hxxp://absolute[.]de

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://absolute.de

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
4792	msedge.exe
4792	msedge.exe
2652	identity_helper.exe
2652	identity_helper.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 4396	4792	msedge.exe	87
PID 4792 wrote to memory of 4396	4792	msedge.exe	87
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1676	4792	msedge.exe	89
PID 4792 wrote to memory of 1524	4792	msedge.exe	90
PID 4792 wrote to memory of 1524	4792	msedge.exe	90
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91
PID 4792 wrote to memory of 3248	4792	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://absolute.de
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb2a746f8,0x7ffcb2a74708,0x7ffcb2a74718
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,13279244035079306420,6159650942945974317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
3dc0e51eb51c51033054c35959db3cfc

SHA1
c17735040f61ca160f804f5f7aa747a2907edaa5

SHA256
b3c4cf3abb9013a182647aebf5c3dc761d40b9bd5278f8d7a547ed95556a8819

SHA512
493944f756e6c4d5e2ec61c464f3b3796626d5dd810b5e9aff56b6cec6d7a34e3ba88df5767f5c8fa8fc6f1331b69f059da4466cfc8ced081ed34036d6a47c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
3a2ee5b226340b9c79419a42217cdf5d

SHA1
bd2167540c006ac043112cbd4e7e816534f60ce7

SHA256
dfe5a811dc46bb545bbc2eac9f0291f5f1544db0a755980946cde84f102c1b0f

SHA512
4ff49bf80e90fcf61445cc87a63653eccb557c6a74d5e7dbd4c47c74ac49e3f6530fa2259f9ff29254024d55c3507a85e08c4fff30b0c615d52eb0cc826098bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
9e1275231d0007b3a42906cdadb34ea6

SHA1
de552221fd88afa25f6cdeceed2c825d4b40e41e

SHA256
3ac46af51f438f21927049f96db54e3060b81606bc3c1acfae0e125ac5c530e8

SHA512
5db406df1b09a4bc46c299deb653b949ab1dc6701977c5d964d1969333ea620585a5773ab3557ca87d19d18727e040a38285aca132828ff3491bb40a1dbee521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b263873f2120f6a7461b69a7640e7df

SHA1
78d0f1492f4c493182ada3ebc796894b872ec09c

SHA256
08d58500daf845c5884a6319562f32523290546c8c9c32baa5057d7c2d3ebc01

SHA512
ce121650c26bcb16b24139a02739ed09459555a5a68bf5622f3f194722e071669d3e73eae65b93b251886eb0e9e984992a79390c01d79586398aedc70ceb6d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc750558a128143aaf1d1ac90f4ebf36

SHA1
2a0170622baffe47e1fd9641347d0da96402c7cd

SHA256
3c2731d00d2020721b6622c489892428c60c142164f78f57c33ce5235b2da436

SHA512
5a8cb723fafb89254c48b0b27eaadbec17fcc9b1a4ee15aa4a18ce5922e6828f8b332078fb6d6e97ccead3450704fabe684a7b012544d2ff02b9942a4a4421cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de31326835ebbc12b63328e7ba91b131f56cd276\cf866f86-e5af-416e-a5fe-f7f650aa1ad8\index-dir\the-real-index

Filesize
1KB

MD5
2b2c5fa2de0badaa37fe3d969bffa1b2

SHA1
06b4db2b39dc80765050a52b0a316a4188e85222

SHA256
818bcac6102261e637c5b2d2399922add02d63654ac604496c01dc8bf120b70f

SHA512
f598e329787ce5ef4341884feff24102562431ff8bde96e63b2a08f2d8d615a904938ec746144d67c4d0b9763dfcb0cae81fbc6668098cbce7a0ea8b0d66aac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de31326835ebbc12b63328e7ba91b131f56cd276\cf866f86-e5af-416e-a5fe-f7f650aa1ad8\index-dir\the-real-index~RFe57edfa.TMP

Filesize
48B

MD5
15e5573a6e2c82dcddd2f62df4d8af72

SHA1
a5e7b005bcabf77a742c0d56ca01c7af1156d5d6

SHA256
82c998eedac4d329b43cc36b5d1680cf31d85c8ba31e28abbfd488afd4b1321b

SHA512
8fc40a9395d4d06e67c6ed407f2bec76824a16b0ae6ec562bb4d39d7f37707992bc0c2a095d1e685fd9f1e2f3a14d0b842a132b6804216668da84cb7edfd5df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de31326835ebbc12b63328e7ba91b131f56cd276\index.txt

Filesize
95B

MD5
a0c0c101197dab6bef8362d450c3ed47

SHA1
b93e76d6821cfcac7c313a123335a284819b077a

SHA256
4f13250a8890fc53113cfbaa2fa93f04e0cf233ad2daadad3a78fbe21fb06f30

SHA512
870ebddd060949da491331c24d4461eb92afbaea058bc2660752ab4ad2a5f1d101e7e055f9a07e7d712e1e826bdc3882b910c3314b3a82e8f2ea9ea3862fa7b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de31326835ebbc12b63328e7ba91b131f56cd276\index.txt

Filesize
91B

MD5
b43ebc4cf99e441468a25198e584c8e6

SHA1
f77bd3d8fcf6bd9728f3ba684ac5203d7fa10fb1

SHA256
201cf2bf53ac230b51ad21a4a4b241acd243d805e1428ebd2d18365e4469c9d3

SHA512
92fe6a2af25affe74dd7812a7de77be375b5d64f3875da7b8d64d9ff047f6e2d69219a7eaf5593cee2dbea1f13dfa7c4768a47472ae5d1fba1da54ffb5af73e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
c2909faa48c094b9e23fff38b01575cd

SHA1
7934aabf16355f3198e34a7a5ac89d216377370d

SHA256
51749b9471b32dcc49352dea65a79e1ec02b2f509d7970dbd125cc3d634aea34

SHA512
038ffcb83743fa75fb88f50ed809f277743e82ee84aefc44dbf84c1401858dae41527bddc063b0f629445fee8a2417e7139fb0fb600233838009155304c53a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
bd70a0f80453cc94528047bdbfe6f3ae

SHA1
b4886c48601b121a1a7cd8930a3274e2b9f247f5

SHA256
c36e710b0dfe83100829b684b274084c63243270e00a66f7c30b2da5d89f2387

SHA512
21a28351ce43f3ebb147c3e87285b956c044b34c40f414cc1656035a33239cf100565720a88514df0690e0b0c7b29aab88166f5c632dbc7831ec2050a8ecf1ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
5b29e07a51aabf901f794e253e1cc122

SHA1
7753dd76dc7a50970a487e242667d3424b686816

SHA256
025d2d0a6f3bc2af87e6088b7a430c94abe68aa37969e61dc1a5ce0ffed3144b

SHA512
2aab240e90057165ce82bf460c9b889db1dd081c4203fd2f4ec1762504000b65ac5ad4111325ce50f2f6f1d4ce2fbd37be4e348d04fc46416091a3863c14f732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
cfe5f7056e56136fcdcf3fdd30abd54e

SHA1
2ed0f28a4a1cfa909d302c7e2eb7fec3196ed980

SHA256
d87a0b241bb569e3c2d21ab27fac62bb104be39612c5b7bf91287c7b6c5a910e

SHA512
3195c4f56f5e2395b69a7736665633462f2e35e63ae943cde9b01bf9cd14d996c8cbf02ff2065bb31d786764bb4d63e97cf0b41d46526ea7af9ca96e66c0cbb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
8ef3b236048d491f709c318bb7b2042c

SHA1
ba8a39404b7bac84d814bf170802e1df049b272c

SHA256
09556b0b51b4edc61d59ccbded2984769377bc565be442b4440d2db43420ef80

SHA512
172841821de249c4132ec723edddf184038581479fb194e53f72aeed9e17208f66e44bb1bc877e143520dcbdfe8a40e4a47d26805ef9054082f5ef7d50b9fe4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c95b.TMP

Filesize
204B

MD5
05c3fd550f2a8c1bb41a33ab39e3b475

SHA1
720fb83f652ce5401be164343d15ffbf9faa8ea3

SHA256
09951cafbfdf4c70efbff27e6659b6ef311e9f2cd0fcb73c7a0a79b9db0e36d0

SHA512
9f609cf779a91d0df16d088f93edb20ef4169aa28c2b0d29521c9315517c03497780cbee58b8bd38f113f4ad729137f1a16e81718d8c8f0e81f5d57c9bc70441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f187cee5e3111c3883450ad9d865ac30

SHA1
a52e99e71a3556122609b8d25184cb87df01048e

SHA256
f5d4d0d22a2c4c172fd0914bc4bb5cf3ee2e3e6625f156364704024a7d4afff0

SHA512
78e3efc78569496e70c54e1b5b430449d3a4d80ca3c415dd966e5f545715bddd80ae94c33d99a3a105af22fe42b614e1d71604819957330ed7756b009e7bef48

Download Submit