f9753221feec9d106c5ad16120eb8bf9a6fcee1625d870373de7496cdccf4a4d

Analysis

max time kernel
1786s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 02:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a.htm
Size

1KB
MD5

752a1a8e638938f8e466e838b330f7b1
SHA1

5a66c6f7dc710496af18360253677a62a5bc260b
SHA256

f9753221feec9d106c5ad16120eb8bf9a6fcee1625d870373de7496cdccf4a4d
SHA512

e6f1333f3303b5c30e59e13baba529279fadb5a83b3984f0f83bffd69978146e062ab82a01e04fd7af2bed8a85aa6512acaebf24604c02a317ed8b633d736c43

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
2464	msedge.exe
2464	msedge.exe
3620	identity_helper.exe
3620	identity_helper.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe
1308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 4048	2464	msedge.exe	87
PID 2464 wrote to memory of 4048	2464	msedge.exe	87
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 5024	2464	msedge.exe	88
PID 2464 wrote to memory of 2524	2464	msedge.exe	89
PID 2464 wrote to memory of 2524	2464	msedge.exe	89
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90
PID 2464 wrote to memory of 4656	2464	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfe0946f8,0x7ffcfe094708,0x7ffcfe094718
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6054107889935767934,640993671420031174,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
d82e76c20fa8d14948fc28e57328b3fb

SHA1
e43ce9c3c6902f2375128f23b4f7306224e7d494

SHA256
6bcaa81d3038bf0e79cddf38e7d78fe4a5eb92075cc27d89d7fefb67caab991a

SHA512
e301868095f538c56045b75e152e0f52fc1cf4782c5a361ef3f1324eff2912877b41d29279a15a4abcb1b4e814a15dcec581c722f5541161320159f84614a0fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
340B

MD5
c32f166681915b30f1b1d518bbdbba25

SHA1
aa5c4573ef1cb73c22c79d341eae6bb1384312e1

SHA256
2ec2a8444c50ccc54454d9216d6bc20259eded16f17bc789b8a12c7f1538fa61

SHA512
762a5d9776a4e7f08356eff9ca74ebfd2b3499438766c58fe9f9c85fa77a6159c81e96164590c608b71b7f694a93dadb844adf8ebd7eacbde1c44fd0b2383b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3c525328a64cd4df2603dffae8dcd7a

SHA1
0d6552a3990d8767ffc41b0ffde44026ac7ceb58

SHA256
832b52016bb691d6ecb2f1f91b618202e3d3f0f9068e066aa383625e9f95f1cb

SHA512
18637956db3f2f24ec5be3eeb68bed8be5370426edf973d45a57abca662e09a5ccec12fc6b1193609ae05e034066ae2d88f3161be4298b528102860bfceee6a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2207fbe5ed0b972066563463b2edd5e0

SHA1
c962f191c880a16f295342f6029c30336e8d9329

SHA256
3261a8c9d5c1258ee305eada6c3fc1bc13644e21d9b252e119f2228b318e291f

SHA512
4e4ab04572c6621d25889f858aea2205c5595229f180693693f04d96cf0cc4691138d8828cb0092b6419ff3f8c82820cf70ef646412e86589b6d0ef31ead017f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
d4a0687c7154015061a6aeed1bbf71ae

SHA1
0484730d0b347d776bbcc5c140199d4803c93a54

SHA256
759f3e34964aaa12026d2e818edc960e9f0822784b90279ca049d4916e2b80c6

SHA512
50dad178864930964084213ad1f6b7677a5c05b80aabd8a4527a4c51d677aba85383a9a3e8db17ce2f9a50fcd217bf3834c11a9fb75120e38042db2cd3479416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
09e7770832e87e7f3f0f54a745e875c6

SHA1
fd2301368e1544916ceaba93abf712448b014b2d

SHA256
792fb05519d43d7d269ffce61d385242227b3be155b63c409db78dd18dfa8842

SHA512
2ff2f97875bfdd8d5cee0527817f5bfadac8fdb82ef4be5b8aacf38b63c6501f4a73caad2944c79f7725f9c48af9b0f13dc40949be8deeec56391ef69d086376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
8f1e96afe911c264a1425ddf6efab256

SHA1
11ce0c8522d2ea2eec09c16daea8059aa4e6f7c4

SHA256
f94ce60178f3aeecc016a2cb1e45f53db4c0e66b3ab990a8b73a91ca87ff2f92

SHA512
6b2d8101818a77cfab71b0ecb048c695a3e2d3b0dbe1adc74ff1b4d4f9c205d2b214a3365e4beeed859068ad7e557c5d750d5ad18c40f86395e420b7a0771a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
46a45f2f819480d77cb1d45acc88b0ac

SHA1
14dde083269f287140b22f8f3deb58e753bf3d7d

SHA256
e9eb30c20c5c79af850cb6a7cc16b9527628036a97e3020259beed5c409c7a17

SHA512
dc0d5dc9c7ded3b42818aa1b17edbceff8fdb5bfa78067bdb921c64725cef95e2dbdf9112fa9c2b859595047248a19a93e28b772f8202a3067786292d5f48e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
aeafcd1930ebef7fffd5d4cdf31b134d

SHA1
6a27e13a89fe02d6b7e62f8b70efb7f42b5fcc4a

SHA256
addd2fc46a13c90667a2736ba35b62f4f3ca542821df6c4acb0d0c38f7981a48

SHA512
ce3b9df427a8bd7c74df75700c71b3e6740989404528a8a847f518c0e8e7b3f7d87b760786c1fb2c74e50303e389481e809e007736513d15743fa3e7aa176d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
42961b282da1b55f9f15e06a0d3218cc

SHA1
53000ba407d91ce011cec7a07d1b95bffa1074fa

SHA256
342021502d403e2b4ad9aefa9e1f12b0f22d6392af2d685d75434a649a921b11

SHA512
34e5e47cd5b85b7a8361c9ef867c74cb95bd10377a905b01cede72db4ea0a862b867a98967fe461330633174106208c2fdd098e55a43c8208633c3f4a013872e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
acf051a2a09e98b0e217ab9489278792

SHA1
eecd3f714ac7d8a0bf2ab5c3599db77680da156b

SHA256
3b10b1fa25835629eb99525171babf768c078b8741831338f49f79ce20a29d10

SHA512
9be2850762c66b6e6689ef6c5989b27d0115751729644c10994e3a649062e0da1983c98b299f20958c6aadc3419e258a9352b08b47d7db0a903d33bb3ff983b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582bce.TMP

Filesize
538B

MD5
4c46e91205c7f0d935622767498723d1

SHA1
5e2c4f137522f1072efe44d6fdad2cf64f749948

SHA256
30b4aa5e095f1929979257e0d0431a1cc174d16e68b765125c1ead57125634d8

SHA512
a58824d18c62265813b23218596e3ab527aa3e7e05900db23f8f9c308e0fce9a442aa001f233b67fa062e22b6e2cab89e672abd31bf6d0e9b4c35ef8bb33c2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fc39d58efd3a411de09c86a339bc75c6

SHA1
34f6aa0bd3b35f4ceb04c21e9fd0f12102e9b47b

SHA256
d2f444704aaca4136cb5a4efe95ba87709d83b0915c5004dcb9237c810962303

SHA512
6a0c85610ff3d85681b7b39db6f669ca9ab5212c41a77597429618359c7703ab4dd2ee1360de850c2bed6b34b350d0e9927cfec149dba459cb570fe787309f02

Download Submit