hxxps://app[.]pandadoc[.]com/p/02ba6790444123c0976d0699f9f80148e250422c

Resubmissions

09-08-2024 12:22

240809-pj95lavakg 3

09-08-2024 11:34

240809-nppv6szeqk 3

09-08-2024 11:29

240809-nljjzszenn 3

Analysis

max time kernel
207s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.pandadoc.com/p/02ba6790444123c0976d0699f9f80148e250422c

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
1216	msedge.exe
1216	msedge.exe
2560	identity_helper.exe
2560	identity_helper.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 884	1216	msedge.exe	83
PID 1216 wrote to memory of 884	1216	msedge.exe	83
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4116	1216	msedge.exe	84
PID 1216 wrote to memory of 4816	1216	msedge.exe	85
PID 1216 wrote to memory of 4816	1216	msedge.exe	85
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86
PID 1216 wrote to memory of 2360	1216	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.pandadoc.com/p/02ba6790444123c0976d0699f9f80148e250422c
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc07546f8,0x7ffcc0754708,0x7ffcc0754718
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7223919619583128106,11989843905925619982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
7b11383802cdedb55725bf094e16edfd

SHA1
70324c417d6e1c83f769410b5c75057acb699743

SHA256
d5a2e1a5d9bafcb2799a1c4575266519c81a4b3abf59047f282f1f418784fd8e

SHA512
a861e8b9ad7b09914ff7e1334735b1ecdd650aeecf87d941f4e511dcea0f68f93b3f9de84bd39c7570a8126e63ef19ab5cada12c46f44c61b820024ded681d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e960433d14d593e179adb1f3b14f04c4

SHA1
a041766b5cf5fb360bf96612db7367a4a6baf931

SHA256
e4e56d785e8ac72fe98755a241a42d331b023a2742acaa68b7bd63e74126e968

SHA512
3c96890934a2711c10a1708f55772627508d5e554cfe53631a9e6a278540cc5cc020770dc1d1de6281a111b0942b6cf3acbe986a2e068e4f389fab14a8865a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f8613ab2229ce7ea7e6404328411159

SHA1
fff483f581a5568d4b8dbb54df1b9e525bfaf2c3

SHA256
40f0561067574720e48a39660a9f0f357a1222a5e5642647f79f3d21a4ec3cc3

SHA512
3de44d83f2a7df15af9ab537b480e06c69d95101075e4d9deb865a97d4eb0a74dfc6803fea86bf1d4d06fe973181343a0a2a9a9ad06936b14f9f093b043e0c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16110f62d291ce8274685805a2c5860c

SHA1
092513a54f45a906e3351bafe56552ddc7ff206c

SHA256
5dd1fb7e0ef93879fa7c37c9c789f994ea78103e82e84dfb249dd73dd5f3c99b

SHA512
749617e3f8be15e46ac1d1aa7833532b44033e93b51250251bb8033ba3f04ab1be5e09676344e8d27055571c2abc849e96b99f53eb53191b24f22d04f19122aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
db5b9b82bc2bba88c25307ba2698cfca

SHA1
0b888c452553c1e51102ae8157535f95395ff1b9

SHA256
99b6e0d689b8d5c09d0ea316e294e1a9dc03e628a42b0d8786a4c0fcce2f45ff

SHA512
cb836d0eb519963a012b9c3e3e4ceff94208ffef0af504740920a061eefac4e55a0655eba4a80571aad27e50a00cba3f7ad6e9c89555fe6d0cc6f7fd2538abd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bf0d441d32250c308f47c231df2764e7

SHA1
0f531b294d9a9049833255cb4c2682fd252f67c3

SHA256
cd578566fa454c2ac46ab0a6485c3fdb90e59a52554ff078a7da5ad0322dc71e

SHA512
8460f8fdc469d127f38eaa8c7219b88e599c1bf3ee3af9c2f327eb5d7fe6536a06d12c4ad4d4bdaeab0a50f70270cf0d7a65f5be3d4c500af4212243fb6436fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9cb0c53984f57f148cb3d61f131a48c1

SHA1
311f251688f837cc9e6fda64caddd2e2d5636b5d

SHA256
067ea59cd095a249974b4e5c8cee4b7fd5c1ee6828626faa8dcbc2ceafc7e96e

SHA512
4791b9f7630a9c14e16e89428c56da5a6bc0fff06568f2e12dfa35c8fd8717b65d4d3355118b81103c12e7e4004364eafeb620427002808531655d72eb1a9369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd36871e3aa4f8679945ffd9e002aea1

SHA1
f80f9984a3a154dc6ce522f1c4ef7f10a640b025

SHA256
f963bc9bb904fce7197c82f46645015e0150052eadc5be70d388c3c5c278ef1b

SHA512
fd89f2999c2b0fdb4d4c6704e201bd47ea85df1c3370f249f3530bd572966b5ac0a923407fb6130c8c22bf0ac6fc1c139f2fb0025e9489dbc0c26ef9409593ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
efece43cb487cd9170c28daa37e59d61

SHA1
eaf04d31e6ee0e1da6460971cdef50db6683fb7d

SHA256
a75edb7371a3335fac04879527248163615c734b81186c347b91f69e3352c94c

SHA512
fc0eff8f9335132da89c885136cb152aad9c57b6abcde22daa418f961c0e926d5d27e96bd308920c6bb5d3a66014e69ba5fe08bf42fcb5908b26ffabefbae735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b75970df03bca437ca60fc65caec04ef

SHA1
5dfb879720491abe4d31f8d8deea1adba01dc1e6

SHA256
d66ebb1202c86f2541c5c140b40ef5fae66d2e166e7db7e952491e3c5ce42a13

SHA512
d69d390f9907adbb0d3fe2454e086d1295220bd311c2dacc033c00c9287e4c0141ba80b003455a34d382f11712608d2403cac74ae84557e352c7a7ca564143fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a277f565133633ca3ec041426ce9fff

SHA1
e7915619c857cbaf37c2622bfdd734790b87ea26

SHA256
6fb4424c588d50fe7d0df2e5e44d7cd83371b6be0248978312e04490a62eb68a

SHA512
a56926cd048526fec4c8ab1d583230c004364909b805f89f13f8c4b20a3dcc764ceb6f6245249b55a8982dcf40185a2114ec753a741144482470740ccda757c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1c1acc6ae8a6eaeac237bfc57c85083

SHA1
06908a966acc9245bcfab5b2759360b6c6d4af4b

SHA256
651c989e13c081863af6ee25b6c0eca7828d4da0fe89ad76e654ed080023db05

SHA512
e9f02e193a5878218b06c0cdcd00f49083c53dcd18e167a7cc2492fdfa09299064a9e06d29814173b07b0f999fc4abf8afd8e8792d04e198ab4ea8fd172aebbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
19dc9291e01e08490f291ebcb9850f7c

SHA1
ef268b6018215c3dcbba68a8216cd12dfdabd0af

SHA256
2f9957ef27b893ad3a328dfa5ae1646029f92a42d3b2825b4eec1b35fea13731

SHA512
0553eb9358c64ea2893616e7628ff0cbbb3ccaf8fb4b31052f3266f4a06f4a3ba35d7545265f831861b8ccf8d82343dc70d38af4a4ea5198469709fcc749a48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1a8a85401ea3362cee5ff4a9745272d

SHA1
4ca731e24f581dbb1238f54dbda112c119176c6e

SHA256
e548bae083dfe044beababc3ea5911da782cc249261b185c1b2b80734a6c8536

SHA512
c54a0e137d5b5cc8621843bcd18adfcbd69a33010ac0148e5db51c386c2d0b66a2d4382a51fd855e2985e1d0591f2f555553e4611f5136e59578ce2ef4433e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8167565283df019c428a78a4fe991574

SHA1
4782dd5a25a3c4a00cb108ea3a5532411d4693c9

SHA256
64499441faa603157aa03af35b668f02fff4ff05d7c74b28de4e0b6c01e9ae37

SHA512
8ab7b85ed3871e3474e809875bdea9286788cc138f6063a49c40c8aa72bded592a56206c33599985a9ca7e9cde5be475d2b5ee77007792066b9b2fa05638ad3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b0c273b87c8737346b2c108cf8c9558

SHA1
0f1fca57e4ec25b65d8d16db9c76b4816437699e

SHA256
299a145e4c07a5eae0f2d23e2ef63d4a8571866080043e652c2746f3bb948671

SHA512
c40174dcb44a9500d8afa3670058fb153953cd849628033847130afba9287a96da6d473d41858e7feef24e4b97c1a0a33093432a95138fd2eea241310ca7a883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
28e4cf45fe9bcf410ad2e77cf0938378

SHA1
36ae0856086481e1651261f7a1e374a92b779302

SHA256
bde60e188c1567dca6ed591ff2a438dc896f4429fc3ff63d1216f6217eca63be

SHA512
50ff29c9f41e014fc30bdb5b3f9ba86371e07cf727591da6a40681ebfbe20b63782d78d72ae6d4e1bd89a16c458b11c789e62f2fcc77b487915ebc1eff62c45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1522ece7c9e91a6e685ecd9148168ac

SHA1
3eb8ae08b3ebe6abdbc5a82a55ff4f4f312a6045

SHA256
e7e91e3e1b3036c5c1ae9fa640d480db442a9b935de6b6c5e197842dd496e37b

SHA512
d77a447f15e7ff87fbd9d053da2d86b1a687d879069d655a0f9f29e7b02efe63444cc564ff2cf57f7e83ed00871beacc487aa99b23ff1f503df4367a55455c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3769f8360a1a7aa92642762c4dc55a77

SHA1
900731e90ad60dad262305ee325aa4a88e68a945

SHA256
cb18f61d5559b3643d2ae1628f0401e3575f2701faa3758ad4ec7124b0074fb2

SHA512
b7f9db1020a0b696d760b0124be62a9472b0b6ea80e531812ae5e9cf6fc8600938fcfbc2faa7345e6e7f8cff3d40474da573352b5416301d7ed93d00767c03f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa9c.TMP

Filesize
1KB

MD5
fb212fb0fd050fef9bb5bdd3568dbc80

SHA1
79896a83fa9098b42125a07b513eb88fc8fbe842

SHA256
39dffc08add93ce55f510acbd054674cea7eaad6d7da777a5fb8bf2d2a5cb35d

SHA512
5a3a167e6ea4f3473eaeeb97ecdc1be36ce7e4a413a9dcae2fadcaf2211458f569336eb4e3d7e2f1848f9bba93fcb91ef7146b00ceeb1c3143d3578261fa40d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
789d88a1a31553257427a6049b95dec8

SHA1
05349311e1202f2158e2948159396781e4529e80

SHA256
f644cc0198d739cf0ef25591970d02109734e3dc726fd0e9992592efe21dc04e

SHA512
2895deeaf809308f616ee2a91375c77c521c80d085c31fc7606f9fb3273596903d93ab3ef4ab5add6ab8ab7dd7aef3ccee9f5114436901966408305593a7848e

Download Submit