3ef278e1756f9047468ccd39554be942c062266b12af06676fd8a0f5b586bb6d

Resubmissions

14/02/2024, 05:23

240214-f3eclabc72 1

14/02/2024, 05:20

240214-f1lc5aaa7v 1

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lucas-sim-h2-3-25-bnzwwh80xxwfp1s8.html
Size

15KB
MD5

174dd7386ae5ef6b64199408482f8558
SHA1

7d2326e5fc3a3553c0b5f2484eec90e9bc493146
SHA256

3ef278e1756f9047468ccd39554be942c062266b12af06676fd8a0f5b586bb6d
SHA512

8d2b897f001c56667122667a93cb633b818055c8517b4657275836b49ec32cae7e4d6b5f290fdae0c407e8a0ffdb6511d9bd96f1b58a2cfad2463ae69d24e4c1
SSDEEP

384:eDjK/Wn9vv6W+fBKWovyD1P4CFDgQRMRrQR3RCUHrqx8GYeRPVyZtAvqdzOQJSCH:eDjvwDdZFDgXVV8tAMzOQJjDjo+I4J

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4292	msedge.exe
4292	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 1948	4292	msedge.exe	70
PID 4292 wrote to memory of 1948	4292	msedge.exe	70
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 5096	4292	msedge.exe	86
PID 4292 wrote to memory of 4844	4292	msedge.exe	87
PID 4292 wrote to memory of 4844	4292	msedge.exe	87
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88
PID 4292 wrote to memory of 220	4292	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\lucas-sim-h2-3-25-bnzwwh80xxwfp1s8.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbddc146f8,0x7ffbddc14708,0x7ffbddc14718
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2364584732680180047,16723674757095665571,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,2364584732680180047,16723674757095665571,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,2364584732680180047,16723674757095665571,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2364584732680180047,16723674757095665571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2364584732680180047,16723674757095665571,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2364584732680180047,16723674757095665571,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
55KB

MD5
88e1e90ac5abd755ed54e65e666784be

SHA1
63f5c35647c8960bbd8aa6cd661d9a79750bce61

SHA256
54ab59be1c0a91b6a5faf94a7ce272a7639ecd354a7350a0c290acc0fd042bb1

SHA512
90adb93e7f3c30b22aa7fd51508a27374b2ca328cacc58239fb0a18630eab3a5a6a0ce618a55f17f021b38d19d0cbfed3b108be382e335cad2b57328c6496a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
32KB

MD5
f9dce4d9dbb64450608c56b1c1d77ec6

SHA1
48da04b88e675c85d48641c040a6e70d66432f66

SHA256
39037edb7ad5eeba45c93b4455021807413e1f5b46df172078f0757514cf0cc6

SHA512
90c1008632be1f91f066393f85e41ccbf2b3a72be642cef151aa397aca8f476809b047abb15b1e1fc41dc4bc1a4f6c949faec4ca79f5fc15cc15cc7fabeefeb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
81KB

MD5
7921941276ad9af5086a53fba6d3189c

SHA1
0885c3a66a076f8e7a7c811ee39af5b9fbde259f

SHA256
8f05cc372b11c065a0a8f2dc29b761724ef1b96a80987f5c4585b55db223f246

SHA512
241297c3fe1ea43c4ccaf60e629f33e1288ed2dc9356485f2884502f4b5dc3ee8e6776b45ec53541448c2433de9b57089d0110c2f616e94abaa2eda22c2233ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
221KB

MD5
66c6e40883646a7ad993108b2ce2da32

SHA1
7a2602d2ebb08ce895e33addb6fe595f1029431e

SHA256
17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3

SHA512
8a166f9044346cce8ca92b00f5dac0de6d0ff64ab72fbf390a268049fffb72be2bda1397ae0ee97e37cf33e3c309cc630a638ab9151f944d8d05ad652d6cf261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
219KB

MD5
4aa40a3a3e6bc0b62792aea1304e0e54

SHA1
4ed2acac752440ddfb2bbf968586ff2a209948e2

SHA256
67a271fc950f9caef4c3df9169096d78f59906bae78c98c518905a489a9637d3

SHA512
437d49b42aec3f14374aa4bdbb67892f363a9841c5b6011c53cfb49426793762c8af533865754bee7624a9882fde9a12983a6ed647b606f8ef182da79b7edbae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
37KB

MD5
a53a301add60a2e40faa720af2e6379d

SHA1
30f00edbc888b743a1a7a107df1bfaf9b7ad7605

SHA256
a6d41f3580fe37e16a7f8bbe6d599ee2f7fc9a8943ef509b43341b2b00157d5d

SHA512
448c437c722bedbfd0e2764486b144fbfe83786f37f1756082cecf807374179426255e2d7848176db3d9f71e287c96f578a399db898e8d8fdbb9ccea540c6290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
51KB

MD5
f0c342c7069f3b19988f88bd6b987634

SHA1
cc700f1db5f198c26a1357b3b7b692958064a6b6

SHA256
e3ded29ef956889943f75b745d1054f81b83e14cf0ec71dcf3bcf0b8de6e932f

SHA512
f4731bec2558893f47dbeb07f0743c8bfca913622639b3bac011b89f7f51068e8c1eeeea255d98e84bb61e18a3a1709926849c65c59841aeae942525dcbbb2df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
582B

MD5
75f86dde6d2400b04c687cbc2a29b6f9

SHA1
234e792b27fcf5a68fdf853fdd43ff425f641358

SHA256
8aef04857f64cdac45a814d365a22e808cb7515ee962e4ae7e1eb36909382da5

SHA512
04587bd17329a67b51a7e4e0a80150316a293b6580fabade11f8276fdf263234194dc7f2fccf25cc3522946f2c3cea244ec4d7237ef86c4ea1c9ef7f1ffc9f2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e380f523f1306cc031b57c14cddc7dc

SHA1
85e37e4e4ac35ee98418164f0551d1a2ffb4d063

SHA256
98f60eeb61be31b3f0b724309e29663c8842010e50a9a530b28cbca225c07d4b

SHA512
6f39bcc11cbf1bd78af68e326ae5bbcc273b216c9a5aea057cc5cfadd2bac4cdd51f8c0d00f8e51deab51c332cb9593121259606c529ab51429bb6da231a058a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd9676de10a9bb674f829595e140c619

SHA1
cc15e3cc186a7826f1eeb9b062d913c8c4514ab8

SHA256
ee348a8fbe05177a66332479a5254801e8168324ffa60475b125490d3413364d

SHA512
b510436d5308d52595875222694fcbd6867b61debdbf3fcd7856f8a3929eef96c5742e0d02e12c03998fb45e4e5b575a6f16b95fff59fdbd4065c2bf68d8a7bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6db2d2ceb22a030bd1caa72b32cfbf98

SHA1
fe50f35e60f88624a28b93b8a76be1377957618b

SHA256
7b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4

SHA512
d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
e363c50801feef5e5880758c55145e65

SHA1
73d1c4fbc61f30fb47badafe15d41f76bc5205a9

SHA256
a70a13087cee7f44052096730888250777244743dc76e098e34778b44db28e55

SHA512
dbe98bfd5ec002049a36377d777d418c69f61fb7561ad218c0ca80a18b06485b3a4f1bd2b13589d79292ee69db6fd400b3ae26678c2656e9456e0e833a6b6356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
7779726b669413024ce50fd7f009e399

SHA1
67f127834e3e48722cfdb3a231af8013250a32c5

SHA256
3e69907127e764ac1fd262525f82bc75d9298f521c01154f8f44290e97a16d02

SHA512
2a3814f9627d07d690f4834302fb337ccec1c6f74cb6fe23d8ad1b1f1f2ec6b0166a23a58c981506e6df0dc2da4332186586bda2cbfd1958e0cded717b335999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
8bc5691b8583f0711bc44eeaa6977242

SHA1
f10860675e19994ab6d622ec0c0b77add00d7c33

SHA256
8aa60a3b623700ee1946866dc2888c78f5aa66cf8cedae0ac0c9acf270c36898

SHA512
f377a99c68fb74692f6755c524a3880c854592e4849348cfa87e7b0883ba6a917fd5fe834c1e3dfb20c2c2ea66c93820e58167c386d1c9370882de7ffa4e6439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
9949b359882204542d1762ede7d93552

SHA1
83b5e03e4d3a1bd849450549a7ede8362f9ec673

SHA256
8ca36e2a06a07905c19173f1a5b56af5901083508a8031f449ca30932a551bed

SHA512
5560923e2dac727d347f94f5cf3f2978d28f734cbe389055b5b4c29522d624c0b47bdd2301a7ea0727ed73de3b525f72c899d05c04630087e0b32dfb09679f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
9b963b474aa231f7a8922e61be0d3c5b

SHA1
2ee91b8aff7ed73f31d00b328ee315835793591d

SHA256
5a73b5b3e5e21e2e98e0656987bb5af50601282b1305fd96a8fe05e7b248f65d

SHA512
ffc77431e5aa593e82ff4d3dfbb82b9e2590002f5475d52d072c5a210386c16a0ea9b1468eb1c2bb1443530330b03f150273ff97bba34b2b65203be2354cf501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
7cac2581e0b832b47ec8b21d19ca44ae

SHA1
69f7ef9dc81aa82b0d5234e229b24604d95ea2da

SHA256
798734e1d1c75fbb16710a038f6f1de3dab6c7c48bf950f80d7f265a8dfadcd0

SHA512
37fb5e8c0a57b1980cb5f0b037ffff640546a52a876ae2f20473cd3dd607eb3dc83a9c4081bee9d679f1f149e0f1c2e0cb51a0826caaddfb5c75671edada8c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
fa028b32d95311717da57f7f1d6250b9

SHA1
4aed527d57f4c2f60d2f2c3aeeb401fc13d3bf0a

SHA256
658c8c98a57f277ae45ef129c47da1e3627962e598c98fd10ce3eaed75e709c5

SHA512
bbbfa25c2c38097e3d8db1b2a597ad7437e2f72f2d771a2a7f1630516121c01122858e612189b85cbd69dd56a6984034349b11772ce8cb97ff164afd3e939cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d62c.TMP

Filesize
204B

MD5
bd9647807dab1a6c6eff5511a97b9e49

SHA1
61070a88ecb485ca0a7d8a415d72d3d980d09388

SHA256
132a77fc57a7f7236c2b79cdc6768d05c06fc16447b1bf7f687e6fc621ed43e3

SHA512
4f3f658c8d3f680a669e78d07088ed4ff780903239ec6b7879bde4109fc049aebea0f7f94fbbe66cdd4ab19fbe15bae4085e13af2817304cc35311f4e9af54d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b03e3d84b9a90cd15913988ab8031564

SHA1
1027ab16723666f11c03766366bf6b32d53363b2

SHA256
3acaf91acd03428418726aadc4fadca9cfc5812d34875ab24761c4bdfcee93d5

SHA512
ddea4f788b21d257f42914e449dec5fa8b80895d8fc6c41fd3c0c148f534e759d740b5f7349b008c00132bf2a97a5affe685cbe0de606ad414c368fbc1820373

Download Submit