hxxp://kansasmarketingassociates[.]com

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://kansasmarketingassociates.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4344	msedge.exe
4344	msedge.exe
3868	msedge.exe
3868	msedge.exe
4004	identity_helper.exe
4004	identity_helper.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 1584	3868	msedge.exe	84
PID 3868 wrote to memory of 1584	3868	msedge.exe	84
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 952	3868	msedge.exe	85
PID 3868 wrote to memory of 4344	3868	msedge.exe	86
PID 3868 wrote to memory of 4344	3868	msedge.exe	86
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87
PID 3868 wrote to memory of 3256	3868	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://kansasmarketingassociates.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff934b746f8,0x7ff934b74708,0x7ff934b74718
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8956664574376374237,15682112294947678202,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7f028eee-9479-4654-8dcf-438bc6cba04d.tmp

Filesize
5KB

MD5
e2955ddd6c599beaaa1827457db35efb

SHA1
6105e4aa16923b9552aba96e7f34514b7b283fb5

SHA256
4246a6b393016b7e78bf030cb5acc7d26689583aadf30878964689d836584356

SHA512
370d7bc8ac07d4dfcd8c34cd4b67db02700c55cdc840722503123d9ca1c1de91629323b9b65d36812b31e02e51684a85164a206d16ea89c013e3996eac908c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
0b456fa580a3f1f74ac7ee312ac265de

SHA1
c8baad29d2a5305bb23110e75277acc597fcac7e

SHA256
d1daa0d994fb360dc33c80dbe7460fb86635459f4c0f304d7dd470f2f4c741aa

SHA512
4a5ea419d79808e3cf2666a16d5adf707d0014e9d8325fea9fdf8c044c1d6982aac86d52de0c4d931cebd9fa8b260ce0be0401d458f41cad2fb3c409e05b5073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e17c0ac99350cd983846893b849c583f

SHA1
9d93889ac736150115f18670b1ec84fb23c29da6

SHA256
f9918757f7f2c617ba0a984bf010047a6750f4cb95de9097ff39799c0d8577da

SHA512
ec1b6f55aacafed2a309c35a296843424a9de0db379d0076a18cc2f4101bd7c47ebd193a6728b8f841de0296d43e4a5e234f73e2fc9c3d528c47c73e9fd0444f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
06bd1b8b48c201fa975ac79c345aa41f

SHA1
9a80d0c25e54e1cebee90c02acf79c59cc3e7120

SHA256
5a5893cfc7571164156d0210b49461bef35c1a6d739c29aefac65dcab6730dab

SHA512
0c4aed79ce9f5700ee4c5a4e052ad0fd4c767b9c51ae3455ea36b743ffa4e463d9d3ec462acc837e0d4ca20d9a6d53b38385b13829b6a5587fae4dc8fb51f807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
27650b80dbe52b3e09c71467917bc7ec

SHA1
cec4f5ba4f8d5f5a1e6bd5d6ca15736bbd30ec2d

SHA256
29e70d45f64d1f650aa19b99f4b87710e6bb1d7d99004dd71cf16bca65d4bc7a

SHA512
1ee704e91d3609052ca4fba87a05d80c35842c2b30d0678ae8ab9b4920398156fcfeb87b20a51fae9b1dccaff09255fdf4bfdb9d643d2228507b3b4b624412c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
afbdd0ebde1184bac5d4f20bf670003b

SHA1
5d0989ef6203b72b6f32439cb5638a12dbc095b3

SHA256
01a2dd1c15bfbef29d3e5947c12c480541634ba8907c707a0464e1d30aef1a5b

SHA512
a92b1dc5bc59294c5eb90281cbab69932d0b147812fb3e1766c46dec36eb2559c5932e2d03f3a291e3ffb09d54cdb12f485247600b1e9715800faa5a9b54dbd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
6a9cc62b0a994a01d94466a0b907c1ff

SHA1
308c3cbd7668ac48ac65766c336bbdc5769f8728

SHA256
b0a4fb01e10d36e0f83a12fbf381caf19554e367621038dc7e1df44722f83024

SHA512
da35770e91e290d8a8d403b1627dcde96e3b299df9d89f9b0247c2228be58aa83603770342e763a91816c6ce94ddede893c636abf98b0cc8cfe4d4328c3f2334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
6b59e179176b6f7724095c0c61821e2a

SHA1
ae56207773e24a2136581f70bb85a0bffdc39934

SHA256
16f3a577a74b25bac962e3548270f289f89f5c0f3cf54bf260efe8412a3fe0ce

SHA512
e693d5939996ccfc0ad3c5f3e1aa1523baf0f565c9b63a381f19db12285e22e97f6b822353ae39d7daefb582aa5a6c6d4296ebffef2335a6e71595f968d98adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b82.TMP

Filesize
533B

MD5
67a38dc6a725ff3902a7856ddaa66fc5

SHA1
6c4489681826d1f2421185adda94eb08141c6b21

SHA256
e44739c4acc3f279f0a03d7426548465df1984a00f41b858c71f55f3ba4ee656

SHA512
7ad1b473d16c4e7e7a3e955ac428a38e6880005ff719c04944680729c966f3ad0bd7ff97d33df11612c8c18a1bdcfdf340c4cbc41e9e36899121b9a8b586b39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e28a76bd2d626065af9cf2ef96b8a329

SHA1
0f348cefda0ed599971d37b2a31ada29f5938194

SHA256
cc1cb537bbacaef34d25cbac18728f7d436169ef52c838debcec49cf2a481347

SHA512
79821a4fcb8cb6c3e6fd1fe7b5d20e17fa331177af720b072a319b9cfd6cfcef5ea6d8f2d9ea0da396c4de1932f6264902605b9eb25bc73b3a5289f8bda91334

Download Submit