hxxps://www[.]mouser[.]com/ProductDetail/AP-Memory/APS6408L-3OC-BA?qs=1Kr7Jg1SGW%2FkZc0iUljoHA%3D%3D

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mouser.com/ProductDetail/AP-Memory/APS6408L-3OC-BA?qs=1Kr7Jg1SGW%2FkZc0iUljoHA%3D%3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1792	msedge.exe
1792	msedge.exe
1384	msedge.exe
1384	msedge.exe
1092	identity_helper.exe
1092	identity_helper.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 1596	1384	msedge.exe	56
PID 1384 wrote to memory of 1596	1384	msedge.exe	56
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 560	1384	msedge.exe	84
PID 1384 wrote to memory of 1792	1384	msedge.exe	82
PID 1384 wrote to memory of 1792	1384	msedge.exe	82
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83
PID 1384 wrote to memory of 4020	1384	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mouser.com/ProductDetail/AP-Memory/APS6408L-3OC-BA?qs=1Kr7Jg1SGW%2FkZc0iUljoHA%3D%3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff997c446f8,0x7ff997c44708,0x7ff997c44718
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,10085956129972599428,2895518329899130737,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
49KB

MD5
8991c3ec80ec8fbc41382a55679e3911

SHA1
8cc8cee91d671038acd9e3ae611517d6801b0909

SHA256
f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800

SHA512
4968a21d8cb9821282d10ba2d19f549a07f996b9fa2cdbcc677ac9901627c71578b1fc65db3ca78e56a47da382e89e52ac16fee8437caa879ece2cfba48c5a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d8d2b71a9727e5668858e04f7b0a48cb

SHA1
d390c28fbc319b31f55b8cefe5323676608a3e9d

SHA256
a992265013b13d13c3ed25e75b223f04c68c6d592de7e5428c8fa11decf78ec1

SHA512
1c7e32b7b9532a92067f2eb7190ba172b43e227c8be5d99ba3366f9e86b527270f9d70c4b24552527aac3b1c744d0fa9c1f9974d5addcbba38f62ea76dc6a025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4b74817a487be3757842d851afa4d5f9

SHA1
62a7c30aeadebf77002f2c376bc66b0437644542

SHA256
8aaddc06ea64a83690f191e77f59643a11f9ca84c34f3e454933ba0863e7433d

SHA512
da8dc9f194c6d5467009cf084400a3b4878771095f0218f1b0c8efe28e2d45bcbb22aed9f865118a53ba33d64841fc7c78f9a46a399bc4f9ea5f46405c82e074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
160b1e8170d9055500b61d4dc8bdc148

SHA1
1823ce71f39e511cf2303666e2df753082a3fdfa

SHA256
02161d6a0d52209cfab65dfe6731b24a9510b562c867a1d8e37ff05cf8e058f1

SHA512
db59af4d2ac5d5f21042c42d716d9bb0420fa1efea101d14c018095b22589f420b4e4abaa76ffbc28c0690a50a0fb63d9f680cb1c3a0f7fdf70359fbd1cf2b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
569242c744d9d3e02d40fd40cccf2b93

SHA1
4982b6dd1be36aed7373192ae7b63d6dabdfd6a9

SHA256
a85782fdc05fdef6ca6ab2ff4ce859549091a32d886a93ae180f9925bfc2be5c

SHA512
3f31f3b29b748b6d7720cbc2d90b4aa8a394181bc9fec2fcbcb5eb6b97f25e379b91be0bd977565ad8425121cc02ea8314c66c5c6778257e1939cb6c68d8292d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c4a06695f3b977c6419b329da775e53

SHA1
55c1293dfa9d6029a9a91c8fffd8b25259e2ee57

SHA256
b012267e218d84b32405516e57b9654df03107809f67f577fcf5014078398914

SHA512
a7afa2cceb0eba5b3359b0857d60716c5fb8f3611106719d217c2381a81edd0bd71c2751a0659719e012c727fc69ffe13f503eb41b77a02787bd08e6fff78fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c1a6530bbb6a35bc222de2bb6fb3e63a

SHA1
ae764b18ba1ee11b52486ae7b24bda765072e27c

SHA256
e9f1ce202ec73dc4bad4f9b3a9e186bfcc9a0fc0362a4abf1d91bb980b6cfce4

SHA512
b96f8ed7f7c4cadbd40e243f0582345ba8515ba3a623533289e26c1499da08d2c73695720698c3919a2cb22f6027e95c4e72f0d48273aa2bc75eb8cfa56fc909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ba1ebe97100725997abddac486a6336d

SHA1
506cffbd64e5d66f5556c9b6478b831f8b8997b6

SHA256
bfaa9cd0832f7a1dc13c7c7818105940bafbbf1bf9c23f931f40eb3ef2d4bbfa

SHA512
a954313d97821e7b766299a2d07a5621bbc605e02be5d862daf449c9cb19dd38611b5f7f839f3eee9aa45afb145e80c878295b40c5184905f2d3e1170893e346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eac1796b337cc27f7d17eceecd235609

SHA1
6d291b150f10ac39ecd8bd869a0c0c408f509547

SHA256
b90dd86a7a3857d978375d2b876f77b45a8fd4c612afb6ca969e764c4be0f753

SHA512
6b7d4f681572439f0cc478b313fce1515f81a6eb86a45244a69036d5a58427f52a31ad11d5927e0d3a1f003bbe4dcacf652ab3c1448244544cca35496cc0201f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2a4f623235d65f95d843747fdc034989

SHA1
249fc7adad586119807ab4736201e4c284cc55ea

SHA256
33ce35fd3597f43ce83c6ea2dd0869a7b517499e88d76eee41c335a9d1ef2dd2

SHA512
747a52a2b3008234a7beca03989f327dfcd2979e6be5cc3943e3cde8fe4720bb5091451f8b3572a634869d2c9b3dec4cb3a4e8375802165e7bc5222351ad3d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b404ec84c519defa3f5afe5dbdf29025

SHA1
3aed9f1f57222dc9daa9ca4a3d790c154b99b2c0

SHA256
4f65a2f0ca41f613a4ef0fc8de36720430837293678a5423a38e72e3bd9243b4

SHA512
d8f311e7653009a792f1c2c855d82891eb3574fc76039273e1b6baeebb1ca54bb6438ca48bd5f6e330c445e45eab8200fd1e120d488eb90fc4745cbc74bf9c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df2851bb22c0c0ca82e0ed8887ac96e3

SHA1
b840b1f68773207c7d660ef5ba09efea74df3392

SHA256
c16aef273af8fdd19c91a30ac582e3aa80e0912ccc85902654aba381941fdaad

SHA512
2619a0bd13bd55dda83b8b172f6834c57d2767b367eeb3d4c7f68492419ebc33e358884e086a725869c280d1b8960cd6dee642ff7394a53814cb9b324639f1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8a5c5d6f67632ed893b1b1c183e1a9a6

SHA1
1a855db0387370bc0094397b7908dbc013556a86

SHA256
3b6c9ecee10a08f258ccbdc63006298ac0136ff5f4cb08f01af4f46420967cb5

SHA512
c65acfe4abd2eb5f438917992b40ff1de197e23dc1587c289ec5837b52ccaa3adae5c485e3415997bf81ffb64ab29c80163c33b923223ae3c8aac373b06a7fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cab974690054a384968714b4ba2e7059

SHA1
418f4389e23b1a63eaed16311dd808374898bea9

SHA256
2d9d1de2c02b5d1842c7fb45c84aba6312c6825517c7d544598be16abebc1781

SHA512
67e414c703619d47f047b27e653cdcca11050e2dd53b2229489ed9f16cfe685dda98c28bb3d86afbbf057eddb49914e166be4647716e4694033487731d9641fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24a94d86c890085d92621e6e6a261964

SHA1
b6d939a7818340b7ec06bc75e638f9eb6fe36c1a

SHA256
cb80809a5acdfcc3ab3acf82fd529b0331ca56838d0b514615dc93e0acfa6e2f

SHA512
cd3b5a90dbb7771589b1455342d47dc0b277fd2558e235cdf3c6acbf531a64b6c7e599fd35c58ffd9e326c37f8e1679b00ebd4f8a2410ac7b77466797cdd698b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8737b268ec1b3d53e91546c5c51f57fb

SHA1
cfe8aa61b53acbec08bca0b296d20cf68eab133b

SHA256
f883bb0a46d01214af4eb8a38ae530cbfe970948b6ae64918899ee1285506857

SHA512
5e189e0e3f727de8d5fc4b0914d6cba49706ea5890a68d7095ed2d90db3eb6ab0b781aeebd7c8c7ba9bf3b4eec3c600cabaad396f0a399e76269d7eb6ce4317d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad46da9a2e25ad95bb04b54a03ef6b04

SHA1
2d32199871f45bcfc0a6c9a808bfb56e8f6e2aa4

SHA256
62e0e85629cd58e531b879b5061b1ee331a89bb1f70377aa7775dc0a84ec346a

SHA512
7c8dad174c2045a1983b805c7e3414ad1d2650c06fc33df49a82dc167954d020cb25c80fb0143662c49853826a5427c994483b7344abe6250e69372a28bf923b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f8a8.TMP

Filesize
1KB

MD5
f97ed67be23e1e1915735b0716f85820

SHA1
903da80312d2f91ec8af2b5722fcea083946f1ca

SHA256
46097934f4bc3830b311771b5be5c82e1a292ad5c5e16de89042a29cf5a5145c

SHA512
56d824b7fe6f291ef9977205f2897848d58d27dfaf0eb7097290ef4458ecbbac64886690998bf0758714bb6ecc3eeae8e706c3c504a76c92b912d34774626c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2cd74b06123010d4041db9e6a42eb1b0

SHA1
c7027dd8d516265170dc19f3efa7b3590c66f3d1

SHA256
ac9a36f8d70344e07febbf49781ba6153ec5be0d24687dcc0cba816d05b9748d

SHA512
d0f4921ad862558d1bd25b98c5140b4840e54a22bcbba7c4ad225c5636ea1520ece08e55956c0f82f4c973573a4546fb469c16f133a471110152a26341f133c9

Download Submit