe
1128	msedge.exe
1316	identity_helper.exe
1316	identity_helper.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1128 msedge.exe
1128 msedge.exe
1128 msedge.exe
1128 msedge.exe
1128 msedge.exe
1128 msedge.exe
1128 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1128 wrote to memory of 2624	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 2624	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 1628	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 2308	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 2308	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe
PID 1128 wrote to memory of 3096	1128	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lln4.ru/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac9f046f8,0x7ffac9f04708,0x7ffac9f04718
2⤵
PID:2624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
2⤵
PID:3096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
2⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
2⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
2⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,18297128409297023956,15956489153482356146,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2760 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
90dc768bf504faa639bd3ebe3e7acd63

SHA1
05626c36fd68f7abb873852848ed56035392b3de

SHA256
72620a07d51e3dd1bb43c0d6ff8fe9fc6cc98cec06d083498f5a8ab4c7138490

SHA512
524b8c5861b522562b1772f1a4c4524e581eff5ba64672b0ce94b939551f9c23e032cab71774409229b292cfebccb5b00b6ec1124a5cbdfcf270ab460a302257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
245B

MD5
d7adc131105558694bb8773183e4d505

SHA1
79aa3cc59f0236eaa2ffacac146514d05909cc76

SHA256
d7457b284a96760bcb783f5236ca961e6ff4eda25afa8e7e6787861a580a7a72

SHA512
8c059ca285f94fa2ced2a29dac5fea9a5638fbbd4a423d2dbc1ebfeffddda6893b0b9977a7d2e365e6093f5f5fb228442e924538b8686a0ddc33fd2a09070eca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4567c01596bf6140a9121965b39cc0d7

SHA1
7a3534d9e0e073577551a4af35c1cae5b304a263

SHA256
48273c419646e2527c4c06811f9deaafb87c40aa229427529bc1546e41653ac3

SHA512
36d4576cb8d0fd90121c2be93efcd036c78bd2922d9a2f3592df19b5cad698ab0c9fcbfead5349116b60398ffc5dec3100e98c3fef8963f537e3e6ef49ffa68b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0828472cebce9843b9319dc19e8c6ff0

SHA1
7311eb13eefe67bc7bb1bd74a359b75e4f2cd7d3

SHA256
9b9c393bb462d84a09638d02cfb879203621d4111b70b7afba76a311e25c3341

SHA512
bff2a3b5ef86f4fc6d8b3ccfc6a30d0df0e1c2b213fd68a413e21c86bcaaa1262ec10f8a8e81bc04d755c577c1049f0ed63a992381159a1ffa6897029d228f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
a1df98196b87aa6a13961db26c22f427

SHA1
bff3100985e07dafe0841270d63553e9182c3400

SHA256
14d47361ecde055b56c75c6acae5e1357d5aac16b0d1aa8776435ed14fc82347

SHA512
12a8cf656c38bb61840442809c2e246363c8482ae65e7f3682e9cdd777abdec45008d730b69d09c2a51656ab1e224b96880a4a9bf54cac1087779480d31ea472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
22b1ce433c276441b6917fe5a267e9e9

SHA1
b3813649d5f285c68f5add75ffd9ea113a2acf49

SHA256
9b73a4e719894b120a419a3767569fcd8c9567af0ec4fa2fe30e0343f2f3f073

SHA512
d0537817f76e0193be6c4c81c4961a5244a0f6f5b7f12b197296d172d13ed5bbbc84637d44855b2a0fd4a5ba80d21540a6e04eb266b933dc8be67ece7107d5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
602910005a96201ab8989960fdaab33e

SHA1
102ca8ff9dcd09b2d859e6ee107cce1488b93fb2

SHA256
73bf4dd10a96c6af075a4fab025d62f2d6115a7f065cdea9b449bcef0bdd9fda

SHA512
44e1b4379679fa9f773964abb0bc45ebe5c7273caaa199f3c9da875fbf5a8207c4c2fe6e1d366b52ef17bcd3185b4d5174e5c6dc0463b51f16049db7ee1125bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
e53a9fd6ea977845734a8bcbc43acd71

SHA1
afff33c2b13883b2f6d75fd10d54f154118ef72b

SHA256
ffae86ad34c14a0db07a73c225d03568d2c57d8343b5a1b4f3d6da2b9b26a8ea

SHA512
e66d8f68974a6e21a3ac53b36e25887aafa26aaf33f72d01ac88bb0de4bf92a8a2c62ac9bc7462a9b8bd7f8de25f27bce7259e0d216e1dd9fb32da898ad187ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
995862bc87c620612832ca91da8f0146

SHA1
b8a7d8fa7fb354e2a8f0f03023592c88a3c6518f

SHA256
f256b5f093ad2966d036c8d4ffd185255c37a9f25c69bb2c2c3bfc414281271f

SHA512
e4812d66936a5e48cca25d1e16316def8c6ec9b46a67c53c516f45e87480f0e13dfee0bd7c7da599a90660f848ef0aa25cc56cfa7f23f485b9e28794836c8027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
bb653376a95a635bdc20c94406a19c4e

SHA1
9857e7ed317961ac47a897480308a1375c7256c1

SHA256
2ff9c19c6e2621135add324639dc0a3ed7c39e048e4ac00176af865b6bcccde9

SHA512
8258b27495040cc0c1cca48a180194da6e1dd0873d822e9bf7b78c427eca15b3aa5996c88eaeb6ec0e08d240e784c41346be1e2aeb7f4ba4e10be2dfb0adeb2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
baae301f716240653dd8b1e3936a0e17

SHA1
086feb06984db3b440e799e106fa7b94d25e60ee

SHA256
056f3778c40e9804b1340eddc171842383ff27919b71cc25eba2f638fdb0f565

SHA512
72717b9aed0764a920ae43128690f35c8b72c56f9b3d1e0b1ad4ae6cc20fc34096bcfc251d77196f7e0a8f64c31d5672811d74e32f8cb249a81fffebb9ed5c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
9361f857f6a5858ffcab8166f212fa4d

SHA1
1da46be7e5df228ea63287e6e46223bc234b335e

SHA256
903942d4be2fbfe971354a0f8e90589df00fb8cf746f9c497fd3025b6e09d930

SHA512
e6765cbb2933e6ea8ce6d80f38e03ad735479f5713378bdb7c1ee935a736700f84817814e415b0125bfa1cccf48a309aba6bbeca93f523fdee607f9077eb9b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
3e93dbcaee75fb247b6b329b6a0b7901

SHA1
5d8ac972e7222556334e77a204d55bbc8a05ec05

SHA256
2007e18e346ce06e560c9f55c9efdfae8f6b4fb3156555a0ea3e0a95afb89a66

SHA512
baf1b6b20eaf9fae9b16d8003d60524f34c93f74d8029e453a5bb73ba5b3497b50dff8a4c049157ffa8c972f382b7271b58c71ffb511292b6aaffce69e80d79f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
bb745c2a6f6a21ac0773df2e15446e8f

SHA1
c509f28ced69f3b9ac35ad2b42b27f9797a481cc

SHA256
768f8100ac361090f5649d529463d56be319f310b1492226c0e10b1aa3e0c839

SHA512
c230cc3600dc62ddc87ab36441ba73c36432b54be3eff27f3edcbdc6e629a7cc748475e741fd712ede7973e844cee749b62dbe94750599f0e8d5380662730f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
acff176183220fd067cef5d38eb41dc8

SHA1
9163b24e034889b69419dfa0439f7adf336f1097

SHA256
cb2d183a32310e6471fc8d932e16e0e4b5a10b725ba67984e9f236e3b4a29232

SHA512
85a3a44068e38fa850b9c5a2bcb1392f4545ce2447e8ad6b61c65b3b96bbb4b9719cccc4daf5a8c4c0b43eb39991e837acc06c47d082b638356e89655a402d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
116e486d8547f06895b7e80e5c4192fb

SHA1
51a2aea0734233be16b9454d0f487e0b5ed9ec19

SHA256
0ca39ca9f2e87f853faaf5558fa9e393e92e00d419602832faa84df27ffd46e4

SHA512
ea33b290b4edd4cc7490d98cfac9803aa7502ca6f0ef97b72cc5671e643d3f4d4828a91aabf9117511cb7996854f005452a23097d207fe3b2208976e0a0c1aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cac2.TMP

Filesize
539B

MD5
daa382c2cf563ae61a03f8dce7ab1011

SHA1
a1f7dcca1184f74e16e63d84e96600c0884883dd

SHA256
34895b8ff5f0bf8d7575030ca975865855ac935a68516e87bc0f36e87bfe61cf

SHA512
0887597be1af9274d5815e56ccfb7d28d89dd94430eefc2ca5e3720a5ff07842fcf8439ce77a16c260b673f1b5d4444372a30899e1c27a3243f3df62d78b1ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c21e0bd22a41994a1cab0d7df9b509d3

SHA1
c9530bf09d9375ddf75faa230cd8968b2fdcdc73

SHA256
bfbf8ce70989bcdaa27d2bbae0498534117928bbea94bed61e22aae7f3ab73c3

SHA512
20ceb2f1a664984252ce028f4f66a509f455a48e8310f1c8c7c1d150bb3c68c6a58778dd4f21290db0983c22123ae78b3447ed49b431bafe132f23007d1a91a1

Download Submit
\??\pipe\LOCAL\crashpad_1128_FBWLIVWXOCBYKEUC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit