hxxps://twitch-vbucks[.]com/

Analysis

max time kernel
352s
max time network
394s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://twitch-vbucks.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3540	msedge.exe
3540	msedge.exe
4196	msedge.exe
4196	msedge.exe
3908	identity_helper.exe
3908	identity_helper.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe
4196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 3248	4196	msedge.exe	96
PID 4196 wrote to memory of 3248	4196	msedge.exe	96
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 236	4196	msedge.exe	97
PID 4196 wrote to memory of 3540	4196	msedge.exe	98
PID 4196 wrote to memory of 3540	4196	msedge.exe	98
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99
PID 4196 wrote to memory of 2656	4196	msedge.exe	99

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitch-vbucks.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fffc49c46f8,0x7fffc49c4708,0x7fffc49c4718
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,17334889620999026904,9684558985001089344,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
0df191770fd97fc8edffb7e14f9dd029

SHA1
6d2cd3b568f4a5a9401a04363b97760c026c5f6d

SHA256
600b711fcb30e53cbcb587b3bd3d5883e9e6047a7225eb57935ff02aed4adf5e

SHA512
6555d3d96d3079c4feb479701f937ec7b86eed0f3a3eb25319e4d94cad2a26c64a0b70f22ae17adda048d09405ca389fafb3bb38d26813e7802bc46482ad9bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
7f1bf5d637aded6526cdb24901a02364

SHA1
21242238ae04d1960fe4a7c385fc1603351d9359

SHA256
62683d9c2f118b78ea8987778f3ac4bc76fc40f448b4db3772055864b5ef5ec5

SHA512
193e8696bffea84a66e6fb793c0407ec04810dd613124e99c800f3e749704e27a97a66144efd55acdf38ae11a2e1a9733dc23b846269e902f4c1dd7319e73620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
530B

MD5
27f78fbd8657c25adf614029a245f1d1

SHA1
1b0723bb5ffb229eb82c75a19d7914cce0b60983

SHA256
0517616ce09a62b23bc196777ba940c6897797afd590b408381f019996fda178

SHA512
51217b14b0946bd72bffd32866a9c4fdddb3b4ed2849d993f654beab2b14150d84c2846ac9fd801d3d806296a8c8c0d262b074aed138c7be428dfe21b4aaa643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
685B

MD5
3682fd4f0fc53e5c2a23a58f22c8ea71

SHA1
e9440f4ad1c5f9e28827101621a07bea7616ecb3

SHA256
d75bc76ab902fc794d24983995fe8cdead99609eb138bd0b71302b84efb2826e

SHA512
f735a2d719318dfd351623f5a20a1f426494261ba8f184cb2bae931d08b318733e38818d54e361040c8e56745d788d75b5180f4329086f25d0181478782edc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a4e5c838b1041b22672dd791fcb5f40

SHA1
c6e3c826f371661a59e94d52af08ceb87ad18ca2

SHA256
cbff79010feee9f8e594a30b07d3497b66935c134748d38ea1db5edc3b4fafee

SHA512
50e4b54906f0c313e8a6a3e620c1cd89966c8195f6a0e8923f920694f63195351f9cc5bbddb095063c80f1a2c8d6d95cac07918fbf83a844a4c965e982291b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93c9c63cb396ac7ca8f8e7b9204bb218

SHA1
d0649530ae5724b863fdd59c014f186dd46a22bf

SHA256
761e18141cdf3c1e378f1cfb03873e5759339c6c91a16b6951658a2574babce6

SHA512
913da7fa6eb5213adfbba440cef7a3258c6e64912aa26137ac13350a5aaa3e1944b3abda468c26c72b4175c378d7d67fa1ba469f99fa8ab0f58f688e73c6a4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a802f7df05fa70e420c544ee568bcab8

SHA1
3f8ebb03afa5a98258bb976bbcdd6d2fcb62de07

SHA256
c91e05d5478ba400cceaa93967fa7db8db1579327154cc4cae531e40b43ded3e

SHA512
ce165ada2fab3534a71c9831d6639888c68e7af1f4fc78a9f29985c5c2a20eac51a029c67db86aaf38a38e214e75f4b4141940e33d57e28ec289ecb2f5406ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
622c7e2c328ed31f5656b85bb1a5a288

SHA1
1d2e706fed16c3a1a40fb0604f39c97e5ef4f02e

SHA256
1eb14f0ea6843d312789a9509af4d1b3fb266eb0cc0afb1b183359dadf06561f

SHA512
dc399391dc7151397e2fb72bcec15cd7c3460cc81600a22bf779c3a1959650492999ddbffe522ba90fc26bd3399654d544bc0d4dce5fcf2821c3d8694bf65d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b0322390a97ef3a4ebcf44ac2691a32

SHA1
6f0e2921b0af9289bc8075dc24bdfc48c81a1f48

SHA256
09e6643ee1ee120b1600d683b1cb9c74f053ae945c61fe38dca840d867573a81

SHA512
f96744b81b14441d9589d96bc8359316a0a5f689caa3e25dc731753a282805321dc0b9b573241112035e6d17bb79544fe83ae7ee93e2b18a34ce774965ba8a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
e68876fe5e654c1b5999378fcd1e401f

SHA1
7382da8e0f042d4187efc094e40334135b6943d2

SHA256
345a4db8e0cbc2d1e7126c2a4b73072011cde223701e4847b32084e370b92bf8

SHA512
c9c6aba992f4f2817a631e1b00acddc265a6b06887211005e4e1198966642ba4b4dbfc31a8decb6aedf98c7e29583a703b691775e56b00dabe65f1ce150e61e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
fc1082c7922040beaba9da9eff24b9e0

SHA1
e5e0cc08111497ee12edb50eb2557ade9b56c8bb

SHA256
9cbda4419fb05f786747161763b64a95440505d2df64f098557716e2ddb778f2

SHA512
a89d5aaf7cfdd8a1b486f991c242352e5ba211506facb16a70cbcb74e093b2095c73eba3cd55d1367db398d3196b1bf13ca5d47e8285596aec067e79602eedd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
c0610cdca83c3cf875719d02d570be41

SHA1
c7e08d0ced3409f0a994c2df3260a99a08247fc7

SHA256
54da8a8592233052dec766e69d19124d9940a5bbb9b12d43d7a929422280ad53

SHA512
29d4318569bbead0999974c2d5e9a163f8454e56f7cb7df0a2f7134000f1d820d72c69c8a44656a0fd9d4f0655a9a19031998db19b12f70cb8a67bed27f44af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
0cd42557488d228fee81796d8852e2ad

SHA1
775ed595d12b46833b63a231f97ea62e2f5a5766

SHA256
45defb81e7c8ac544dd051aa11a8006d8c3b38ab76d5e092e37fdc1121c81586

SHA512
c7d94999d7eb2469cc880c996818295a9d05bb6fe0589ba528814bcc9a435fb5e74ae48c0988f4efde7428a38eab451707710cf2aeddfd979bedc59c9c624712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c119.TMP

Filesize
372B

MD5
1c4d81f021edb1e3d4d4661a3233d734

SHA1
b3c053caf94e39d6cb67a719b3691aa8293c578b

SHA256
08db288b0eebd5059be4d3ef08972fea2ae508b8ac3e90de54067d8cb270420d

SHA512
d95eac91bc11b7013b858b1f0ff7a89c256504982dab830289b30b23ccb63a82320fd23cc2cc9f4beae1000553747226a7a9f42ccf4484208c1dc9f3cfd70fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a947c09b53e450f9759ba247b9d51fd

SHA1
0663c89e6b4be58a5b1cf28935cefc27e06c185e

SHA256
a340dc237847fb3a76c8aa0c9a7b23c56258725366af894b26feb77d7f79be2b

SHA512
8bba146bba9ab041dda7c963e97851212d4d60df875e283ab7b2231ea1198e6fb811c22731d322694af7311d7a403dbe65b73213d2ab12e6b10e877029f09757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b7f6b833caae672e8fb9061ee8dbf15

SHA1
a17b14830bf47c1b92c198ad12629fafa0d8b704

SHA256
8b4722bcd94a0a7e10f98a9b85b406ecc8c3dd9955bfca14e69c8074833a7acb

SHA512
ab28e33d32d2a6b7373af16114d3275df896093ded613a6ff196d64b79fcc7535fe6fe6bbda5518b9648579c0a367fe48722364710ce151c6b3e9c13e27f6f8d

Download Submit