hxxp://spankbang[.]org

Analysis

max time kernel
1186s
max time network
1195s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://spankbang.org

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4540	msedge.exe
4540	msedge.exe
5012	identity_helper.exe
5012	identity_helper.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 5028	4540	msedge.exe	86
PID 4540 wrote to memory of 5028	4540	msedge.exe	86
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4752	4540	msedge.exe	89
PID 4540 wrote to memory of 4560	4540	msedge.exe	87
PID 4540 wrote to memory of 4560	4540	msedge.exe	87
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88
PID 4540 wrote to memory of 3080	4540	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://spankbang.org
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8534046f8,0x7ff853404708,0x7ff853404718
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,427045835705456786,2847403848226868049,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f4c2952b406af606739acc225dd9f8a6

SHA1
42b42f1c9bf00f080a2e5c29f63ce7c4f01019f1

SHA256
c3d93a4be98b646d32f8cd45b2b01ba505a0471c5062241467f88c363ac7ba77

SHA512
42823e9e5fa035836f1f3e777ca465727ba6fa4af51268b93ca88669ab2b4ef20d829d1408f1584564953c6acc6ba52451415a8934d0b37e00c55263feb3dd19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f1e0b3c75ac1529ab9bd7dc235bf35e1

SHA1
03a0d8301354737a9d67374713cb067e143f73f0

SHA256
908d37e3955fa384152f5aaa623ccaee41759ee253894b41f064a22cb839d16f

SHA512
b94030be41e47c49ee200904fc5488c6522e85e93465934333ee55e2bebb47cad01905ef3f652d835719f8d35f64bdcf9f4ac2028c121c75acc2c61575d9a167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c638c45023751205f3845f3c40ac51d

SHA1
7e4bf7aedabcf72a30962e5ff7b58f74d5c0c0af

SHA256
e5ac8c2d2a9af3f10335d29e5e0888fe04da6f6cf21d15860e806e426094bb46

SHA512
aa51365db1abfd82bce26fd2a45ac1d1904319bec51c7c7406fca438a582ffb408e2281c01e1ea6f04534d8811c4649bbfcea4f9687aa401ef84f7980b5c2604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6dfc3349d855f1af1c840a6c01eebb6b

SHA1
e0a5a2f74c3d67d325a2aa8c8bb8ca2724f9a6c3

SHA256
8a8844a6db7620b4949f85b13e56ebfbcf4cd158e527bcb791b0880af29fafc5

SHA512
55ca93ae5ba7dc44566060278586eac0679d650f84f8aa31bbc492e7c2a1c56cfda8a4230218cfa166627939c988c728b747f71b19556a0a20f4c893ae22b380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
15KB

MD5
78cb3404789412d30a4c2a8d4b7eaf1a

SHA1
d977f9775a4e644d389fe0a9f274b57fecc57606

SHA256
474c72e0ae704f634b65305c460b27f5d04bb01f67f232e088f8a5333d35d9e4

SHA512
13ace042594aad09b1fa8df088c25e57bb3c6f8e281ed5001196dcf15714a5aa40023605529d968b23bdda9f8e32de83694b5908bd8ea818e3984c8f18b4a787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
08da36c900eae4a3e66b2f7e40cf4543

SHA1
5bfb17988e88f3e321f4eb238370cacf2dfa0a72

SHA256
11e57eb13585fbc9d4914cbeb684fb8c92e933fcc314840a670b5ba44e209945

SHA512
fc9e58ebfbbce02ede7594f8699017e9222801e68f3812b27de365181726e5a49667420e273bbbd01aa210827f20cf6acb640feab6f90e6f45b969421b75d597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57aa1b.TMP

Filesize
48B

MD5
fed8d9227b3229f0aa872c46bbc0a0af

SHA1
3dfd8f045d68284987026a6a0930405c31b0ef2a

SHA256
52b775f2a4c4c97966e2f92adf60e729a3165a44ae257635b082ad145961d33e

SHA512
b1a969eff29f34470d79afaca6ff35b41a199389c25634f50ac2353a19d371f207e86dbaf0de4702d68a8c293bc66af503d9f69145686d001fa3260389e5bc9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
3d130e2a506f3b9c3d0eea1967bee10b

SHA1
27603d9283db5cf5c51bcc3fbf99972b3f33e4ba

SHA256
4bb8f6502aa1e58261bf93b8b631a2cda48621ca27fac67ae23dfcbc898db5c6

SHA512
5808639e8569900dae728d7b1f4a43d365088c396d5db2d032a339bebf51124227737082ed7d213ac53765ed66c2f31a862be215f9c841e9e14015208d1bbe1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
e880905622417eedf0083435dbcb003d

SHA1
52c98db873b755446c7a0958f2bc593705018437

SHA256
95b2a67b4dea925105143690308cd919bc5f694101338e5755f4f024d0a55edd

SHA512
6389533d405cc2bcab35b11af64fd78fd9dbfa4d81ecf4aea99a3e61fd9439bd842c1c5f09fd8008da6f902fa3c17cedef1ce2dcb466d6cca2c7728bc9f1b72f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
3a95d2e2508a956f3822423ef4b58213

SHA1
0f90ca571d740a3147499dd2e61b304b432254a9

SHA256
ace7fcf69d2e673aba7d8d0847f197c93ec40e526d72618b9847bcacfa83902c

SHA512
4bde3914bdef716f344575d25b8979e0a6a18a62e0edefe0979b4052fb718799b3e024665916097146904cdf3a6d6e64c85a57c044fc521cf561fe0694c16ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
f3a6d9ea49c07180bf92fecd4f61da32

SHA1
8d6a8cceaae3173dbf85acb74f3c56b01dcaa8a2

SHA256
b6b6fe27b3d040520de6d032c1d01e3d3ef45d2cab1bdcafcae9c3ffbf835e76

SHA512
9e326acdd6afafd1f5f297a350acc43bc041a4ffc676e47a7b69bf972f937c2a569a3ae07ef8a256debd554b42a5660708f137a2e452278a32fca9bba64f121e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
24a9d9d88e8a208f417e356066ba22a1

SHA1
a24273324b1c5222a9ac019bd7c6397479edad22

SHA256
c9a887c6f2771e7717858ee7caf2dc2cc03a3319207c35e7d66de43866847cd9

SHA512
aaa8b8151429eb3682c9c02dddef06c3b6bbb64d94f8fb6aa459f3e39e8b8bd3c65fbb2a0e87a397fdefb833c2f337a03e36a58fa2ecbb2ae217787736481a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
8437092200c0206eb20a05052443ce80

SHA1
40e96a28361c1a823253dabbfc3f79dacd28353f

SHA256
59f2c177ea217d6a8f0cfda5b74421ac5a05a2783c4500c1f7afed705b891338

SHA512
139081329123efc1dfa31676044adb07c6393e7a3ee35e1add457e85a9acd499877719e5f533bc540aafe9fd5fe6c2b5cc60f1491e2ddff841bc73361bc4268c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
75cd6f1d275e75fc29f8b37919e0b76b

SHA1
fdbe3337bd0b809e0bc115f7ab13d55373f07d6f

SHA256
0ef866a4cc259f429073ca9b91deeee2faef3e85e4bcf308ffa36640b83b7c06

SHA512
6c57757c66998d3c5c2b88f235e94571ce1720d18703b63f8558995a7daf4103bc0941e667bb8f64fb0ca1f91114dcded595e43d85c9282043d4f5bed9fdc33c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
a538bf118a06829819a5bb0143b72db2

SHA1
f84baaf5a5d5e764c5d68473ed08b52b73ded54d

SHA256
fd6472f53c42e37e45a7628b0249d354f6650104a7c838bda5c9231ec1cf20d2

SHA512
56303958c654b7bdc0dcc0d37026cc3896503d8eee4b68576ced6188801bcca1a0e55a6486cbf2d70951dbc49e3492d042f63665595d9e7359bc07f8ae715736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
39a7fdccc916ff0dcbae97f611090c09

SHA1
f54f598f40e19fb9698f4c0d4659202d45d56c60

SHA256
634aef10d806ab28bddce8bf60000ed8faf3db7ac3a523323d7618fe795b1bee

SHA512
865cee732df9ed10358c71bc778ecf57b9397eb440bd749f463ad9a3e8ca66f410bb2738b4a8a15f1eaf7dbf2826861dace20316ff57f50d6081bf4546f044dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
35eab229059fdbbf347cfe385c46715d

SHA1
8b9e4b825a28d536b3f61a457dfaa68ef0498922

SHA256
f27874c7f597bc8c8e4808aaea5e06338f404afb2889a471ab8d41d14e3f1d08

SHA512
c269e85c7a6edbb488c75ef3ff2005d08e094d47cced91125d5227065c805a90aa9ab6960848d17b6af78541a6ff115c271e8726055fc575e79c9a05543d7a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
c2a8d6ee69574d5442d787e198b12948

SHA1
1e804c1fcba48625aa60d8bf9499b578ed117080

SHA256
6a9a2515bd7dc81af614e672bc55d6b6ad4492793a0cb520e1261e854a8ff821

SHA512
3a9d927e04b41ce200141d49f407a1aeb6c7b004558e9d0e3b41da30d66912fa8c998e5f7f260e6fc4525a3811210c760e3004a31115180939c5c0a7b2e0d237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
cd7fb6c986abcfa38c26cf4b56bf3531

SHA1
bc9a964063e62db0b0595c0cd82c6305da186c82

SHA256
052891a3808aaed90a24262f3732ed4277384331a4be6a6a370384a1cf507a36

SHA512
e5cc9a2c731f098cd4af7092553befbf22a4f565c884206e36c23521e1254659879f1963ddcda50f8916c9ee300bf700970782b36b7fddd694d5adb053a5bb5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
952561e0f0a6bc572db9fb9245c10a18

SHA1
3cd84908838f0485ce8dfca54c9411076f776b5e

SHA256
46371cce781caaca8ce5e099a767aaf8048440b4d3aca22b0e08fd8eeeaa88d5

SHA512
c3593a88b224c0b27859d5a70139b2b9eba584547530c3e8faaf590b4d39af1d1628c28ec8694a5c64b2b01d28744fdf7ebb6460cebed197f8cebb2866c69d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
d73b6b5cdb8573713d20e433a8d2c914

SHA1
e7e0eb9a1685cbc4e9f1f4b94514871d2eaf00c1

SHA256
e6c6567fe9a8e77d2c558a436e4c1057505a917033a3f08818829b32ad9b32fc

SHA512
6adf918ea9277796bfea18a1786c19baf10fffda45706b59852c9f5828af0dff17f74b85b8f13ac91dd624016e3956125ea801d72658a7c9fa201b4897a726da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
045c9512acdc881e86893ade762f3403

SHA1
f729f23cbd939bcf7642f04108fd156df63ac1bc

SHA256
e8a53be5e74f9bd4015db4ebbf8594ed7918ef10bb12cfc5402ec41951411354

SHA512
1b4f1c039144181ea746db3c7b17e472897f8ca395699580754607c04be51311ec4c72b9f847b2fd0e6fe9d113faa3f3ce86ba17298c6198ef4f159231061c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
e8423aace5e08da11f5658d7ccbd170e

SHA1
ad3b6a237c5577452412c7486c94290518ec1118

SHA256
cc22a1a5a750a68b54ff52965740d58ff274344042b37d276017bf0c7bb3e2e6

SHA512
3c7119e8c1ded095e7cb08c81c685962965b91431ffce1411c77a2bcb6e2639cbc49225f0e12373e670a3b1375e34bef1141576dc2fa19dec56a159ed6c6f4d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
a0cdd1c336288d00e359142c8fcb377b

SHA1
c6c34e0f3ed48bb41b1b0376e7f788cce27f50d1

SHA256
bace07a72c7efe10f16cfa6cd1de3889feebc1391f31033ba7cecff899744f77

SHA512
09e0009c970b5852ff2d4c0f4f56f75d601bb27fb25ecb7e57e8ca622091af77f5f8db1f88130baef1a96d5de9be3d8f74030a4f7cf7f995d64b359b6f3665e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
91193e9820d20af0b8455d38fda3381c

SHA1
b2df74381b2d5640a391ffdafd9738487e00af88

SHA256
a44d92cacfb98cfd58603fc27547365b768e25bc75931cf7541656101bdb9551

SHA512
2916fb485b4de044c8f9047729d671998e3c43a28d2abc42f5267f2f544e991cb712a4a2aea58862b95f7d89ed64ac59d1c1955647e0345518a02082129a44c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
263cb96241adb7703ddc607ae9b634f0

SHA1
d05dee0694d32c8ddbd9143701fff75e5c997105

SHA256
0744dbd5a7f910d5b7ea745b4aecf404a47b38b1cdb70e2c553c1dc527fcdc31

SHA512
671206804a1fd713a22bd6c6e55ae187396d910587b6a714d3553565372805fc8d9d03530260d0ca6220663ad06df81816060439e5356794d33e60e9f1a87cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
9bea6d8d9c991d878159fa83cfc076be

SHA1
094c12f06f496a797eeef096e591b0b4f8eab309

SHA256
e2052c666e68da4ee5fba691f6c4fb9c3be79152a4b2e890bd274185f58c130b

SHA512
83fb3de7d1e8ab9ddf9462e4ce4da1ceecfde1b34ad179523d7b65bb8dd999537801d8c974f7875a4e934546f54c281429c21d0697af0c8476b9908d4656e843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
1c1c827c64ee76005867f37f0b98e656

SHA1
49244f8d6238b3fb3902b518a47c052a68bd4a28

SHA256
35c462262f4a673e81980924d46b6fcfda179bc587f8367e7b68b036e68deabc

SHA512
6ffa9e119cc0cbebeebc777dc3ebf5ae57fc5360cb65158b6609e25c0e37a84b7d2b8cbab6f6179ccbcc20b31b0e0ee7b7f129c57e2cb6b75cff6b5b397fbff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
4128ea1633ca4d9e025ee2465cb45e33

SHA1
ecee26c4728529a4568f54d17705e1fb5c6da243

SHA256
bcb1a4903cd2d6f886c3d3e6ef867223b32ea849c479c205ac634168211b05ef

SHA512
9a7614c69b17295393081dee211fd2a2d7be1403a92f7a8fd9e762f3d02b03c766a4abe8f7b7af7dbb43bb02b532e27e5ac4d2195d397f7719b0364af560a273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
76a66faa272503ec633bbdb883bd741f

SHA1
332ea1d6bbde44919a1e2a11d863cc02d9303fc9

SHA256
a0645d103226d8bf001c2bbb69768f294dcd5e2f110d9c990e47772bf899ed98

SHA512
873442121289f6f836bc18fa515d88d1eae9374b18ced14eb48e007110282d74216edc8ad06302f97a8857091f75da9b592bc0150100d6cb94e39f785336b619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
fa62fc647acd0628079fbf830ca75efe

SHA1
896c51472f361f5789bb084aa5074f1e96468765

SHA256
ece13e2e4f20576298c2745524b95a63c1b518cf0764a94020d4f6c365cca4e3

SHA512
89275f6c28ed7c75a55f9f79b774daced3aef1dbf3f6ec7af93a679916abcf386b61d2d51ebbb1e670b127a6529dee8014bc7cba5260802f16979526191f666a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
1b135c5a083e976a3f7e40741745de84

SHA1
5ba40136777379ea3a0505b994abf8f7a11f981b

SHA256
726a21c747104c7281c45c742846682bc6438b0273adf59f7a6f77e87c476a84

SHA512
1213cf2c49024417fecfe68a6385563cd93c1e928210ed1817ee4cec3c08d203a33ea49117fbb33c2c29acddf554788b96d6e50a5ce8422db9f3408b1f66d67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
ddba048bb075ad9987dd72d8cfc76b3c

SHA1
20aa42a82f9a5b4ec2c564a9a10bf1fd6c7b15ca

SHA256
7b148976ad6602628cb4ec2a00317548e4215214210204915bcb0377d46b6d27

SHA512
851f1900a9ef482d0df982159139c9a21f18a8ae5b1b75bade3a4d8b66b05ccff24bb4702a97e5d0f7fbda7f656757873ed189359ed81372e062b0292f222e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
444ee33c3da3851202a3e106f6c29cf3

SHA1
ec9138f58c62e876afa0e7afd6c75750b8b99615

SHA256
40ae26075337d08442bff9111a3eef539bf2612377632e357e1ec1341f7ff605

SHA512
a15346c5ff4bd286e9b50c3eff325905d9d00fc4f126cdb2e43e26893328c9ab694d81d05ac00eef5422853ebecd49ba27b68d0170c01940d7828940d1fb6fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
cac87938632d5be4c6b8008e808e3fb7

SHA1
4d2e370051eacfef8465817606bf6555caae3d8d

SHA256
e83f1a87b2ed7516978e50d2c537b07f1e4811349c914bdfc125a4375eab022e

SHA512
c11f952347182e2dcc329951937ffb2621b296db735182abbbb8558398065c3d8b858e6d87d87b72b459f278cbacc74460107ffd16eee38fc18b1b29f7c99f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
fc6c2f0407040fe21349dc63800d317d

SHA1
bf6ca4567778f3ada087943102ef139c71174f89

SHA256
7d576b61ef2766b112c147bb5509faa08d7a26adeccb7d71f2b35103182a2bbb

SHA512
48f119ced363905b1431f15752ddc06b0691ae672830c1e24f56faa5faea60ec7ea637db4c7445e8fac7b1012d773e6f623cb93ac9eba1cbace65bea9cc1681f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
9a668422eaa8c4be1867995dd6138ee4

SHA1
5f998318783be7fb062b990ee25a80f132d2b2b9

SHA256
e800eab5e3dca47cda59cf8d96734203c315dad776862abafd57073cd80c6587

SHA512
f7ff59ce7492b4477c92559d5c5947f36e1b377924de65ef53f33c0756b30853386a3d33f31617b11b7d0e13802b5f788a2cce6181a939b2a018ee20637133e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
fc176e46c1b4f02dbc3d440035bb1212

SHA1
c4607f2a624cca8417b2e0095a25b4ddac1a3360

SHA256
b74d10f4b0529eb8b8b989d9de8d829d98460a1664629dc992d1ce41a04459fe

SHA512
6f5e59dde3b20bba7795743f097641ec40cc0c2b9a19ba83a3e6c4126c3771aa896add57f6fb801cd83e4388d2b80e7714275e6f3d5e35af646fe405e10513a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
4c25fe3e98da77f42d221d3744afe905

SHA1
601f3d6813cf9e2ead45f219a4656133dca1f4ff

SHA256
4258ac73e4d746863c6a1aff87c4de4fbe9f125a7246239720dfffc0da88708c

SHA512
e38788e42ab576b9f9a5f4077fd3498425facb433935a890a32ec68130f702494d73c313d542a222da65f3b2b648bc41f5c4a1eefdb1da76320eaba3cd8f57ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b999721df4e12ece77f94130ccf597ee

SHA1
b1672c8bf39d4d55fda87b78ffd2be9d4866c441

SHA256
6f39058583c537ab61d5e0525cc4c4a73adc0346217a4d9a936195c9c71354ff

SHA512
bff182dab6ef0789e845d8703836de6ea093feb74b074ece8f6d0df4c5d50319e76fac7c92230e9c167fcedd4e047c2661e2471635515e95231410c3814c2cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
176f223141e97faa2dc257f604690fa4

SHA1
4e7a55052d2ba373d2bb27a2fdff2f600cce0392

SHA256
26db739ef0e4ac8ca1963b6d96ecef268f3d4ada1266acf701ab5e6174c6ef1f

SHA512
96c78b338e054f13ab36d4f4d8fc585036822ba0c7aea05b7f949928993d4b313b6076f1f7efef9811821bf542a9e050c3a13315d85da84d193bb949041cdae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
57a83944beaeada8571e8fde9544fa09

SHA1
7d820caf6647daffdc9b15b7e74f82487f6eb174

SHA256
2c4aefdbd7b3fbe8ce708aa9e9cbb072dcbb5f53e8d8e5e2f1db5bd0a6838149

SHA512
b98df064f05c88d2a238e57aa7525d2a4ff9fd9af0d4e0e8a1c2f2dbf29ef0287a659e517bcfbc64daf1261a15246efd230a2fe7a622613bc325feea3a2d84ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
1fd4a5262101214e54f59215c7dbca52

SHA1
c3fbd5f65669aa06f3d08ed261284720b7b65a9f

SHA256
c7bb73d403b352b9998558b13c5d755f26d1e69ab1454cf3d2e5bf1bea325a03

SHA512
ddbf389cecbf4b366191888a6cec038b83e84be28a44155b7d1e02644169bd46f6525771b9dc9a049ef3fbdbefe468043ab8c436483aab2fc79d5c011235a3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
5ff47f01a09f0b6ffb641ae6590023fc

SHA1
d7a87b9f6e29d9fbded25b554bf1c757ba1be9c4

SHA256
d863db0c59a829717591ed5545e7609ed3975042a9860a6dbf0876f92b4d9526

SHA512
9853227927b123ba619d8b8a27084b168889d5b2853d042a2fadd431517e035ca761d56ff5bc6893d2a099ed1ccc3a493be9e66a0e226b6dc5d601304740874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
1e4ece849fcbce1e9de4726e0043d56f

SHA1
3a041d5d967cd4609668ad4e9948f1bc62a72eaa

SHA256
b2c5976653dd90a8b1707ff7227ce5dc2a48c31a02e977e403076e7eb668c7a1

SHA512
d2658b3e90426d4bf62d5844c02b3b90fd43bf84e8750d7572fc619262270b05b918d12beaac16201e3c9ef1c4a5067b89b7b35c46adcc6ca9bb56739f536b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
a5652beead50642a5c3b1f1c9f87e2b1

SHA1
ec220bcd281dab9c8765ae1b8e1997f635a1ff13

SHA256
4834223fd3837ae779ea202cd6ed20462b1fa064bcfb50e3d588d77c61166c10

SHA512
16da037fb7b31c568c3ff8002264f5da62fe2237cba0be32f1b5efe7821eb9dadeba31e0bcc87097a201b5028f424f793ab332e813af8616f8806d833e31f61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
0162da71b87066935199badbb419636e

SHA1
635780c460ed6a3e20bcbf3c95debc352e9caebf

SHA256
275507c02f43000f401a438ca24148afc7c9685abc49718c7310b8ef00e1e6e0

SHA512
5fdc98a54bf9127b76a5299cf0dac9ab18cc89e1ca118dddb7e482819fd71f913636ab8143dc00637d53201b56136cd2d2e83e5dce1f617302fcc1487a4b7b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a0f3.TMP

Filesize
705B

MD5
3df54e9d0ec693e9be2160decae06dc7

SHA1
01617ff68c2c1f2f67581ae6ee77b15a707d1151

SHA256
0555ab046c545df14c70f404b20fcd2eaecc018d574319017c2c788378026fc0

SHA512
8a481029101a31ddc3836dda145b8ce4e906e3df6dccbff36527731a58a274764fd52322a2f60c40b2b005457fdaf35739722663c2e3c170d2326e65978e5727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dd169d223930392036169a31dd80043a

SHA1
cab9c2ed5ff5d5beb33d19d4cec74c59d356f178

SHA256
5e1f73b75aad56c0a1a8a515ab27616dae1ce037c8ee4a029b4b95edd8a4978b

SHA512
d7ee3aa3bc2b914be711922b4dd58e2a39b3884ea598ea93faed3417007d80cf6084b4df390100e0cef59a515c833d2e57f7cd10179f2ebcbacaa7de16c30f6a

Download Submit