Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 04:50

General

  • Target

    bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe

  • Size

    894KB

  • MD5

    1f75c62e86ca8b74f7fe88597ecffe75

  • SHA1

    4ec7859a9fb69306a8bfcb66b67d0d9ac807d137

  • SHA256

    bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53

  • SHA512

    22773aa37f3a78c0e9c83e4f1baed286d64cdf01cb2731b5b8ae6c0e8f043842831a62c26a54ea1020fd000f126c81e883d8e42d6fb5ff6f0589f65163e63497

  • SSDEEP

    12288:WqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4TN:WqDEvCTbMWu7rQYlBQcBiT6rprG8aAN

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe
    "C:\Users\Admin\AppData\Local\Temp\bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3456
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2960
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a0d146f8,0x7ff9a0d14708,0x7ff9a0d14718
        3⤵
          PID:4812
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
          3⤵
            PID:512
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3504
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
            3⤵
              PID:4212
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
              3⤵
                PID:3872
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
                3⤵
                  PID:3184
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
                  3⤵
                    PID:4824
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
                    3⤵
                      PID:4988
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
                      3⤵
                        PID:228
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
                        3⤵
                          PID:720
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
                          3⤵
                            PID:4980
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3320
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
                            3⤵
                              PID:3928
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
                              3⤵
                                PID:3528
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
                                3⤵
                                  PID:5140
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
                                  3⤵
                                    PID:5148
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1492
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
                                  2⤵
                                  • Suspicious use of WriteProcessMemory
                                  PID:3656
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9a0d146f8,0x7ff9a0d14708,0x7ff9a0d14718
                                    3⤵
                                      PID:4716
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12121567394413267883,808924729317431000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
                                      3⤵
                                        PID:4796
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12121567394413267883,808924729317431000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4080
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                      2⤵
                                      • Suspicious use of WriteProcessMemory
                                      PID:1624
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a0d146f8,0x7ff9a0d14708,0x7ff9a0d14718
                                        3⤵
                                          PID:1368
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11731136030447141900,15322200801100173806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
                                          3⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:3664
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:1440
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:216

                                        Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                Filesize

                                                152B

                                                MD5

                                                f53207a5ca2ef5c7e976cbb3cb26d870

                                                SHA1

                                                49a8cc44f53da77bb3dfb36fc7676ed54675db43

                                                SHA256

                                                19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

                                                SHA512

                                                be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                Filesize

                                                152B

                                                MD5

                                                ae54e9db2e89f2c54da8cc0bfcbd26bd

                                                SHA1

                                                a88af6c673609ecbc51a1a60dfbc8577830d2b5d

                                                SHA256

                                                5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

                                                SHA512

                                                e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                1KB

                                                MD5

                                                9d1cb9b51a52745e3e3e22842c7876e5

                                                SHA1

                                                5072a36abfec3c6c47fdc28adf4ec3eaecbd1bb1

                                                SHA256

                                                1a0952c8095177dc39b63eb8c0b05c206489e4da52d4c1075148cb5f49e23f7c

                                                SHA512

                                                690189a878f987d83a2d85a4b04d20dbf4f13686124161b2fa6e04b3966473985c3c80c271d214d21b9a7b92ac7afd0cd1010604f9eb3202748a09f1c764ec14

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                Filesize

                                                1KB

                                                MD5

                                                e14a1e0a8d98acf06d8b006a8a83a6f4

                                                SHA1

                                                43eb757077086dd02815ca4cdd552efdc4870a95

                                                SHA256

                                                a164885543076531155bf77ecb434a028d4dbd6c460243bf6b7190af26a3403a

                                                SHA512

                                                c31ebcf821d1def26ae3fd62ea5359eed6eb813e6cc2d9a2975e86e552865c1b31037a216bb73922b3e97dc5865ce04651fbb95a856120c601e36b9aab0bde93

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                Filesize

                                                1KB

                                                MD5

                                                7185d155db691415210aa46fd9da38d7

                                                SHA1

                                                e9c43d39ffd4f2fa245b428ce567f0e5394590c1

                                                SHA256

                                                a0d330569c2d6273a6766cca127e44c6e54023d737b1e5144f69fff41b43eb21

                                                SHA512

                                                73d2c4514e0a6b7927769e0993421557415e3a3d3ca90e354d953b833a33b0e015fb90bb9fd0d5833d2ef839187124ecf3b73239693f132b8917a02cd9178f79

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                6KB

                                                MD5

                                                f2186df6954e312b3967e703af4ac75d

                                                SHA1

                                                cda195f58ab447d18dc24a318468720ed40b7741

                                                SHA256

                                                668778bc01e5004a19f7a487f45928541867e5c6b94c32e11d718d8381c745f2

                                                SHA512

                                                0ae988ff8a4478fc47ecd7dffa8acf6d72ed7fa3fefa3fb5870f646e2b0ff554d819b07a158da4673fc9c718cd362b08d6da3a39c142e060dd71ebac5f1a2e3f

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                Filesize

                                                7KB

                                                MD5

                                                b5dadcb1628f6aa7dc2ca6ea32657aaa

                                                SHA1

                                                ee1f851139256ff7f1f934ff8c763c4059a93a40

                                                SHA256

                                                507daba945aa91f17f994b3d119131d7a64fedfb3d28159af3c1e2a20dc32ffa

                                                SHA512

                                                e5c74f84efe1c389f1e9cda46f02158ea73cdd5e90e811cfef7ff6187eeccfc1e979c974668f6e3a8f8e8716020ab531a573058419b184f2cf3f855cff50f2a1

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                535B

                                                MD5

                                                e732cba7534f449ce3f0bd5adb1b4bae

                                                SHA1

                                                82bad36b5cb00ecfc7f1b3285873ef9e60a06c42

                                                SHA256

                                                941a430f96e500033ae2a56ce71bff1ddd3c37458a17e64d2d232fe042e0bd71

                                                SHA512

                                                d869e4d7ec14328d0338694be0f74dd87deb2f4f96bb951a0d56aae467ebe26dbcdc13d9a828dc28f5ddf4d40fbe0da0a12f78183d78b0074a2364a91a6848b6

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                537B

                                                MD5

                                                83d785ee96094c812655fc63754114ce

                                                SHA1

                                                d591dd8479bd80b1f088e26df1ae8e4ea27c1b5c

                                                SHA256

                                                5648be14f0f234581f06134061f3c9c0fc2df0d3de9f0b2718c000631aeeff7b

                                                SHA512

                                                4960ef923875ac1139d0c7437cc1880c2b7ac70c0dbbbb08022badc740baacb954b9ba1d4c8043d6922af2e49ff066625bb579f965f8b788ef0479d6a1a8e054

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                535B

                                                MD5

                                                ca26950389bc7c33c1165ae44fa2aa6f

                                                SHA1

                                                e03815a12102f0929b7f8e4beb1a87d5ca9a7634

                                                SHA256

                                                246030c3fd48c9e6c7edee208643bc61218f446a4e5b1b34a2ab016e5357e1d5

                                                SHA512

                                                b5af7d9b3a6cf7851db9cf54df2d25e619eadf7ad090321482ec1ab46f575b12941bc910b7797d327d0d855501df37dffa09cbb031ee2ff14e0a2fb5952456f1

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                539B

                                                MD5

                                                f7fac6a3636c4cc6ed243eb4cbb19f22

                                                SHA1

                                                6c94b755d941e6c72d8cfb60c4c3c0d263073472

                                                SHA256

                                                06d87192b60b3899275373966c04ab7c4865f3af4d8320a94d86e1d8b3d3e41e

                                                SHA512

                                                87ea7779cbefc5534edbd1c4ce971c227d74eb4231f95c0e42814f80eadb552319bff754f5bf9e92926f7fb4ee1e1de078162ac518d3f5be2a8a36fa8f32ab43

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                Filesize

                                                539B

                                                MD5

                                                aabf47882f6b678d1c1057950786036f

                                                SHA1

                                                50705fc7b025329f9a9f37ddb667341cd0a65229

                                                SHA256

                                                aafba7cecaf45a7dcdc56cd634e18c671b0ce48b17f0112694b1bd92c68c0fc4

                                                SHA512

                                                f0a2cdbb35a955fb90b1054b1b0969c2bba6ec2e0bbbfa3db0d6a8ddc215ecb4a49bcbdeb26c0d62397e28a2083dcf772d1313d6d948a3d05ca1e598f4de70f6

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579616.TMP

                                                Filesize

                                                539B

                                                MD5

                                                5f60a51bf9d9cc02400cf44def83ce78

                                                SHA1

                                                efedce7a929c5f3ab738a16e1f6ff28659805be3

                                                SHA256

                                                72ccb79cef5e783d702d3f009f08b039f6f01450c9ce8dd595b002c3fb2539bd

                                                SHA512

                                                62e0b0c1b72c02862a3313480abb7204e6651bdedb637de1aa52c3b8bc98cc6b9b7ef9eef90d919dfcc5b4695a3ae4704a3d6f04a83932accdcee003adb472d1

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                Filesize

                                                16B

                                                MD5

                                                6752a1d65b201c13b62ea44016eb221f

                                                SHA1

                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                SHA256

                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                SHA512

                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                Filesize

                                                8KB

                                                MD5

                                                0b9aafb4ff03a5b45e7d3dfeb84fda0a

                                                SHA1

                                                f85c5cc2b0a5d297c7e1100438d1ecab15452d42

                                                SHA256

                                                4c5b20ac3724c3ced21a27c22a1f649576fda87e3f78311679e2cd12425569cf

                                                SHA512

                                                b0bb6cc5edb6522e1e8114436c4dc3e680c4727d67e5e08ebb6cbfe31b90f69886cb304cc7b72869c35c52e5d6190c187a729125c961aea816cef8bf9e371c2b

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                Filesize

                                                10KB

                                                MD5

                                                090f995e1788f65f74a19ff55bfca4e5

                                                SHA1

                                                e3bc3995b63531443098beead2ce29c823e41fce

                                                SHA256

                                                d09348de08dcd10992499d03c041d3b1f3b8222019ebbe78b45466ed5e44de5b

                                                SHA512

                                                1708a7f92cae563ab625b6667cf261cee421d56639c463454d438c4b8f148ab78dc12849c1a81eec04e5aaa0bbc075f819ceac52fe27de0247afe8e0e31d5609

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                Filesize

                                                8KB

                                                MD5

                                                0d884089b004a104a60dba8fd7062957

                                                SHA1

                                                0c697ff67b8621eaddf7cdb70dc4bd2b5879765b

                                                SHA256

                                                1fba1986d193714fc7ef015303070f5c895173aef4c1a745efdf92136fac6822

                                                SHA512

                                                8e88218c87fdf64d48380faa134cbe77306f0af1d60693a4bdbb82c65adec4e0af47daca872626202fe61069be15a2fcd481ec2d6826b22acf26bd3da0e3c781