hxxp://emailmarketing[.]locaweb[.]com[.]br/accounts/180841/unsubscribes/9/561?emkt_c=1711998790&emkt_v=ZWNzYS5pbnRwcm9jdXJlbWVudEBjbWEtY2dtLmNvbQ&envelope_id=2

Analysis

max time kernel
51s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://emailmarketing.locaweb.com.br/accounts/180841/unsubscribes/9/561?emkt_c=1711998790&emkt_v=ZWNzYS5pbnRwcm9jdXJlbWVudEBjbWEtY2dtLmNvbQ&envelope_id=2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
1524	msedge.exe
1524	msedge.exe
3752	identity_helper.exe
3752	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 1008	1524	msedge.exe	85
PID 1524 wrote to memory of 1008	1524	msedge.exe	85
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 1780	1524	msedge.exe	86
PID 1524 wrote to memory of 2128	1524	msedge.exe	87
PID 1524 wrote to memory of 2128	1524	msedge.exe	87
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88
PID 1524 wrote to memory of 844	1524	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://emailmarketing.locaweb.com.br/accounts/180841/unsubscribes/9/561?emkt_c=1711998790&emkt_v=ZWNzYS5pbnRwcm9jdXJlbWVudEBjbWEtY2dtLmNvbQ&envelope_id=2
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9db5546f8,0x7ff9db554708,0x7ff9db554718
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16370283049918358907,4728068950700162553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
003bd11b313f131107fc3055356723b4

SHA1
6930891c3e7ce081131b47d5bd1f0a9439a09d46

SHA256
988c4a1271681f905968beb6e40e72d6771500bfd9db0f14be4c10dfd5de8585

SHA512
b14f0d612983898ee55aad27364992bf9089e9eda54de8a825dd9fb2b1bad68d95e56ab6db2d552a82e4dd51bccffa503b19e7736596626f6217379ba5cebe62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
60KB

MD5
c67f54741683f7eb8169ee063d0460ce

SHA1
e09a24e7f85ab359c8d9897c99156cef9a27e645

SHA256
c510639ead22efd378bf264cc0289c13aa74d2b9dd6cfa44fdf05ea553904808

SHA512
01d02672d651665c426db1c52819d9dbb84fa5dfe5d18de50190b2f39dc9424a4a01e282289d704d90825860163c8ce9c69655cbcde85ff426a18d997be14aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
85KB

MD5
28b7ea6a223215f8e0bfdcff13451e02

SHA1
eaca934279accc0f5333a06a3e93967e18e7e01d

SHA256
6a2d7ffecb42481594b0ac38d04621659fdae961a91ac9ae76901f9010865b10

SHA512
ed82183297466d3c9e01b60a15bb84ec1ea165b83a27c828feb28a6e4b4a4b622021b20b3ec7840f1a7678d2bd78c65fbd9c1e14ffa32b7c50c106db8eaa0642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
91KB

MD5
522f93332ba4d01b8ae429bcd5fbe19e

SHA1
fe60d78ae0232cd4e52fa917dec1215013b5de97

SHA256
885bab6fa5697840c5d1632aa65eb339ee907c78f65c16ff6ea3548ff3001a33

SHA512
8dbe1088b0ffbff7259a6a165f4f09932ab9cb5ced2103167e48ddd99ee410e92ce3d47344acc76c1f5bf3a8bd08931d972c249edd6ccb3a1a6221d8ca2d2a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
54KB

MD5
cb9e8e6a84fdeebfc271614ce016b88e

SHA1
5b98b6b6ce40058dcc362fe11ae28c327f92ed28

SHA256
b11e47719cebd4d149b506d484fa19e01881f1434ab7642b1f73573aee4cf057

SHA512
412de35baedd51916a8fa25c69f03c87863ca4bd11e72538c99b7923b94afe3bcb40a4a7919565561d33946b19339c71fb9bb38af1337c86dac6646d1d743142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
8c0430e850969a7ac459f4abbbe80668

SHA1
57727036a227859de26a19e97ae1fc511c187e33

SHA256
50a9c044bf99c2b01d7bf28e112978777db1852ac39d15b44996f225b6baf1ed

SHA512
26f96ec791660447278e7a6539a8fcc610327853e77adca619ebfbe9a74bd5debfe1d2da6e057a65ef1ba4061131ee5252067bb69b53e9b3c2bffcbf96586084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9269bb1f4790343d1d5825c6efbf8e3e

SHA1
377a60647b80f4c888ad5ef6dc8fa18ea8f7b4f0

SHA256
8ee468ae0f11dfc7f53a341357cd29215038fe24c12156710a6fcbbe7a8bced8

SHA512
e0afb9c1cfa3ec3a8713d3eceaa9db4f840ee1026643dc631269fbc986762dcf240d5dca958fdeff9ac6b98906d71d7b6d8527929079b01902592a31873ece68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d34f8f6f5f1675622695cd27a4d5e836

SHA1
8b8e2b0ae007641652e0993139a70fa6d61e0b50

SHA256
257959741ec1aca65fd7eb5756929527c5067c767f20f1239a4a2c54bb7324ae

SHA512
f8e648ba67122907c4f5f891469eb899d7cbd6e3cf522eed9e26f33ec9708ed98eb4b9ced1f5bf5d177bdb3bbc43086fbda3f15d6328a71d2a4823b1ffa8b9df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8d7da376d8a17a9d60b73c4f47e1ce9d

SHA1
a777de9b411886c2bc96e96ebf43bbfb31e55e0b

SHA256
1dc2626d5a2d61859510ff26331024be5d938c613aea093a2bf003ce9a5bc360

SHA512
71f00c481e4bbf5aa3db3178fa56fae77e2d6c11726645cd0ef62919387e69ea83c33c54e3c64bcfd80d281c17522056a08961872f0f20e6de6fefbf70269480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e3925047b56b8c1bc077e277d58f1176

SHA1
55bf656edd8519fa17855d31bb5f6cf7ec12b2cc

SHA256
a8cf20d15cc176fa3030dce0d0d069e429380445e0e6059685c1d9214cab6d8e

SHA512
e14ba9c821ad262401a6d56c08d19189ca0378e2e9017c3c2cecc012938bf9e2098bb81fa743f1d9f8d034033c8a5c663f51b9125063208083115304354ae5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e186828626714d66ab64b67e0b65e3c5

SHA1
63121d692346e8ba1294fa1990966ab0f879af14

SHA256
8d97032beb589bf493ad162c3255d3c2a9c5af52cce46f5c65497fb010aba2c5

SHA512
cce25285917ff041fa68da3d0764c32491388c6944ad9835565a7132f8585422615000ad40db730ffe59f0197942ac8b307a1e1652961d6d31f12924580dcf0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad09.TMP

Filesize
1KB

MD5
a753fc35001dcac343c89d304c887fa8

SHA1
cb3bf70a17db7fb6fff95d0d940601f9aafeb7f1

SHA256
9b7b5c5dba12635356f5ba3862e4b2afca812328c64ab3cac48455a29cc68396

SHA512
b3d6d0ee2d96ca7003cd767d1fd584fd76609b7db3b0cf247e1fe56fd0aab4a5b271d4bb3bcc864262a496845843191d03d124394e7586cd71262421ad467f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cda547f510874421c3634cb73188e208

SHA1
296de49cf0f33c8cb9445a20c81b73d70c841a9a

SHA256
e8b8ac71b94b004ba712aa391ae51e9d02941295b9392940967bcd99f19a44e5

SHA512
5e6c8344438bd3ca90126cceae6f427946033d46f8dfc0ec31991bea22c00cb53e16728e5eebf87e8390ea7fabaef67f754f885c5dbab812a94d8e9fdb1801d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ff07b054200eb5274116a58aff76902

SHA1
10c32b78559f1a9f179de7439dfd1a80ff26f71b

SHA256
d0dbc1daf474f09b35394278e84362da7551a243669c85dff7504bf5a106cc41

SHA512
74f5f4ee1813587c9b0091ffa74a21ff7ad42a43731d03cc484a64cf05b3c803922d1d0ff9cf40c658f42d5db0250c4620b768e4f7339ecd8844f1afff6f480c

Download Submit