Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    57s
  • max time network
    63s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 09:42

General

  • Target

    https://attachments.office.net/owa/[email protected]/service.svc/s/GetFileAttachment?id=AAkALgAAAAAAHYQDEapmEc2byACqAC%2fEWg0AxPs3MAxWl0iXP9MnLfhqGwACAKAafAAAARIAEACM%2b7yAD1PTQ6dBS7EgT6v0&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbTo0NDQiLCJ1YyI6IjllODgzZmRhNDdhNzQyZDFiMDM2ZmQ2MTdmN2UxNDNiIiwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA3NDMzYmVmMy0zYjFjLTQwOWYtYTZmMS0wNDlkMTI2YjIxZGUiLCJpc3NyaW5nIjoiU0lQIiwiYXBwY3R4Ijoie1wibXNleGNocHJvdFwiOlwib3dhXCIsXCJwdWlkXCI6XCIxMDAzMjAwMUQ2RjNDOEE0XCIsXCJzY29wZVwiOlwiT3dhRG93bmxvYWRcIixcIm9pZFwiOlwiN2JmYmQ4ODUtOTQ4OS00MjY3LWE3MTMtYjFkMGY4ZmQxNmMwXCIsXCJwcmltYXJ5c2lkXCI6XCJTLTEtNS0yMS00MDA2NzM0MDc5LTM2MDc3NjE5Ni05MjYxODQ5NC0xOTEwMDQyNFwifSIsIm5iZiI6MTcxMTUzMjQ0OSwiZXhwIjoxNzExNTMzMDQ5LCJpc3MiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBANzQzM2JlZjMtM2IxYy00MDlmLWE2ZjEtMDQ5ZDEyNmIyMWRlIiwiYXVkIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL2F0dGFjaG1lbnRzLm9mZmljZS5uZXRANzQzM2JlZjMtM2IxYy00MDlmLWE2ZjEtMDQ5ZDEyNmIyMWRlIiwiaGFwcCI6Im93YSJ9.II9xiMxs5LFosLAbmlOVErXu8LMdQ7ERvX71DGNtzY9PF8yx16EZ62gnJ55aWN-UzgL4Y9jC9leJD04w1I0zGPSyKWYnigWrIV502huAGole7gmp7F7mYa7LrIAVbU6tjng23l1YaJ8mAMBQpegjR3Ol7t4Qw1nG2GgeGt8SlYLpnajJaksvS80Ltlzx3ysovtGM-jSxcKmFEE00nsjCumx8xfy8yYqP4Bxk9t4Hoo_E8MWu88QqV7xg_00ipazS5hXyyIl8cE6h8opyID2clZKU10bEoMD0rd61tW7M3vRNCaMpja4uA3yNMo59bN6InruBTkXiciYp79wkiCpOHw&scenario=LegacyRedirect

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://attachments.office.net/owa/[email protected]/service.svc/s/GetFileAttachment?id=AAkALgAAAAAAHYQDEapmEc2byACqAC%2fEWg0AxPs3MAxWl0iXP9MnLfhqGwACAKAafAAAARIAEACM%2b7yAD1PTQ6dBS7EgT6v0&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IkU1RDJGMEY4REE5M0I2NzA5QzQzQTlFOEE2MTQzQzAzRDYyRjlBODAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI1ZEx3LU5xVHRuQ2NRNm5vcGhROEE5WXZtb0EifQ.eyJvcmlnaW4iOiJodHRwczovL291dGxvb2sub2ZmaWNlLmNvbTo0NDQiLCJ1YyI6IjllODgzZmRhNDdhNzQyZDFiMDM2ZmQ2MTdmN2UxNDNiIiwidmVyIjoiRXhjaGFuZ2UuQ2FsbGJhY2suVjEiLCJhcHBjdHhzZW5kZXIiOiJPd2FEb3dubG9hZEA3NDMzYmVmMy0zYjFjLTQwOWYtYTZmMS0wNDlkMTI2YjIxZGUiLCJpc3NyaW5nIjoiU0lQIiwiYXBwY3R4Ijoie1wibXNleGNocHJvdFwiOlwib3dhXCIsXCJwdWlkXCI6XCIxMDAzMjAwMUQ2RjNDOEE0XCIsXCJzY29wZVwiOlwiT3dhRG93bmxvYWRcIixcIm9pZFwiOlwiN2JmYmQ4ODUtOTQ4OS00MjY3LWE3MTMtYjFkMGY4ZmQxNmMwXCIsXCJwcmltYXJ5c2lkXCI6XCJTLTEtNS0yMS00MDA2NzM0MDc5LTM2MDc3NjE5Ni05MjYxODQ5NC0xOTEwMDQyNFwifSIsIm5iZiI6MTcxMTUzMjQ0OSwiZXhwIjoxNzExNTMzMDQ5LCJpc3MiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDBANzQzM2JlZjMtM2IxYy00MDlmLWE2ZjEtMDQ5ZDEyNmIyMWRlIiwiYXVkIjoiMDAwMDAwMDItMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL2F0dGFjaG1lbnRzLm9mZmljZS5uZXRANzQzM2JlZjMtM2IxYy00MDlmLWE2ZjEtMDQ5ZDEyNmIyMWRlIiwiaGFwcCI6Im93YSJ9.II9xiMxs5LFosLAbmlOVErXu8LMdQ7ERvX71DGNtzY9PF8yx16EZ62gnJ55aWN-UzgL4Y9jC9leJD04w1I0zGPSyKWYnigWrIV502huAGole7gmp7F7mYa7LrIAVbU6tjng23l1YaJ8mAMBQpegjR3Ol7t4Qw1nG2GgeGt8SlYLpnajJaksvS80Ltlzx3ysovtGM-jSxcKmFEE00nsjCumx8xfy8yYqP4Bxk9t4Hoo_E8MWu88QqV7xg_00ipazS5hXyyIl8cE6h8opyID2clZKU10bEoMD0rd61tW7M3vRNCaMpja4uA3yNMo59bN6InruBTkXiciYp79wkiCpOHw&scenario=LegacyRedirect
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5032
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc865146f8,0x7ffc86514708,0x7ffc86514718
      2⤵
        PID:2360
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
        2⤵
          PID:4164
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3384
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
          2⤵
            PID:4380
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:2608
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:1768
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
                2⤵
                  PID:3632
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
                  2⤵
                    PID:3108
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
                    2⤵
                      PID:1924
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4932
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                      2⤵
                        PID:3016
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
                        2⤵
                          PID:2596
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                          2⤵
                            PID:4544
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
                            2⤵
                              PID:4256
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
                              2⤵
                                PID:1956
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
                                2⤵
                                  PID:2884
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6048 /prefetch:8
                                  2⤵
                                    PID:4604
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6088 /prefetch:8
                                    2⤵
                                    • Modifies registry class
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:944
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13197814572060254169,12413409284244505313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
                                    2⤵
                                      PID:1464
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2820
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:2092

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        7c6136bc98a5aedca2ea3004e9fbe67d

                                        SHA1

                                        74318d997f4c9c351eef86d040bc9b085ce1ad4f

                                        SHA256

                                        50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

                                        SHA512

                                        2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        5c6aef82e50d05ffc0cf52a6c6d69c91

                                        SHA1

                                        c203efe5b45b0630fee7bd364fe7d63b769e2351

                                        SHA256

                                        d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

                                        SHA512

                                        77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                        Filesize

                                        111B

                                        MD5

                                        807419ca9a4734feaf8d8563a003b048

                                        SHA1

                                        a723c7d60a65886ffa068711f1e900ccc85922a6

                                        SHA256

                                        aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                        SHA512

                                        f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                        Filesize

                                        111B

                                        MD5

                                        285252a2f6327d41eab203dc2f402c67

                                        SHA1

                                        acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                        SHA256

                                        5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                        SHA512

                                        11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        8b86575310c2382ae6e7fd50f3ea682c

                                        SHA1

                                        87901daae1cf0dfc44343aa2ccef0c1b5aa12fc3

                                        SHA256

                                        91bd51897b20b255a7720b48305ec0773be16bff4022d80f7f76fd67d76c60f1

                                        SHA512

                                        d33823caf64ab2a9a2f3b912a23fae1a4703115df961289beb846c30d2806e446f3dfb02f1b50d95fb2e324c3deee70c5753228211c6ab7710c9f336557d4232

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        5cdb90e6cd53a83ae7aec06e179f33c2

                                        SHA1

                                        1b0b3ca51eeb2837280f0695c51768ddb3a23979

                                        SHA256

                                        44fbeb04222636c2afc70a8d23f54ececce11137f478ddda405a5940da88f4b7

                                        SHA512

                                        f7cb3635ef6be01cb6bc7bddd50ac8d7e9cb8c4f7f93cbbc93efbb6003f767afc79812a9ec762bca39e398e13db9815145d84ca1837a3acafea0c508c41fb672

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        d5a956dc4075f311dc79365a819f6a12

                                        SHA1

                                        00aafeec82f02d8e4c50ab9ca20fd20b62b44d3d

                                        SHA256

                                        e6c1321bd0fcabf503a74221c15e05355dbb9353694d0518f18287b505064e53

                                        SHA512

                                        db3412cb5e519cda502859651101fa7ba68da7ca849141e6490f79b09755e6747b749d7a730630f6083310ac8f5810fe593f0e390c960e7105688b8a0f9259b3

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                        Filesize

                                        370B

                                        MD5

                                        db587a260cc36c3b10ce0436bba0c49e

                                        SHA1

                                        d591fab5e36c81c52bfe62d416e18ff10adc3e32

                                        SHA256

                                        429aff77f95c69266c899952736e88f41dfae013ff8f945407c30eea3abcb619

                                        SHA512

                                        de824fb925c7d10dd71d6fac1d92b4cb754642a677f53355bc176c28ebf76049a799a5937a3da22592663507d20cdec7718a3ec7e82bca55ebe160fd41309cb7

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582110.TMP

                                        Filesize

                                        370B

                                        MD5

                                        d5ee6a10596a351b3f825cfb85dc9015

                                        SHA1

                                        25df989ddc752cdc3b60a3e2dc7618f24ed77922

                                        SHA256

                                        3f0338db8a4468a3a080115b38582c92f3415edd84811d3c0c5e2f8f7185f9ed

                                        SHA512

                                        7c7de67137246a46b1fb8f06676c77919b505b64a1868c3de5f028729600394c69d122c9602a517c34ce40413e5840a11fcbafb52a348acaeda66d21fa7e614c

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                        Filesize

                                        16B

                                        MD5

                                        6752a1d65b201c13b62ea44016eb221f

                                        SHA1

                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                        SHA256

                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                        SHA512

                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                        Filesize

                                        11KB

                                        MD5

                                        a259f820a2c5b51083e642c1e739d794

                                        SHA1

                                        f4cf5a5bc37fcbb30deb457bb11f7665f36f99ad

                                        SHA256

                                        65ce859b73e21480bc6f796e8c6811c15281b3ba703ea6074c53136a1a840b7b

                                        SHA512

                                        35d1f19a291c2ed126a5e6e6e9872f901fe8425bcb5b2336bc3bc71aa8c38ff789d62855a69fc8e2aed690e0c26dbcf62d2989af3a2ae9515251a45b4cccc5a7