hxxp://confluence[.]itnap[.]ru

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://confluence.itnap.ru

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2480	2064	msedge.exe	84
PID 2064 wrote to memory of 2480	2064	msedge.exe	84
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 1788	2064	msedge.exe	85
PID 2064 wrote to memory of 2552	2064	msedge.exe	86
PID 2064 wrote to memory of 2552	2064	msedge.exe	86
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87
PID 2064 wrote to memory of 2704	2064	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://confluence.itnap.ru
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbac2346f8,0x7ffbac234708,0x7ffbac234718
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1729206912588524145,4728884388465355464,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 /prefetch:2
  2⤵
  PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ab065e8b1a261ee07c9a7083eccab3bc

SHA1
21bb3a279c507d12614fcbe6cd61b1cf41203f6f

SHA256
b7fc043e06cd170556c77122ee052efb29e49373f18c9a22e14e95d18bf1be5f

SHA512
50b0f0549413e2f43f3b5f40e36e1dfe352e2b8fb1607fbd2c0a165e9c3d79c8b1b0d6759c2d13e55f85a578fd1bf2b3fa18189103fcd990cbb59a48ce30ab83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
255B

MD5
52a7715221e8b48dcc7efcf2a6eead0a

SHA1
294a5e24a6b29fddf681d4d0d977d1975da6f7cc

SHA256
66c634396f63d052469ab5ec3ce0ccb30002baac4b02bfdda7d8f0ab816f13aa

SHA512
2e2ad9483d6e11cf1f58f728fc01d8ee760169664c2448443097b7213eb41d37e95f071f03471af2d0883affe77fdd255a3c923e05950b52aad40c6b0f08ffc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
468534f4dfeefecebe1c8becd011bf75

SHA1
765f86ab644fb61237f954031730ea543f27e66d

SHA256
ec97b82007299a0c1141361a525e1ac45fdee8f7783579ca18ca6712143c897f

SHA512
68aab45f75801427096bd749399090263006491be6d297a94a4bded2b1f0665596a93809afccf3348f99c115ed53128d99eaad4354f1a5a5c28ab2ff1f50c3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd8739fbdc0a5364478fb9e6edb8f577

SHA1
40cb9637036fb1f5fa47806f2a99068034b97ccf

SHA256
04017eefcb9fc0876129e99d267ecdd74ca27f495a26086f96fabc00c56762c8

SHA512
e1e2e3aabfb6be719beade3772e27e1eab362f3a4cde419d94217b5445e57981f3b038a40948ed12be641c57eda2edf11863ed3bf30b4952659a7db62adb0a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d0162d5ff4c0f764fd69991d1d41c42

SHA1
c15a5815d18eda2e114bf70fda815c19baedd02b

SHA256
a7c1c4aaa4395f1e908f112fe0063b5309ac3b5258bfbc80c2ee19f0205c2279

SHA512
0f121c3bee4c34c2bd2fd2ceb1a6c3da6b524f8c3b0df7f52b06412b2f0ced7c8ca4c9ab9c0eabbb9021770e2c1b212506ee25aa5ed5c3b4113af75337dc1072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
7fb7610ccac779f5f09dee97b0a6d184

SHA1
71bfed0d78a878ea1290fd981b4c6a759c2e4fef

SHA256
fd99bebd393dfac6615b62d5b208dbf0a7acaa65c1abbf0ae086237c2e872014

SHA512
e9792e3a990a1db7ddca2952194d496723a1c79f1022a99376f35269a3f8a1768d8cc85a97ae80fab31f694f8d2eeef7d5ed1dabf6615e81c341cbf60c887beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
2d65260f64ba9ed66f0e6090ddffc297

SHA1
c1c28642edbd58e412a7a99e3aa450adabc81a95

SHA256
05a70e479a7904fc03bb1270483e2c82490083857c5b28341cbc15c78cc3168d

SHA512
1d561ad81001a5c90563ee935d8ee1cc20a5872552b116aef0a47073c5c5502aa9a24fa13edae5640a80bcea19dec77c34e1245d7979612719222884bf67832c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
37f48b01ccf3e958a2b1a3f48e4f30e4

SHA1
fe9707334533cf5830cbbe1d9aa14849f9eb1910

SHA256
02ec82ee2210113d7c898fe75b960d2aea9c59c3d0d58a094bf3b96d8b606690

SHA512
8d4dbace3f1feef1b931260b1b102c24e745c2b9865b3ef050910b5110f7875c56286f79ad1c8c0ccbc12ab91add2c84debbfccfc01c699a24802c776de7574f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
427786cf699aef6bb846b80794e42a5e

SHA1
aa7103365078e43dc1fc77dd878c6453b975b0d8

SHA256
4bfcb1830f9699385df968aeae1ea89da851186fdef35203e423bfb3e7b1ddc3

SHA512
289c21d1372b527cea014f9a71e7f03146dfd8e0cb1b4712f0cec6d73bf2043c26cacf78b47f0ed22303e81b8ee78f477f68a5bc21aab9029f54e9a21382f2f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
7d22dca972396e492137171cdea2a7d9

SHA1
4992d976a38d6d251fc88e50796d46212c05b921

SHA256
5c3a3d3625dd1c27a86693967b5814d6fcc1ce856eaaf19423d4a10646a9717b

SHA512
b12a7cbe35eedddc93eb97571ebaa3dbfb9c864e0900ac2e0da699d13079f0ec80736e37d4fc2627379535fe1afb334aca9fe0b12f3fcf9f41f0e126a575fe53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
5537b2727c852eeb4ea7d2450a95109f

SHA1
e7d15e4258ee83439ab5c71c0cb943ee10aac81e

SHA256
2830b49d295dccb00f4a1b1c0e3101ad7d14fa0f77bb9f43f7b109854d79e9c0

SHA512
b6408b9cff9309e55faa1de871016a9bae6b5898a08c7b3ef7cc2a7f4a6ee1789195d868f079fbd6f5678d95149a39db99b83a1a0fd1305460d3dcfef9282d3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
a326da701b66661e5e49ec81041e4db8

SHA1
79a5e077031fcdca1f549baba757c15decbae738

SHA256
2bde5c5985bcf1bea54d3730b9960ccc40641d1525c65b6d65b08e8db051e135

SHA512
ed57aac16d84b9cd43fd9c4ab524163a3bbaf2241f469313a02b5eab75a4bfd59f812ecc0e234fb48b0542962de80cc37b4dc9be922026add503e3ed00f0c193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a0d4.TMP

Filesize
204B

MD5
5cba338d8af199e12dcd8fb3884cae4c

SHA1
e68137c5c966bf7537fc58f38e4aab57544e4b2f

SHA256
2db209f3b93634be3a53cc01bcf149522f35c05c214b129468b252d0d3967311

SHA512
e6e89745cd0565c1f3747175a548ba93e495736a44078a639354276423dc30ac9d0e12bcd7d76ed06eb4a49a98f2932c6958458d6bcf698384ad9b8a78119e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
558079ed47a1050b07b8a4e8cf75b3d1

SHA1
39105e8ea2d0348974a9c35ac0e4ec06f4a8c1a6

SHA256
e22bee56f352e81284d9aeed038b86cb9f16fa1592a8625610a6b1d19c8266cc

SHA512
76b2b480efbef198ef5c046e8a4b4a088a0cc2869425cc7b9650f2d5a60b051f0155489a55a7892cdb0b53d3886e7e95b59aca4104969e1db0ac15bca1572cd9

Download Submit