hxxps://quartznetwork[.]com/event/impact-smart-manufacturing-summer-online

Analysis

max time kernel
132s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://quartznetwork.com/event/impact-smart-manufacturing-summer-online

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
2740	msedge.exe
2740	msedge.exe
2252	identity_helper.exe
2252	identity_helper.exe
6088	msedge.exe
6088	msedge.exe
6088	msedge.exe
6088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 736	2740	msedge.exe	87
PID 2740 wrote to memory of 736	2740	msedge.exe	87
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 2196	2740	msedge.exe	88
PID 2740 wrote to memory of 4416	2740	msedge.exe	89
PID 2740 wrote to memory of 4416	2740	msedge.exe	89
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90
PID 2740 wrote to memory of 3404	2740	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://quartznetwork.com/event/impact-smart-manufacturing-summer-online
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac52546f8,0x7ffac5254708,0x7ffac5254718
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17645712991956238964,10932302723112057510,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
9c4c8b9d440ec77c09658bc45505d020

SHA1
35ad2851411cc36fd1adabea40bba7e067a12cdf

SHA256
0239bd42f9c4f03ae026577f9b005f4e3217efcf92bc4f8e0532eb80fdcda285

SHA512
6d49216e7dee6b68063d9fe3de316da798d8f196bf3134cd87d94cc63be93b7e2bc14d1bc85232f24734b5f3301643c5af648f522b72de0d4fc0d9f47f8326d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c37e469adfbb7dbdb14bc14c2bdf90fc

SHA1
bbe79c60acb230125d465fb0142f582af3446dfe

SHA256
a4915a9a5918e43fb578fa32ed9ca498ecb3bfd6aaa4598904c6437f4ef338b7

SHA512
28ba7f5d6c186594c58e0ce1c6f4575a6ad357692937c68f44a2f05393a426529a714ec12aa7a4cb61242213c90903a5f96fb533f005a557d9ee994aa2591f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0a99c65f81a18392019f06e55000411f

SHA1
d7910c8ab406baaa3e9ca3ae97c439c009053ccb

SHA256
1f1b30b7e741002d1fbe628365db7b46334ab7737ae2ee48d86b17dade1d98db

SHA512
028d98019539e767dbac5d789a42392f3e8e25f393973ef3caf965b589b8f2be97f2f88f88b7c1f3a3fc0566e1537fe5d891d960f4bd0cae2452678049b949bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
99bfbd17b3524d6728fc8252e750ed07

SHA1
01077eb4a2eec1dfde018244865a04fa82196c5a

SHA256
57976b2381af35b897e376be2c5de0af4a3777e05d12f2c0807e75300b9f0dda

SHA512
042e8ff4823f86ce29d205b2dfeb2ed8ceaf4c0037d0e4554420fc5f0ed0c69714204127fbfb44aa9ef11b8404cc19961cf78039deae6e7a4ddc4994423d664e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
239df997656799da34e621883d54c0fb

SHA1
972523011a8886a1cf440b65feac0ca0ee13128c

SHA256
39378d8a6b1b35b9a062051ed6996e56d6ebbaba692ff11aaebea2f215f68544

SHA512
27e4839cc801bc512c5815cfd5e53d7bf2396b04d065ab5532486aebef54246da3e49598568ab11b081f6a0c79b9514c523b7cc52bc680c74a052be80fb4dace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f34a1c6b32b96ef724fa623bee1a420d

SHA1
cfe42ae32d08589a039f2d1f462afc18de3c0912

SHA256
3892b5ac3e010ea07b12ccd0e71fbf76e1d899ed1402d20cb8fbe1c7b157c8b1

SHA512
a7f1e99ce973fb8f73c6df9cfb67a343c440464861a7efcbfb9735b9a8ee1b61c56336379263749f2868323e0116e6b7835b0a1fe0ea9a81fefb05d7cde77744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2effdf1bad1a0360d241738427a7e1a5

SHA1
1b2e4dbcbbb4a8d545588c31eb19101b964efccb

SHA256
0a97a8da4c2413fb560ffde61b07d9afb00dc54cfe3d1f3c6d3d0db55e721756

SHA512
c99e761c2eebc45dc6004c9320cf87d600b036d400bcdb7cc9d2907d9f0b7dae95e499d3dcb59a051aec2cb2f052880aaa57ace1b1a5945ac60a93f5087eb1d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
45595d8da12a9e4509099157b9c33c4a

SHA1
0dce68357b3acfe213cac7d67e5521436e38b641

SHA256
c1fb9948fb67755579223b464d9d538cd21a951849458ffab7febb44ab1b0339

SHA512
21ef28b1bf3b9033026d8eeab70d433a301b48b134911704a77b87edc884ee529be1fa59bb784bf6394fc4f32eba9c3e58c2d759f34a5d25390ff824583da747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1a1e2c2bf399df0b4ce8fa18f46127d2

SHA1
8e27cf8d19e928d252fc22a1394ccac29a11f917

SHA256
092cd1db2aff110717da35807dd7d2db419655c32c2a799506f73002917981cf

SHA512
11bac425afbcada873b961686ede22df46fdb76a7d4f37dd56a7838685a85cf94df7f4e336e45a377dfa5a021c71c43a1c93972979c090b5df1a7be6cf714dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583eba.TMP

Filesize
2KB

MD5
3822f9420cbd7185f495daa7ffe96bc1

SHA1
3909b7544057862f9f343417ae79b98a09619d80

SHA256
8dca396e55b158cfc63ae588b2970ac1d4725bcf7c77c7bb8b4fe501a4146561

SHA512
fc7a1bc4373dbe783a8d933d16a230313a53b93683cf30865f23be29e785d284c8cccd9def5f56cacd5e687fe8a8b2fc23957cb8a44fc926e0bf4440f0abafa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f082cdd25fe7efbc139f459b9691ee27

SHA1
5d603b2eff864a40250fb5f0f4a8d16837a527a6

SHA256
c305cddbe5af0a4c795b71c893edb9ef91ffd5ec18d6d4522793f63b31372cf5

SHA512
5e67a4393788e3650b598ed234dd4e845d5f058f9260e960a42cc1bae9595c227a3d2ff304812389a2d6a41ef437c62a1e8ff7a966ac3a33abaae4feba3a8183

Download Submit