Resubmissions

16-08-2024 09:02

240816-kzl1gszfmr 5

13-08-2024 12:22

240813-pkb9ysxgnk 5

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-08-2024 12:22

General

  • Target

    http://wetransfer.com/downloads/42271682e2302a379561e3d3ecda5dd220240813105129/e1496b9d6dee610bfd5416975b77d29020240813105152/5df22d

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wetransfer.com/downloads/42271682e2302a379561e3d3ecda5dd220240813105129/e1496b9d6dee610bfd5416975b77d29020240813105152/5df22d
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3840
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa159846f8,0x7ffa15984708,0x7ffa15984718
      2⤵
        PID:3572
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:4988
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3508
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
          2⤵
            PID:2904
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
            2⤵
              PID:2800
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
              2⤵
                PID:1788
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
                2⤵
                  PID:2292
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
                  2⤵
                    PID:4324
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1852
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
                    2⤵
                      PID:3980
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
                      2⤵
                        PID:4876
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
                        2⤵
                          PID:1376
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
                          2⤵
                            PID:4892
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5632 /prefetch:8
                            2⤵
                              PID:3324
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6096 /prefetch:8
                              2⤵
                                PID:5024
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                                2⤵
                                  PID:3488
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1092
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
                                  2⤵
                                    PID:5168
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
                                    2⤵
                                      PID:5176
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                                      2⤵
                                        PID:5248
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6816 /prefetch:6
                                        2⤵
                                          PID:5336
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
                                          2⤵
                                            PID:6036
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
                                            2⤵
                                              PID:2836
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                                              2⤵
                                                PID:2088
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
                                                2⤵
                                                  PID:3784
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
                                                  2⤵
                                                    PID:4380
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
                                                    2⤵
                                                      PID:5736
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
                                                      2⤵
                                                        PID:5456
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
                                                        2⤵
                                                          PID:4364
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
                                                          2⤵
                                                            PID:2400
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8754689980084640110,1492696914726380101,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6860 /prefetch:2
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:3372
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:4592
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:740
                                                            • C:\Windows\system32\AUDIODG.EXE
                                                              C:\Windows\system32\AUDIODG.EXE 0x454 0x3d4
                                                              1⤵
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:4804

                                                            Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Filesize

                                                              152B

                                                              MD5

                                                              111c361619c017b5d09a13a56938bd54

                                                              SHA1

                                                              e02b363a8ceb95751623f25025a9299a2c931e07

                                                              SHA256

                                                              d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

                                                              SHA512

                                                              fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Filesize

                                                              152B

                                                              MD5

                                                              983cbc1f706a155d63496ebc4d66515e

                                                              SHA1

                                                              223d0071718b80cad9239e58c5e8e64df6e2a2fe

                                                              SHA256

                                                              cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

                                                              SHA512

                                                              d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              bd2e2e36c3e54c28d1fd4280bb5df098

                                                              SHA1

                                                              e69e861aa766a0e228fc9ad415d073ba299ecc43

                                                              SHA256

                                                              277d4985a83fe04079de37ed87d26ea71b270d4953146d8c247e60af532b271b

                                                              SHA512

                                                              8c4dca5da11efb3437e14f4a54285da6b00377a28a890a4cc8d8165dea82782b6dbb3b36c368ea80fdd820c20dae7c1d636dd9c978553260c6adf8e782c4a1a2

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              e5808b061aa821d3995df8c31df7f8d3

                                                              SHA1

                                                              88c09e4f55ecab5eca8dae1d64f3b4909c9e36dc

                                                              SHA256

                                                              a58c5645adbb93e6f5b9fa73452782b67f5353c8c1bd31b2acb068427266e881

                                                              SHA512

                                                              5a36b89541697d4a1ce1b430f3c54fdb91304cdfb110efe140441a964844f79ac660350eefb75f8e301cb88aecfd65c4949781a72a2e56fdbdbbe714b3c3d7ac

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                              Filesize

                                                              840B

                                                              MD5

                                                              c2ef4bebfaa39ab48f3f40ac9441c1ea

                                                              SHA1

                                                              9b81f959b47d21649be7e5ecdf00f69c424e3b74

                                                              SHA256

                                                              0ef2705a7e83a8d4ef33b1b3b28c7b2fcc0d4d0ea219124d1d91974e152158cf

                                                              SHA512

                                                              09a735072d6c4081fdb0759b82f950a60ebf2f77949fbb66faa1ba455ee7bd357c04e7ae50cdabb7adfd77b2a260477d0e9f5dde5e78ef7f34e652320c9a8974

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                              Filesize

                                                              2KB

                                                              MD5

                                                              bb76dc8bd68e65cd8f0a0f505c611c11

                                                              SHA1

                                                              dcfb277d5bfe0fe53a32648d3e217e601aba1150

                                                              SHA256

                                                              e3f6c46b6bb5313139f3f8dd37d4d0ab6e18d6bd529dcaf66b7a5908e7895e0a

                                                              SHA512

                                                              556ea1cb503c72495e462d2c143c9535b714e1ba5023645635f2417de90bf7a4e8ef266d26175ec6934c2cc6ba72373483bfe529f4e75656f306aa2839ab3fac

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                              Filesize

                                                              4KB

                                                              MD5

                                                              a588173cdd7ca1fa2ba7039e88a3f413

                                                              SHA1

                                                              617fb56228b569c0be2d8455b8f9e0d47d548443

                                                              SHA256

                                                              5aaff40713e5c5c904acc0d893eed7a2223f05df7236c599928c187d04d0baf1

                                                              SHA512

                                                              956385a70ac474188a23e08e1ad0c185d1a9614e26644ddb107eec4cde82c121d54dc4970501de221fe74f60db27e53c76f62e668e157af2bc454ca9c81c50d3

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              a2ec4ec1d8729b77ef78021827eb75b7

                                                              SHA1

                                                              120d738002035718cbba3c339588b7e9c4f2ea7b

                                                              SHA256

                                                              bc9848f87a4e4ea2baebc443115b15da2af9231e60fb0eaa3aeb70fb191c1fdc

                                                              SHA512

                                                              0d3721ef9b32d6197f2d1a66af202d8a2c5979df73e34612bbb0b509e3a8ddef1de591b04570fd0e70e71c4b04bb9a36c6905646164ef6db2d3aa2ffdb28ae7a

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              3faa524d6bdbdf4ccb69dfd999b75755

                                                              SHA1

                                                              f445417a51cfe54cef51834de7ef0c79f6d243e1

                                                              SHA256

                                                              d9bb71d00a89a2abd65798c51d83fc7657857b6bd733288421e4f2ece36328a5

                                                              SHA512

                                                              32cf24cf904bab8ddabf587e6507e8a8ea9707d50fbe5f71479ae1f31647e4dd5069f9e1f950e2e8fbcb5f5cd130b4a61e55f22f9c0f790e85e17b074c09f489

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              7KB

                                                              MD5

                                                              227f27c89310be03eb84b79225b55b17

                                                              SHA1

                                                              6197d7a64a8fa8b4a17b58139d52287f7283d3e5

                                                              SHA256

                                                              f70662fae5248c015b0a56f7f867c50f34c39a73ed508cda9c3e3cd0c37fdf43

                                                              SHA512

                                                              6b6df1635b9280bdd27c85e03a95150aa7e0d8b939b2d4c993af1c46b68ae6a0d8c9d96e989973fcb212154a25cd0e51ab364ec779e709745a12dffa0c9c627e

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              7KB

                                                              MD5

                                                              89782ea4d223f1e713e0eef740edde5e

                                                              SHA1

                                                              fb8024153d7ab0ef5fbb294701466273fc5db9f6

                                                              SHA256

                                                              df6d9074ad7edc9157e75a1ed3ef8f8504e238d1ea396c163f75133f62145b21

                                                              SHA512

                                                              9730abe5a1693ddb9d8d7e8706f2a3f363cabc2c08f38ad9d33ea9d74c2406f9c06506c76824cbfc899e279c54ee4bed94db905dbca00788f0acb1a7a8f4cfac

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              079ce6f99575629aaefd90dbb529a734

                                                              SHA1

                                                              c57f49342ff9a4d8cc0822ec3989580b1d85e8c6

                                                              SHA256

                                                              f87471ede279cc442fae3aa50ae93ef42ce31a09f2af15248554954d5e633139

                                                              SHA512

                                                              c85d328917258d0436251d343c4521f9627566de4ef55c41d74f4a06f939270ebd34a184b00e29bbcda1c19584f6cc441dfa5adac164b9688549b0acca8755fe

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              8cf5ac7efb4d206606685d3669418c50

                                                              SHA1

                                                              cc9d14f7eb60d7626763347a2222a95eb3402adc

                                                              SHA256

                                                              755add72d3b753ce016deff71f1d13f20b83b374e669ff78f4a0a6a8dda17710

                                                              SHA512

                                                              44a473b719b060a0e5c7d3a9b1ed0fe5811c5d8f223d48bbb5118eb5b1b69c5677c06b3b1ef7bd4ebdc3efc76485d9669e3815f00958970a5ce261fa9b12024b

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              2KB

                                                              MD5

                                                              07d13e027cab36eeb0be2e4821e151ba

                                                              SHA1

                                                              a3bba620970d11247d1b1d0c08da7280a55faca9

                                                              SHA256

                                                              b5a7551b35f87997275126561da211d6b2c2693ef52c798d08993e7cdd08b84b

                                                              SHA512

                                                              54fb02c2b6fb18204c3d7f1d47d88ebaeb7700c770577a2ac8873fde1c9b5d1e8087e1c622d6348e90e40ebb4f18ef1fe5391915fbda30ba58da2456d3c5dafc

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              2KB

                                                              MD5

                                                              f47260c52c80b17afad1441d0acdddcf

                                                              SHA1

                                                              24e534d3ab66437d9892c89bcc6dfaaee1b0367e

                                                              SHA256

                                                              fa6333107aff29a4473ca26ef65b1b1fd51001733620985ca84c5400880c325c

                                                              SHA512

                                                              d0be2fbca7e5d5824c3d616ba799b208a1b6e491f45ea53f74bb770cf0b7ac4b61bb805d7becbef5ff3968d0042d7bdcb7a620c6edc98790a480ff42cf5d419e

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              3KB

                                                              MD5

                                                              bf2e893ae85651e08f3b05f734184811

                                                              SHA1

                                                              b720bcb3e753343e36986ac5a935f1f06d6f4c5b

                                                              SHA256

                                                              93bf3e2c5038f90b669689eb195650cf76263af8307dab5fe97f70f63d4f53a4

                                                              SHA512

                                                              844a81dc627055f8e697636a833b21c6f169c25900c1aa0cf59cd5d387d7c2c68b55b29a50c9b273e55c86b11706130a05d01e14715595417540e314305462a8

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              3KB

                                                              MD5

                                                              3eb111ba87a8278f48bf5a9771908dd1

                                                              SHA1

                                                              72be58b079d02534609fb8e0d282b439906916ed

                                                              SHA256

                                                              c78a60eb6f461b4ff28eeecf7599e3cf8ea98286f0142f27a243cde39a4de103

                                                              SHA512

                                                              115cc5c907a3c88694d57a789d2ea379dd59e3b7eb9afb8cd4a2c808961c71fe36296d2c28ce8fb0fd400ff5d5d33dd88c88585e1a5c61bc3eddea57d16faafb

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              3KB

                                                              MD5

                                                              6158afbee0db4833760ad14a26406fee

                                                              SHA1

                                                              7970aa23b1ab568a7f644b5adc393f6433e6d7a6

                                                              SHA256

                                                              aa3cfc119f940c4064848216b934eb320638eb69823afb3c852e6f7849951737

                                                              SHA512

                                                              61f83c373cdb6c58fb33247b6ac5651e9abd7121367e23c7cb16b9074443ece13fefeab726620b5a6b2c90e033951325f528626031cb6e158154eaaace5cd44b

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              618a6d84f6c8ae758e37ea0ca0f41d52

                                                              SHA1

                                                              c8e5ad4fc882e35852b44ebba7448038a53f9ecd

                                                              SHA256

                                                              4a8e12b584fb71baf3b714303b677c9f3ffe06e3698e2ba65ef5c91e0db854fb

                                                              SHA512

                                                              8427b75a3c84e585dc2f63b1fec9003bc20499ec58c0e85d05ca83542d458b7592f3b33a2aada678ab9194cec40410658a27f85931654f9ab68aa08540bf5cad

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d716.TMP

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              82271d8300e573807827271166b42142

                                                              SHA1

                                                              2619f13b65d1c88776576b2dcb725806a896bea0

                                                              SHA256

                                                              57d0d40e877fc030fdaedca5f0b5fcfbe662d036b5db774d5b227650e6759cf1

                                                              SHA512

                                                              3803a7f17430c713f889393274514e9667e7033d228b090db3e6405a2cf8efa1d82c7675495ce8668cfb908938587f280993c2fcb98a605c12f35ffd5962bdbc

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                              Filesize

                                                              16B

                                                              MD5

                                                              6752a1d65b201c13b62ea44016eb221f

                                                              SHA1

                                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                              SHA256

                                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                              SHA512

                                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                              Filesize

                                                              11KB

                                                              MD5

                                                              55a0855b438826927ead577b270627b9

                                                              SHA1

                                                              1188fd1f7d218ebafece5e3840b2fd567be7ee0e

                                                              SHA256

                                                              a6e144c873fd32064bec289230786f2762378361903fec8081e490ecb5bb7d8c

                                                              SHA512

                                                              7d1da19a6fccee5f39972a8b1641802dd3800118d653e3bbf8b9a515aa67e6838c606b9ecc25c8ee4173e424e06fa23a5e790f01cceec2b6fb4241a028bcec2e

                                                            • C:\Users\Admin\Downloads\PRODUCT PHOTOS AND SPECIFICATIONS.pdf

                                                              Filesize

                                                              195KB

                                                              MD5

                                                              700959de35ba43312837c4cb01076019

                                                              SHA1

                                                              4c3d4a46d9a2c6e34101574ce92992ac58e8d6f0

                                                              SHA256

                                                              6140512a0eb9f7449ba234b69c4b4ca38c9cf6e179e8ce312a84cefced9063cd

                                                              SHA512

                                                              bb59f87085178791c2c0600dc16ce5280527b770a1bdcb908dd324c14270127ff6fd20354fc72c1a4c4924cbbca11079a06ed765db50fdb4b4dbfbb895088c8b