ed609aece09fabae1588f32d50d67e3cff6acbc3b1d7097a6cf757af613d61fe

Analysis

max time kernel
153s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lucas-sim-h2-3-25-bnzwwh80xxwfp1s8.html
Size

15KB
MD5

7bba7439916165fe4e9a82bc24c1979a
SHA1

1171be3455d10407a9e134f775b35e530a8d18be
SHA256

ed609aece09fabae1588f32d50d67e3cff6acbc3b1d7097a6cf757af613d61fe
SHA512

b5a66fcfe8d428729e27cf2deb887654c31dfbd23b95881a36aed585045d5911cc299a670c27ab9a8af06cdaa54c80687d075eaacd397fdd68903da8f57240b2
SSDEEP

384:eDnK/Wn9vv6W+fBKWovyD1P4CFDgQRMRrQR3RCUHrqx8GYeRPVyZtAvqdzOQJ4oH:eDnvwDdZFDgXVV8tAMzOQJDDjo+I4J

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
2712	msedge.exe
2712	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe
2712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 380	2712	msedge.exe	83
PID 2712 wrote to memory of 380	2712	msedge.exe	83
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 2632	2712	msedge.exe	84
PID 2712 wrote to memory of 3440	2712	msedge.exe	85
PID 2712 wrote to memory of 3440	2712	msedge.exe	85
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86
PID 2712 wrote to memory of 3224	2712	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\lucas-sim-h2-3-25-bnzwwh80xxwfp1s8.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd9e846f8,0x7ffcd9e84708,0x7ffcd9e84718
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12297639308266449451,9251327199904564179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12297639308266449451,9251327199904564179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12297639308266449451,9251327199904564179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12297639308266449451,9251327199904564179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12297639308266449451,9251327199904564179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12297639308266449451,9251327199904564179,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
55KB

MD5
88e1e90ac5abd755ed54e65e666784be

SHA1
63f5c35647c8960bbd8aa6cd661d9a79750bce61

SHA256
54ab59be1c0a91b6a5faf94a7ce272a7639ecd354a7350a0c290acc0fd042bb1

SHA512
90adb93e7f3c30b22aa7fd51508a27374b2ca328cacc58239fb0a18630eab3a5a6a0ce618a55f17f021b38d19d0cbfed3b108be382e335cad2b57328c6496a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
221KB

MD5
66c6e40883646a7ad993108b2ce2da32

SHA1
7a2602d2ebb08ce895e33addb6fe595f1029431e

SHA256
17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3

SHA512
8a166f9044346cce8ca92b00f5dac0de6d0ff64ab72fbf390a268049fffb72be2bda1397ae0ee97e37cf33e3c309cc630a638ab9151f944d8d05ad652d6cf261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
32KB

MD5
f9dce4d9dbb64450608c56b1c1d77ec6

SHA1
48da04b88e675c85d48641c040a6e70d66432f66

SHA256
39037edb7ad5eeba45c93b4455021807413e1f5b46df172078f0757514cf0cc6

SHA512
90c1008632be1f91f066393f85e41ccbf2b3a72be642cef151aa397aca8f476809b047abb15b1e1fc41dc4bc1a4f6c949faec4ca79f5fc15cc15cc7fabeefeb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
81KB

MD5
7921941276ad9af5086a53fba6d3189c

SHA1
0885c3a66a076f8e7a7c811ee39af5b9fbde259f

SHA256
8f05cc372b11c065a0a8f2dc29b761724ef1b96a80987f5c4585b55db223f246

SHA512
241297c3fe1ea43c4ccaf60e629f33e1288ed2dc9356485f2884502f4b5dc3ee8e6776b45ec53541448c2433de9b57089d0110c2f616e94abaa2eda22c2233ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
219KB

MD5
4aa40a3a3e6bc0b62792aea1304e0e54

SHA1
4ed2acac752440ddfb2bbf968586ff2a209948e2

SHA256
67a271fc950f9caef4c3df9169096d78f59906bae78c98c518905a489a9637d3

SHA512
437d49b42aec3f14374aa4bdbb67892f363a9841c5b6011c53cfb49426793762c8af533865754bee7624a9882fde9a12983a6ed647b606f8ef182da79b7edbae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
51KB

MD5
f0c342c7069f3b19988f88bd6b987634

SHA1
cc700f1db5f198c26a1357b3b7b692958064a6b6

SHA256
e3ded29ef956889943f75b745d1054f81b83e14cf0ec71dcf3bcf0b8de6e932f

SHA512
f4731bec2558893f47dbeb07f0743c8bfca913622639b3bac011b89f7f51068e8c1eeeea255d98e84bb61e18a3a1709926849c65c59841aeae942525dcbbb2df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
37KB

MD5
ca056bb1068eba6b67344051b2dc9270

SHA1
9c0ea3fe303c1989d08750d7f3b4f1295acf9da9

SHA256
2f416bf45b56626e0c095c6407d8edec0ae97c8506b1cf6c076277f18c1db9e8

SHA512
7d4a804ff9c5c296044c2ebf51e5411ba0fffaac3e279369696c795a0fb0529c29a77fe3fbb2818d62a58e59c01d5f07e35fedf0d03115d3f7864a0dd873d9a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
583B

MD5
90dacc63e42d57266f7fb766df839b86

SHA1
7a2f811a1f02b8ad7babfd902b7d8c864ca117aa

SHA256
fec5330ba3d086f43d4083321ee2d1b613551bfe04ef74a866004b37178fa98f

SHA512
05de825b5a2a29a9378026d20c9db812e4afb320b3ac714225c0359054da545c52dbfc2c637e0d35f8e20ebd4ea06263df5df989e3be9d1da1ecf1d2426037a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56647be1d2c208dc9d3b43ec3512c56a

SHA1
2602e17e78908a2e279c982e30684c5a5c0ca23e

SHA256
fd398940d14c332e384dfc72f571b6e0c6e8aa54f26260376a9e4cc62752852e

SHA512
addcda164360256a86d95a757cee2cb7527d9c25a7e025f53dd130e3a9ca2630ef4c461ea860500deb1aeafab8159604f24365c026f53655e3a63870919b2b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95bf2bd8d0f16d69a0a72870ae0d1ca0

SHA1
647d57b345364a3c86bf84072eb9b42bc3e827df

SHA256
df489779f099ebc01f872a25cd98c6efa9489a4748c63cdaac55bab388d8993c

SHA512
2f702d96f35ec882a298b3942b682b156ebd1d91c9ae76468109c8a563b3317fd8abc7d167017efaee224df9472715135d529900a4b7eed8245f33a7c97d034d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
917dedf44ae3675e549e7b7ffc2c8ccd

SHA1
b7604eb16f0366e698943afbcf0c070d197271c0

SHA256
9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

SHA512
9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
a0594a21fc56c7db14f92c3be206be50

SHA1
cd60fd497cf7a357b1bf2ccf8df33875e87a9cbb

SHA256
8b0423084a10d0179869a42e3bb5f77f86d26e6b16cde720c367754a37a3a308

SHA512
f9ee12f88204d1700eb5bcdcccc07b99c79e442a574c722df81aea942ef19dfb4e39e10469ab510076c6c20f4f2a744205fc88c431b4be40b55e1b9385006d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
95c1a8fb54cd48fee13495f6fe643d22

SHA1
262e9eacfa01eb6f5df42f0beaa02cbb2f33d9cf

SHA256
31b2b56a1cf3d8c2a8824e594f05a31ec57a0978c45b0e97b76001fa05c0e41b

SHA512
281f06f4450bd6321c56519158d0134ad4f627c963c00cb8951e2fa376b2ef270c26b0c92983e2611bdb6c6f018a24ac7405c4d9c3ea65e8fe91c39ffcf32043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
12d2096527fffe946ee47df64ec6860c

SHA1
3bcff6bf4703f04add3b4b7b1b797db32e0fd5ea

SHA256
1f0f477d4c1b2e046cb71476c8a28c8685794a255efb3f48c199fe793acfbaf9

SHA512
0e47eca03bf9cc36cfe84bad89e9572e6988bc0b203f5bb2d6d377c11de6e0319a59844cbbf625d45bbae672d83da8ed905a1658f5d235f5aad89da5b02a87a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
cfd3634118108cc17991e0e46f4fb6fa

SHA1
1e8d67679c397b7d5e792e224ecadb9ecd02c260

SHA256
1ffecab1c94f759967981d8989ac30c59632c2e85aaa619412afd7fbcd0cc3ef

SHA512
b6fc51790ba782531a259fc3c18fbc8b9af6a3f832fe25b893756b35264e389a39a085844c05f2496eede74de8cd692a1549c1db9e71d049d18bb965dfb83043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
9a27f3bd3c5774e1c6c142c2a5236733

SHA1
d113e080d3d485cb25d00c86aeef0196e3ded250

SHA256
1704e272fd0b0bd18bb63169e5108eec31a02f52b1cfaec21a15c0b9f0b68659

SHA512
bb9825e36ad7224705a6a6f8511fd1133b42f747f22e71ec3cddd71e964c7eabfd66857ef3e4debebeec7cf53d3244022ba6e2afd9aeedc43834ca63f9649b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
5772f88b7b00bc3bb061f6b9d6426f00

SHA1
27920e0ce4a2c7dbd66c5603d1513b0a26101acb

SHA256
dfd79e508a98b825ee1a7e156d137455bec3b5853bf1b83ca37bf3b3928d4b4d

SHA512
fd894247c83e5ada36a72c311e0a387e3bb8e5aefd1a02de2f0ce1d304b34dc6fe4d39c805bfc344357659ca9d57eaaeddc5930fcc8c215e1a9efa807423eb1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
83006dcf6c9bd2e4b196c42d34070967

SHA1
1a63fde2ff70302e7d094a2f4085c4f0e13e92e8

SHA256
33ad6eca0829b7b3336dd3480dd5d3170455da484bbbb1a2431ff07e1311cd2f

SHA512
c7f0ef06a057732c684cc7a6ccc799fbd991d5395a808af91496577cdbafd04d1a4618bf39c46aeb2bc218af415ef1d32dab287059183d2a6b2db48f2e9056f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
1e2aaa9d7e8ff4f64815b857467f2941

SHA1
83844a6aa1c11e57dd3c9da3b4d33b06941d3496

SHA256
61247acd02476a8361607b7dcdea50a8913d87b58d3c0ddd20a892017a0352fe

SHA512
d742578a9f5d7e7a02b82b7257b8be29e17ad1c8ad1bee07e8861feac3755f531d91b39af6d2c224e03a6d583934670b87bc8ce1374e3c44aab4f0e9f67ad439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dfa2.TMP

Filesize
371B

MD5
379bed0c6574318666c70dff08a39e96

SHA1
38ea6b80506a1581dc23c8e68b44e08bc6348f9c

SHA256
fe0c14f783a1bf20c529fe0ee0f69f7842e4a0ecea848ff63fce57e847933349

SHA512
cc570d7ab7d8104c61c650c02c6ccff18ad052c317062b592dd918076174c132944cc7cb1a60a65ae336c442d75214eb37279045208f29f85b67981f9a7eb6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a196b7fea693b94dcd4da3155a49a942

SHA1
19175ea0a41c50d5023218644f1d1565d7d6c2ab

SHA256
dc80100aaece9788730c6b9eb493ce1b3f8026d0209ccbe0e11be8f599ea0a37

SHA512
09e513716d8a8155009246057020298210841efa4726ee733246c7d0ffe3f0a826c30a57850510c7c7108d86f59a95a262599650f383fbd07d4e2ea00de83e0b

Download Submit