hxxp://amazon[.]com

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://amazon.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
780	msedge.exe
780	msedge.exe
4124	msedge.exe
4124	msedge.exe
3904	identity_helper.exe
3904	identity_helper.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 2172	4124	msedge.exe	83
PID 4124 wrote to memory of 2172	4124	msedge.exe	83
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 3184	4124	msedge.exe	84
PID 4124 wrote to memory of 780	4124	msedge.exe	85
PID 4124 wrote to memory of 780	4124	msedge.exe	85
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86
PID 4124 wrote to memory of 2840	4124	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://amazon.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3af846f8,0x7ffe3af84708,0x7ffe3af84718
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,2823724677153464985,5183578684214049609,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
83ab7d25d59e824662e1ede78531a06d

SHA1
5e5f875319216db884602a1c014ab2d605651582

SHA256
beed6f8f0a1bf1e5b96eedfcb766163546160bb2058aee010e3366a49b654d8c

SHA512
3c8e75b935931d18bf1ef97a172f23f85ec37dae48ab8202f84fc351485bad15167300ba5194b160b67816629979a23569122f5c5e2b4b7b79b5e60ef4b9353b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d38b770f0c18ef8b94be422f479404e9

SHA1
042079e6cfd4efb952e2a01a31df3d4b01f23e22

SHA256
8eac200c435cfaddf528c654da2dc0daa7afa2b989cc61335e57f90ddc3fb610

SHA512
de8317eee0e78c69f432b8521c9e3d255996344a89d7d2f51d3ec91672f289f33af7d245546ecaec69281b9b6747929d239eab2936475124ae98f22e0f85ced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7690d90cb4d7762d890a55996a38079a

SHA1
011cb6edd11903ec1be7ee369f117003eaaf1aa4

SHA256
f9202d13f2f177d14fd9f33c6764eb6e8ac11899c63fcb80bdef10713ef37a18

SHA512
208f03b8a1167dea1334437692dabcf478bfc6bbe40273b7a400ab1533c2b5223273df52f100e4b692f4c3f9d69fd4ba7d27875d99e4df5746f6d8600af6ccdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6c993daa6dc74462a7d4159e03e5713d

SHA1
aab4558d4c18d5a34160fa6b5be350b52ff1baf0

SHA256
3f37f83d4c03ba9e506324ab0dcf2786a2bed24cc491975cb7d8bb50c0270db0

SHA512
52b8dc29713f2e14f1403dd719c0415148ce08d55040c9f4afbab4bdad7f1f0349da944d49460c7f447e0bab8506b81d7cd3a4e705a45a96759a7a5244a427ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3e846541ad9d11072da0da2726bfa289

SHA1
04bbba32d77bca77623ec6259c149e0e0cbac64a

SHA256
4163b44b43ea16ee56382d218b9dff6dffe5120750b96748e1a57eb064e24d2c

SHA512
368dedeb543c37eccf4a986ee3ad2a2cad6cc12f8d38c7e5d53e2fcaf866d37f5df52f162022de6e04d6b97705dffb2c6b88efc54918f135e91f7de59c9a995a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579c6f.TMP

Filesize
48B

MD5
87dc84ee98cee47c1031fec19bedc038

SHA1
61c73ef19b89bdeab990c89082e0adfedc9a42bb

SHA256
15f1c8708d4011648feeecc791ccbc3a6113ba0963dccb30db87216e5235d7d7

SHA512
abf218aee87555cc6eb83a9d1cbfbfca517097213d249a64c872fd76c16cd86bcb1196e95603c2b2b80c7ad44c4499d17e2925117275bb72c76741bc844a4bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b34aa097c97145615ddef6bc755ea527

SHA1
b776c1d9489579e11bc55bbc31b31ff878c5b04e

SHA256
e584fb853566d947b14de1607ebec37c6ea60c10981e77440224d23eed39a3fc

SHA512
9203690676f27e16882c07d9612ce80500e8a83ee7cafa529da7b9b4abb3f6786473b2995027edf3f6268376778977f6e26e8b016458a2e896953a9b1b409b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cb10951dae8a14eeee64229ebcdde4b3

SHA1
86ddfd0d1398ae4a80c463986b85d2c2d518f1eb

SHA256
81dcf89f1f90b581d8da5b88ae03f6ed38e07abd52772ac8e9fdf2d4284d5db4

SHA512
34453e1d1bc99922cbef9f1455a921a3168907321e74bb1493e0f723e81429e4ac46403c15dcd57626e55cf8e4a1d2495f9c3f89bb16dc84bd70ce7ce91644dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a5e52dc7df3889fe9650f11b1da68aad

SHA1
5ec01644859fc4a9093a6bd4c26a4cd1471d2f9f

SHA256
c81e285a9e33c59c20c0c19e210bb6a196b01d639fcd8afeefff89e17240042c

SHA512
1fa63a9c017acda8a15da0c229c381ed56e106ff134623dc6764deb3ff0581dea61287c3eafd6aeeba1208af80c8d903061aa79e2ece71452d007c6b26251e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2245d6437d5e2439259880e287244e10

SHA1
a033b2f1b3d6e1a4cd8b930a2332031776460abb

SHA256
82ae3aa827c9f4d95d209baccce97c6ef12130887bca4837c7cb5a0357b21d90

SHA512
63d0fa5ce71641a7cf251558dfdfddb957d0b96effdfa1a555fe7dff675811342deed6bc2e221ff62505a571d91c65f933ac786519e142f6daf2dba48eef6c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1aff682952fd763e7e4352eb5ccdb7de

SHA1
3665449ce9f7319a24f4785c61a1c4c59c93caec

SHA256
7f0f5e9fc8e7fd7d2644c6e54bc6a3b0be9b95ecde8cc7aefc63d8705137752d

SHA512
a11af57aba0167216affe5da083af821c9a29ef67a9b380365b12f60487982fb73c993bcd924ca76254d2f7576f7291af66f24c82eb1727d69ac1757595a4f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
813f5ac18a78e64b839d6bea1681501a

SHA1
e5c79bd237405c5efff7e1834c5b47222fa34361

SHA256
672f749f7ffe7dd4b2bb412cc06cf2bc4d7876558440f2dc24ab6d867bb0d826

SHA512
2744b11ebf99a9655ab057e1a2c2427d40ef8871f957447a3282c7d368cca0eaef671cafadbe02e3cfcf09522a4f5c991947cab3a130afea510d66d30432f174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
91fd7e291f2895ddc8235c1af51bdeb4

SHA1
01a6d131995e19a1a67b9b0b740c244f991f7809

SHA256
d9ada772faa7d61fffd2ff3fa0c9b1bb74285beb147d90283ac409e8486aa246

SHA512
00d34ab6eac025c50e381fad84a16dc9e877f2b842a03dc9303d8bc457dcf38ffd3d8dfcf1d968257c93d39140988ecb313874fe7d48c82bc232e6a263321cf4

Download Submit