hxxps://www[.]thomsonreuters[.]com/en-us/account/billing/guest/pay

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.thomsonreuters.com/en-us/account/billing/guest/pay

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
2556	msedge.exe
2556	msedge.exe
1600	identity_helper.exe
1600	identity_helper.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe
2556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 2580	2556	msedge.exe	89
PID 2556 wrote to memory of 2580	2556	msedge.exe	89
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4460	2556	msedge.exe	90
PID 2556 wrote to memory of 4512	2556	msedge.exe	91
PID 2556 wrote to memory of 4512	2556	msedge.exe	91
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92
PID 2556 wrote to memory of 4828	2556	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.thomsonreuters.com/en-us/account/billing/guest/pay
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6f5e46f8,0x7ffa6f5e4708,0x7ffa6f5e4718
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,12774387893749747747,15481556339038697793,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5432 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
dbaeacc26aea90093289f6441c0ccee5

SHA1
5550c7802fb59777cf8a66670e31a7019319cc61

SHA256
7a3c391c84c04575479be99b92bfbcbbeae84ab791804958fa137e324d0c83ff

SHA512
b5442c50c04d25821aeca2b33a612397b69290d9ce24fd0a0c0e4df75a502d407d7dafa4d538acf94b13a96f23c72b7644ded7dcc3b9cb0c71cca887a0aa8d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dbb9e9c9dd275b13c2e8b352617b410b

SHA1
7f8c84c6c17c09f39334246a0dc559253b80f5c0

SHA256
072d240b20dc8435a939087764aed4e86285ebb8d6ccaa2cba260a8c34707d41

SHA512
85bbabe331257dc0565e1dc328b22a807ee26cd19ac8a49e05aa25c6605eb69771e17ef30f47703017c21e33bae3ac099fd853fbcdc8708e3f37588788255b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b15821f7ac397ba4a4fcfbc4154c2d38

SHA1
efeb52fc29ffd3f3c9cdbfffb2d0a953ea1f5627

SHA256
dfe43a3fe9f47e8fa596c7c1b26c9f4cd59fc9d4f2c97438dc84bd39c824b49f

SHA512
cabafdc3f8477c30dc3d5bb23abefad01977048d3ecb11534c03adafef9dff2e9b908eecd4e94de90d7e96e888502962123da0b885949e0201724b4824cc949e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
de25548e1769de5a5e6e3d31f38b8eea

SHA1
ba49dc1feeff48128ccca443b685e34edf776b7e

SHA256
b3039ed1b09563b11bf180c74b59ead3dfe0d0587cb1898eac0f9f1352a69c3a

SHA512
480594dacf721f64bfe409235c2c4c3bf4e532134edef6a72fcf5ec82f049b41a365fe9e9d2831dc9c7d5906fd47c596582c578f7aab12a50c2b2d34a011ea5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2c9e8b926c63676ca8803b9699c5514

SHA1
825374db9d7843f896ae3f28c657ecc7d4abfe0f

SHA256
941f5c4c989e65d9f64178ef0581bc0cd42864d7c984535bda37f572c349e405

SHA512
ab0b0f0b109769e4fe9d572de3d7f05cc3fd71c4b3c3c22fb5f0c2ce434dd3054be0acd1aa42118387626f7829c02e67556064a3a60af7858d58226a72fee6de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d033850026868f6c4175d947535695a4

SHA1
aefce85a66df24c6f187feaa41be97cdf2cdbd66

SHA256
446fc4d145ea6773724aa2ddb5075032ed94779faa156c6a953db87442f3e832

SHA512
6c0ef9a12ef70105d5c94cb1f56d132f43b4dfdddf4dce156b63da3d64a208f0107835662ad54fe6c6eca8f73d9b329921a79861c6398dcc0cb7689812f99482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0f9af136547919997f02a99b833681eb

SHA1
586af27858b1a34f8f1d4106f873727b6358efa2

SHA256
41391e76d4fa93489bdcb1c0271554ae4e5105ccf6e6583625e6098a343daa3d

SHA512
b6d28477479f66c3e13ef5e6ca72910ef636a826cd9f487d9ab0b5fdb308963835080983555a9a8920bdb35bdd420e1406d4c276aed9bdd79d08154f9575ce35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7e82cc9261e13943ffc6b994ac0666e1

SHA1
0e7fe0da0156ace7ade895682da9f96616ca225f

SHA256
a511a64d8c55950472960cb28d32e95de675aab8b0199051e09c6de79099ecae

SHA512
2dfe94ce53c33d2753c8daf0d627e5bc153704b78ad54a67252437b093ca241afaf4560073b4237977d0e3b49add407364f94e4a13d23b82e0f39736ae2e4c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
43d591281da63b99552cd5d52f5bd3a2

SHA1
680b1390c27550cbf61e20d4023dcc082bf20207

SHA256
3382b3e1e6dc74844e974d0f5a540cb8c10d900224bb77a557890be2050978af

SHA512
3d6a0d192836c1dbae730a301bd234f73ac30522e9e0f41c21a40bd08be2449705bcb5cb8be550bb83d04152977300000fc331a46637d21b260a4a73293bdcff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8c6689a4b5658ef9b6bb46b8bde1ea7f

SHA1
9d83a50ea78af8afad4622e7050ad06f63c32564

SHA256
a060b8a65faabacaee008f8d12e2aa0f02207185ea4fab39564839fb252628d8

SHA512
faf635adb474bfbcbf20e37b5c5027c4c8b5044f6f940dec5d782b63bbf1af14ef087317c175997411e47a6672569fc785302cfdc37f4b55c91933aecb85a289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2380b485966bf8d1a8ae9747b055fc1b

SHA1
a03086d4e63977f59f4155775b8ceb587b385c21

SHA256
9382e0c6202b6dc7ee914481ecaabbf3766d0a09af8210e98135c3f7f9880ae1

SHA512
c29af31e690c0589b641282002f6996102f5f072779f5039f8d4edbe97d7c3ede9d230f47b7396f93aa6c30d23b8be0680c8dd35e0bd6f2c2873264c3adff5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fb1a3c0af2967a57c85b0a113672b0b4

SHA1
72ab5342b0d722948e1864ef1df54403e31b154b

SHA256
56b3512ce0b13e40fe9bf0beca34a479c7e8d883018f829f685898296a5f36c9

SHA512
7e64ed0b9f378ac15cc5907908dba81e5ad01e7767e1bd22b8c921ebda56efd9229beb4d9b09f2aa34d435b76675f36c7b58ab4e0c0c8af4d9be33faddfa7d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57adf3.TMP

Filesize
1KB

MD5
b5b639b08859ea96492f9252d87ad20e

SHA1
f887bedde900eb64716f681324388bb554950271

SHA256
513be2653d6f71bd968248140854ea280c44f0a017a531b3d1b93e144987b40c

SHA512
dbb30c77c83ebc940794c204ae9a18585e42d458c3dcae9de2df553309a8aeff28fe0bf1d33995c9d6f566a8cfd385492aa47fba54bd8de280c6e020928edc7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c5508cbb4dd6ddc6e774df4fbb648ab

SHA1
494a41f1d7284aa8735f80d54e8dc634763829d7

SHA256
1d1f06fab2acb5313cfa666e4b18d1d037292d34101603beb152c267df954dbe

SHA512
3ba22782882c44d5905e1c78d76c10ca6a996a911b6ec628081a8fbda7f9f6e1c194bb2b8f62c7406fde12e99f2296ae8ba853e41007c381fe6a1293fba7ef20

Download Submit