hxxp://newexra[.]com/campaigns/pe148ps2l9c7b/track-opening/na330y1qmw5b8

Analysis

max time kernel
109s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://newexra.com/campaigns/pe148ps2l9c7b/track-opening/na330y1qmw5b8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3508	msedge.exe
3508	msedge.exe
4880	identity_helper.exe
4880	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 2904	3508	msedge.exe	86
PID 3508 wrote to memory of 2904	3508	msedge.exe	86
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 4556	3508	msedge.exe	87
PID 3508 wrote to memory of 3300	3508	msedge.exe	88
PID 3508 wrote to memory of 3300	3508	msedge.exe	88
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89
PID 3508 wrote to memory of 4360	3508	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://newexra.com/campaigns/pe148ps2l9c7b/track-opening/na330y1qmw5b8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffa382846f8,0x7ffa38284708,0x7ffa38284718
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12989768516142248542,17216197732076132104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:5860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cff358b013d6f9f633bc1587f6f54ffa

SHA1
6cb7852e096be24695ff1bc213abde42d35bb376

SHA256
39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

SHA512
8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc629a750e345390344524fe0ea7dcd7

SHA1
5f9f00a358caaef0321707c4f6f38d52bd7e0399

SHA256
38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

SHA512
2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\31a88589-a4b9-4814-a092-11213af89daa.tmp

Filesize
6KB

MD5
695dde5428557546bd1d99289b12c079

SHA1
f758f670dac715dd7a86dbe89e2c943af4bc2506

SHA256
72b9e88170b554b6f6f1add30a1dabab90844a4285465c6de8c7e33e2161716d

SHA512
079891433920e7f8997f119606ce99216bb54b2b6e222ac7e421dd76b82cdbeeabf4e962cb01d76414de676746b5dec32d74355260cd6e097693dd4a6e3c5d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
991c6bf00d94ef2ce5287bf0e54f0024

SHA1
31ce1a98d0ab9fd32e70a511fd3f2e788c3c406b

SHA256
5fa5117f3430a0731d080def4e7e8583e0d0f2743dcd2d827bacd8132c088a35

SHA512
9feda9237d27355caaeea427221aea290ff370551ca59e756c0111f3513df6b1676115d91343f6f82dff0dca8787530c27574ce872c6aee31e65bc89deab5f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
249B

MD5
e9fe936b0595b6776b7d2644212e0a51

SHA1
d61f711b12b730df1251c29a5ca7e1bd4625757e

SHA256
22967f72f6c2b51a7353d40881e1642d676fe2f51f2e966d173f21f5e9a35d50

SHA512
7ff35543e125d8928bb9bca2c0d7c5722d7e9af314b68be9a55e27d26cde75e6d034258152302843400e4dba0d1b946e32db26e5d158bdb680b19e4092a5b3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2fbdfa866ba1c9370cd443d8d55ee5b

SHA1
1d851bf853e462eab466cd1c189e3037c5242cbf

SHA256
c19a4e4c7634dc6d23e6aa73c556b0fadda438c561520ebc5383d6170d8c5755

SHA512
eb307ada21030f2a9ce564e439880ea4291657fc72c3cc794c4a79d89221177fd36b92155ffc0ceea580ee8075caa26ea733f1a373f96e12f77b3371265b01fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9246fe82825fea2b16b2af72f9643818

SHA1
54b16a3525978dc560d873aec262728b9a08e736

SHA256
2600b8adf507b71344ca43b65f98b23bebc22c8380df50c609f76276c8ad0af3

SHA512
43561efbc47b5c661541292468b08245ba2f4d15af5a0c0a4efee0dc2a40e880db8fa70043f3d3436b4767792d6e6f95104e7cc9391a99759a94d96515f5c40c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e1eb1e99275a76af9e7caf49589bbad

SHA1
4829a774c2dcf3dc299132ca0bf67bc70f2f9d0c

SHA256
1b867ff3c0d97f032d317725a2618378f30da7d674f74e6f19dfe6470629db18

SHA512
72fd26d94931387a6d2a712b05091ba45bdfbee823e4d8f42baf16883767baebce0b1cff426d9bbb129bd7eb6e1d7f69505e59454ec0a327d2fa80cb5597505a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a5a18ff5aa537b060ea9e71533cf6cd

SHA1
65e97323684b88fc89405edbcc73820571734e32

SHA256
84fe4dc3ea0fd8920296e600efce85c97da7d6764c6c124c3cdb04640c0a28bc

SHA512
6a7a62b17783ca5339ef0d258cacbef973ab2c6cd44b7518f634fba8150783fabafd8f967d2e181bcde45bac8f74a41c8d5535398161ad77953b6a41549789fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
88102251beebcc3b1459ee2e994842b8

SHA1
247e3202687c84edb4ad8d2d62f2e0400934fa3c

SHA256
83b24860c4b85fd8b2e93a1f42db5a7dc08f039967a8accc54859375d5c92ca6

SHA512
e1cc9c54232acc5609afd95e61fdacb2af84980ad7d8db29192f3bab683f50036a2e66848368f0489d8f0d23a15c58df3b95da283240247e54ea0834d63da548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
c29e3b8311262a2ad095daa4f3be76ce

SHA1
08e4febfc0f1ccfa56c653eb8333aaa24837ad4c

SHA256
9c08b3ea4b982f0593da67e2e6b86702fc76d6cbc62a370a87626bd43da2b3bc

SHA512
c37d7801ed05eb920e8ff55b754c9958b6099dae7f6dd2c22cd26ea43926856346cd2f90a0539cb0255a2335c60ff6e0bbe8ffb47f36dab6c52e2eb6cf1308c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
42b94f14a0e2f38b4d89eb03906a1659

SHA1
1b5408d9b55698b8a69c76e3cb042374f98fbf74

SHA256
de80af1b03a70709fcdedd8670dc1472e5ad920803704f48cebb30e2f373e377

SHA512
9dc9db740b21558e295c867b9b757ad49ca89e945dd2bddfbb04faf17417871bb494b51b8ea8b25ef8dfd73e2cba467e40adb0ed157a47b715effaba1264ea43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
a88a80acd23ee2221a655a7c31ff1704

SHA1
7be378e12717020add16eed342e58cc48496ff92

SHA256
45c983e6feeb0452e1d4e9db217f6d4928e8385aebe3e4c4657ca1081a87cae7

SHA512
85c4386f8aad555b148d46a9b97c045f700277a5ff7c0e611a1367d603903fd3a981da32494b30164f28c63d4be6d8bad79b293d5e23245eea4e3a05b87bd634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578c13.TMP

Filesize
204B

MD5
b3e19c93525cf5d5774666cbfcd8e370

SHA1
caffdad7c9096aa1bbdae3bcebf6d30f5f12178a

SHA256
a92d90fe30596ce5a981ccfa809cfcef3c0b8dcbe89b8501b0b51b308e785551

SHA512
8f9f8f587004044bd94f6d5d6d051d9ab8b1cbccb8ef4162f67e25eff78c59864664a49d7f529ae2808f78ab5ac6a0485a49d175e6ff7e596c70c75133209157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ebc358dc-7f71-42ee-beb8-af9860700749.tmp

Filesize
6KB

MD5
f7aca507f96b3b994fcc1f683977e7be

SHA1
6774590263b6a4b43ca8c9337e0f1bf2b24cbe94

SHA256
e588e72c45db1315b1e4eeef89e8283664525cdae57298d5a217daf9e7754a47

SHA512
363710d53d3cac5bd59635a56b12915a148130d285a072f55087f5bec5ce188b8795a1ca62a4256661af219df504394895ca83a1cfc5dd3b8e5b35a60dfe2ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e4fee6152c30354f4c31513798af8019

SHA1
a3320823719a8b0f5fc2ed7626ee19e536a348d9

SHA256
50e616f50553211e9cd704b7d40662f63d6e81fa12890c69b051a475c106718a

SHA512
005646e416a8201f275ddb6297a3b8e76167fd4065c625ac7fcde762eb014ec08712a329a675a47c97e6e5905a5f8bbdd92d1e693ddcb50ac091977f1a145d14

Download Submit