hxxps://probincsecure-crypts[.]top/payouts/

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://probincsecure-crypts.top/payouts/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2016	msedge.exe
2016	msedge.exe
2616	msedge.exe
2616	msedge.exe
1608	identity_helper.exe
1608	identity_helper.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2788	2616	msedge.exe	81
PID 2616 wrote to memory of 2788	2616	msedge.exe	81
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 516	2616	msedge.exe	85
PID 2616 wrote to memory of 2016	2616	msedge.exe	86
PID 2616 wrote to memory of 2016	2616	msedge.exe	86
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87
PID 2616 wrote to memory of 1800	2616	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://probincsecure-crypts.top/payouts/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96abb46f8,0x7ff96abb4708,0x7ff96abb4718
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12121239500579979317,7215824625565903089,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4236 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdf4a759acd43c3d54213b9de2bbe047

SHA1
81da78a0894c8742292af1057383e39588df4e95

SHA256
60ad530f2bdc411f4c0e1437b28896dc9c45a950a93cb3c2cc9e1ae70b629b7d

SHA512
4569267b06df28b47f87d666cad4cc63151ddfbe494a26a8ccbc9375fb333596c329778372d2dce5cb53037ca6b731bc9d0bec52eb18e0899e6555600bb305d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
89cbb20cdb08953be45a7ce57ff680fe

SHA1
8dac492c4f5fdd777f4947d58cc0948664688d9d

SHA256
9b2cf9b97e1df21a5591ea406c579d3d62949a085012b136a06026ba48ce9ff4

SHA512
b32ffc555641fed2fe0afe144dd5470f6eb01fae9f891c43e5217e231ff730a0bf7239030c12e54a7f3ad2c2c43d7322bef5bc5f57e002246fff3d0d5a86a464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4ed49ff790217ed042388873aca9c854

SHA1
79a0c7e60bf4ca7c23053ee9a8f444ab5e7faca1

SHA256
9534a1e9ee405927dfb8d0ad9b7f26e3fdcc0ddd59438f726eaa39424cbe5549

SHA512
1548d69df32ecd71856d4cfbb006253952edc36168703a6952459411225876885d57aab21df3986f05c30cbd6511d69706629ae3dc9064b86458b17f2feb3bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
185B

MD5
99d3262037867e9d280aac64b159c8bd

SHA1
2c7837a15410fe7bd67c5f068a9ee60c2768ea68

SHA256
51d1779a832492bcb9a2fca94ffc8536538540c2fffed42464a6680368314040

SHA512
940a9ced5c18a207cec1d9f04daa70131845d5fcb9ebcd6e9939688d04efdf635ab863afa872adf74bb3306591e449e83fd0b9452b6fb2ef74f0fdc5008cdff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5af7a4b53debc739c951b60823235b92

SHA1
de6486366f6ada35d7b3afb48e4eb433ba566b68

SHA256
dc52915d8a2e1e8c9e10381a397e39f5d001ab6195d57ef422a30b3cd74027ae

SHA512
0b65eb148dc3413c0b20e61b0a1985d6aa4364c99ade7560d00b49b14cab70c76757032bbe98bce45ae760ee1a1a7e82fd619bd5adb16fc5083db0e0c775571a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c76172c89a2a3c2b8076c96c58c30c74

SHA1
9c11d601325a28f1c289b736118deae6c0ca1dfb

SHA256
de23802a378aaabfdd20624eaac5f998e393170993b5ccfd7c6f8d03aba34578

SHA512
534b94abf0eacc7e1f09e423872140318abbc60625dfcbbb3ee875953d87338794b5aaa67cb0822680937d32428df053a926c81ac5cb27846f9f9febdeebeb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
dc4ad6544f94c8c7150b52004c930df8

SHA1
6122a9afadca21f6264b57516bffd6e607832fcc

SHA256
c30919670abcd23ca1b08a3aaa091f3c2f7a0a29fb917da7d0693a994ffe72e6

SHA512
376206cfe7a8e4c20d63d84a977e61091a08239b1c16af632b4838e5934413ce512950e6e0295ab6cd7f9aaa4638e75eb5f1334127bf94eb8c27ca82b7357825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e77f87676c0e2fda6db6bc0ae0a893e5

SHA1
28dc126a7ce7a73a956d5efb104d7354829ca817

SHA256
8f057b1744630cb4422dbbc744f5c167727e76c067fb1f3b56d02876b2926238

SHA512
8dc73c058838ed7be8d90eeb0e48d669fa9ad36bcafc3a7aeb8b6434406f8c39af6f39a08b65e59d5e9e3b4c3436abcf1fac95378f7deff93153fa0f0a86dd9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
bf33125062659031c00bbca4f265550e

SHA1
ac6f61f73a11969eec65871f755c9cb64adba597

SHA256
54f3a1e3ade0920fd38f1b504fafd3098384dcdde8b3abb4586cfdabedfa0dfc

SHA512
7b251510e36e6a9f3d90404c9a3a3cf442e82b006b2ad108f97de827359c08a9e303ff3ea8a237739905b854be21634a8aa558f5131b2cf4b58110607bdad8e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
03f78cbf3ec35c5e5b5e8ff5f2a0ffe3

SHA1
9048c77c16d6080e1f1bc24b6fd9c06c70718d69

SHA256
67f10067e551f786ed4f9b752dea6ab5d47465eaf8d9374ce4cb1d06ca9faf88

SHA512
ef86e034b57c465896f3e6dfcb071e88e3b789d16274c26538d35f76f1b2b62e1b221f2dca09aa018bebcd14145ef445f34b045a5fbcb66ac81f8b62324ee7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3830d7c6d4467c2d6e142cac1f17d1fd

SHA1
d8ca1d3c18d6b1f6a64ebf367a944cee55b6ad30

SHA256
31924bf194a78354dd26c4c405998e6379b1694003723acbaae11ab171597b43

SHA512
f85dbf7b124155aa9d92125eaf734b8e4880e859c2ddd7ac30811e37b4dcb02014739f3eee9278888ac909e7052eb7a10072f8e10a1790d5aeeb80cecf99f839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
4f36efc5d2de09e68f091024d81cfea9

SHA1
23538e13a5f18f96ac31eafc8e76700fa5f5a986

SHA256
9bce71617ff8707b3fe0bbf4c20b26a58c94964845eb309f415d25f7848de32a

SHA512
e2b03ba3859f075412778548deebc189f5d7bb728dd77f05c68003b01902e1805c26b213eb17378f4a2168daa57438ec3c7905004395e4906588679ab184f991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
4ec7c2b7b2c0b82c78fc720f2c59718d

SHA1
331c88f97d1da455bea68c98e8b80cb49ae64439

SHA256
6600fa60a0423ac21c52a9952b10997a82cf5aa12fe53c4021f22f24362af7fb

SHA512
391cebb807e7662ccb6f9f922903d5f83a3aef8eba112bb7848f40a83f81c136a7b9e8874894e5ea29b404f6ce5e1ff7e3e2b5f97ffe93bc14112da0332613ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
89bf269e56cf0f94f1f1e625d3341838

SHA1
a49cb7c246332bfbf0f9b5730b18623c5f8860ae

SHA256
f17460eaf7d66af3b7ad295ff466a17b2f649af70217e4bf5994a3445588162f

SHA512
5459a58568a3251f8c55a2873d4ae4c8f7a367197d2bae5c536b898661ded0c64043116309b742a00bbd7c86712b9b9fdbaf9e96a5f48cc37e04cea6f78a0652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e884725bc1587ea0b01273fa7877617c

SHA1
bf70f7c8a651a0b7ca4c52be85df54e48f8d8efa

SHA256
a81c04f93e4c8c985bf7ef7d13c9ab5d6c97846e7dc4eb0a37d7fbb09a891626

SHA512
18204a0da982ea2050eae4c31023528dd561d2123667cb06cd49bd2337fe967a3d9c9a7cb1751586be692daf4d70534169621e60a3f2373d8fb872284bec8751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d6d8.TMP

Filesize
203B

MD5
214cbfecac2312db3ca30b59e59dacd3

SHA1
3c68d5f94dee9483b47880572c262d1e1c241195

SHA256
6a246830a3ecdeab6a81ff993e75a59f58fd91b75c71a301fba913eb1cd7ba14

SHA512
0063e4ff2bcc29e1cc07ef7b003d26c0584a064ec116024958bb2a23f8936f4c31772a44bba77122b7031a00ca8eca4ef2dcad04fff3d68a997948c4e021888f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c0c2383efdc15371201fb2e242629c0c

SHA1
9d0e8d53833cfc2b40e1838e8ec3f26e89e670ea

SHA256
b52765f191ec96d2b96a0083dd2b150bb63412dd2032e84ab32fd54658a0bb8c

SHA512
ff0a3ef8dca127bb699054626a8daec1d3c8be2de3ab4bb6bd5dd4fd805fa0671edd331b4a6188b6663c477ab4dc85c7f6e78c02b5bf629f636c1935e53a2f73

Download Submit