hxxp://amazon[.]com

Resubmissions

28/02/2024, 03:11

240228-dpsxqahh3w 1

28/02/2024, 03:10

240228-dpeebsaa57 1

28/02/2024, 03:09

240228-dnnxdahg9v 1

28/02/2024, 02:21

240228-csy3gaha92 6

Analysis

max time kernel
1799s
max time network
1800s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2024, 03:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://amazon.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
2208	msedge.exe
2208	msedge.exe
956	msedge.exe
956	msedge.exe
4584	identity_helper.exe
4584	identity_helper.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 3952	2208	msedge.exe	79
PID 2208 wrote to memory of 3952	2208	msedge.exe	79
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 392	2208	msedge.exe	80
PID 2208 wrote to memory of 1564	2208	msedge.exe	81
PID 2208 wrote to memory of 1564	2208	msedge.exe	81
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82
PID 2208 wrote to memory of 1668	2208	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://amazon.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb9ba53cb8,0x7ffb9ba53cc8,0x7ffb9ba53cd8
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,353261228640370300,15749220707096521575,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0407c5de270b9ae0ceee6cb9b61bbf1

SHA1
fb2bb8184c1b8e680bf873e5537e1260f057751e

SHA256
a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd

SHA512
65162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ded21ddc295846e2b00e1fd766c807db

SHA1
497eb7c9c09cb2a247b4a3663ce808869872b410

SHA256
26025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305

SHA512
ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
511edd0b1646874316595df35bf9e982

SHA1
e0a71342a07d3f44fcc2be204b8d1ea1b1f3e400

SHA256
0b97126ff78667d4b8207f22d55ee6e3de78e6a9b06fa72a2c8b3491d061874a

SHA512
00d2bc5ea2d8e9e2099e1f55d35979219bb4d6ad92a94f5c946484276d9d607a1623367bc06e81ebe24fdb0773a545fcda57ff452e37f787b125bdccb62be537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
422B

MD5
411124ce70e7eb00c2fb295404c02281

SHA1
edf14f522aa773a406b4b0ea5208bb1e91ca4303

SHA256
3c83b6a144dbb2602e838bf0a20bf5da7374ab91d24bb9531c7cd0679848c8c5

SHA512
67b0bcbff05673ab4c7cf689ccfaf9e06c792e3d98cab51f9931a44ce22a9a107088d5eade2bdfbaf6ab13269655e73cc5b254c429eee41eede2918bedff3d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d534ba8a6fbcf75f892a1ca3dab0fbb

SHA1
573e43b7b82bda5a93790632ed7869ded6d9f463

SHA256
ea37bed0309a27aea079b98bfed0ddd97ef7aacba5e5e3d8777ef5dc0bdfa218

SHA512
435b2d3c6091be8f72d27e6c6007c27b469e8228c68c0b579a662bddf5d4402a760384ddbdf819b26db9d641163c012129d72d9c24c750ac94229c931f193d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ba37146b22415be11c634db71c730145

SHA1
3ad90a65f80f3f4aec2ba1fbca010947af61e94b

SHA256
398fcd6192f7a812fae7d3e12b94a149b90e749708f6e0f2561bad17750d1395

SHA512
f265ace32695e034f6f332ab6dc6ea054933881d7ba6cdb7326a651896819d25249508e77991fbb6521c9211a044bd661cb39ce73ab6c9984923ffdebdf81f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e9ca4bd51c140ab361deaf58a8000478

SHA1
06921faa8e2a21b68d377de3d8224e67824216c7

SHA256
30cfa010161453a50a2cfe7e15b0f46fe4d6f271daa7f87739b71c9d2e280a66

SHA512
a58042cea9a209df6d93540cd93650fbeb77e9c4f5611d9dfbfacec201c1fef3d4800cae6332f93300578c247b1bd83f8db11130c1ba12b9efbaa21f32f4d0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ad76.TMP

Filesize
48B

MD5
25280eeee78c941d306ab2d1036c4cd8

SHA1
7da90937f46bc5d49784354a9177c9e5b110a2f7

SHA256
70b8fca3060459f2652ecd9e9c5ddf50ceeb654823b1bac01227da1b136e2327

SHA512
531d6b9d9eef7d567a55edab7dd8ca7893ddacba71e9f87fe89d19fb9124498cbbfbdf5a39c0628a063a99b557ae6f58f05d9700e62a524bdb0b426f9fbcb480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
ef5a6ac98187240259ae1ac65b843162

SHA1
8c2a86ea9d3e76c6f642acf23e9982058560b9b0

SHA256
961c9c0994abce29879148d0e1346ded38d259883190569a72ea64236ce28391

SHA512
cd573355080c3d474c991cc0d06af92c0379f75f3f75d98ab329c953204fb4609c0a804b7e48b1d1339a3d61b675b4a25b90abe0f06e04da7b24e2d09058c771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
0f5e47b58aa8177b3c0548b32b94a356

SHA1
aa85e2cf368e6883a83178a12928030e203b916a

SHA256
caa4890d5725202067521541c4865063e5e8577b76db71def9e1ba5e594eb1b1

SHA512
60d0c7bfba9c8958e52206650164c1d28bafffea67ec9c01710950d0e2505114ec0c546e09648013d5c4ff1fd8ce1aad361ec69a1bd6bdfbebc192bbe8cf9a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
d6469a7e3919b067063ad00b65229152

SHA1
f997a5fd843721ffeb4534d282c1f4e559f33124

SHA256
f6b95f2b222863248d5a6657598c8cff01c119789e0a1cb712b200a90eeee9c8

SHA512
99cbb16254f876b9191d68115deabaef2cde6393ba4f429f230680f9d48aa1673d67917aaaa48120e3e8b61af8005fed8398093d5fc6cbb0ad5810562a16a8fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
a473eb667d80e7b6ee46f2575cc0bf2a

SHA1
0fc0cf3574147e7ffb9f3544c63d72c05ed77bd2

SHA256
a364de8ddb2cfa8030a9d2a6d13620872211dc92d16ae247e71d9e45671e27a0

SHA512
5c7cba04182d2564cd2ae747cd07ccab2f5f2e202b2c84edc0d8b9a6e340e89fdb867057a838072810b32388faba816e31a4b78162bfa99c8588658903796370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
42c1ee2ae32f5e0d11de280b2efeef06

SHA1
f3d3da9ed12430a91eb0c6893ea5481db0b684e0

SHA256
2dfd8652c18fa8122e82d39f6a07e2e18d243892863ec0659bff346725cb17de

SHA512
7c1b37b903d2eeba95bf753a6abc86fc70786cfade3f8fda5fe2ee83776473f5ffec918afd9bef346fca75ce8f598b217113463ccaa59cc3f512ca64c0f7dae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
7748b0e546791dc770f889c0b44a653c

SHA1
6abbebac3fc309ea40bbde3470d3c5f3f6fc4aeb

SHA256
474eb5f738673704935f2f8d5d8d2c7f57feb7341baad456f98e51a689f87a6a

SHA512
a139b4228dc0b72807e41065724e0ec5e18ed1cefff5b873b6e7962833b58a8caf0e70f12a63fc5779da5f1d9edb3b661574324c15cbffca07b316ce1ab33441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
225ae0e9804bf876317eaa875feae361

SHA1
475b4f78b6e4cf06714b47bd1957bbf8bab6720a

SHA256
c0b55aa5bc4174adbb4e0f695717addec8e2c276c9af2562c6e34c222eb2239b

SHA512
fd2bb7396f722e485b1888b4b9c01cd6a7174cf9f2305883ea115591f8e011c7c7ffb4249054fc2cdabf3a6e3a1016102982e0fdbb1fa24d78eeecd1ddf1ccd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
62c21ce148bfc51182955be840b0e1b6

SHA1
28ef2ad0ef3f0dc705cd4c4c5b11ef9286d2542d

SHA256
51ba11bfc4a082238d84a0140cb00eff44599a87146f4f65f56e3e3bd217b8f6

SHA512
89e950c17509f01d96e99f3213ca540912dee99a50409793be810ebfad20a030fbdd6d1d9e1a202bf60f72b436e829bbd304f3da6c092480d9a30d8ed5ac1935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
19e47be9772f0bd6db2d7905363957b3

SHA1
ed142645ed779588b8dca7215028ead1da4421e9

SHA256
4bc1736f81206d78e253df5d74d962e9abb1564122d7455e84e932355ab3be7c

SHA512
58b87100c21729ccc62f05002eecc02bb29723c6d40425a0db1c5b9dc956f47d89040865d29112d070e32c4d78053addca1605d6a6aeea13f6fcc84170044bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
d85a015afee9fb45dd0b2216ce3eef39

SHA1
dd5104e6a7cb2e161a0305f9c59ad5abcc613b53

SHA256
ff7eedad9705b743a9b618ba34d3f6aa4ef2b08dc24a23528893eed277df8040

SHA512
0c76d092f8862b33fe9289f399e29ad2bd5c025efebceae99ad077c2ea2c80f0bd6200d48d5c74440ef94e4c14fe433bcc6ec1eb9c05ca41d39641e78a93e823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
313a8fa950d3311edbcb82f72f7673ef

SHA1
01c79e52c7b0b1908f3f78671e7f751ec0413c98

SHA256
3b96678e067ec2055a9ee371e4b73df5c2cfe760d63ea1b6c1d06338a9bd0f18

SHA512
995df0b625bae59772c969bbf6a8492ce3b3c437451a7a2d340401565ea8b666f138d63220a2cd705bb705372fffa9f17c91322463bce03e3b523d8ca26ae814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
d6bbc4a64e666348fd47ec7440281880

SHA1
e0dfb2fe37d09adc28bef13935340db606d0c068

SHA256
0f5c3f947462718024a5c9f71a0da851a7d48b0d4d90ff4a94b3d77a533450cb

SHA512
c7e2f33646a6ddb873ff930ec17c68807e181f2d9a092d4933ce12a09005ae4a9d1df6e9586cb89fce40e8c975132666c1ad54e15eaa0384e1b46c5a6e650226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c803.TMP

Filesize
537B

MD5
5b86039424127e21cb02be93f1349eb3

SHA1
b9c19120395caab232aea89797ec5bbec252ac62

SHA256
3bcfebe2a1ccf2701bf69ab6e0b538c0e9889c6ad693eab05eb6dbd96e549252

SHA512
3f8d73e7ea4c471cdbdd322666112f08b19bfa71af7d2cd7c8b2da25fb849082f87c2fe0829035048f95a1bd324a64b35f7cab959bf90cd3e3cb522507febc61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5657cee3bfc012f24c1dfff4d80ad2ee

SHA1
2137cc45ca029111784ddce24722d09e42998e96

SHA256
ad275c6293ce46f9293fcdf41c742c9d05ae5d7ef669bee0d8800fa3b0a0564f

SHA512
80df3a242d65ebcee201cdc7911533dd0989f115ee91a2f1cb6d2e720fbc642334b27e3e5ec3f5bb0efcc063e3d4ef72a1403b0bea4b47ced9d846a7c22b5fa1

Download Submit