hxxps://app[.]hellosign[.]com/account/confirmTeamInvite?guid=f278e5f5c4817097dd3b9fb71fcd2617358f425b

Analysis

max time kernel
594s
max time network
485s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.hellosign.com/account/confirmTeamInvite?guid=f278e5f5c4817097dd3b9fb71fcd2617358f425b

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
2644	msedge.exe
2644	msedge.exe
1936	identity_helper.exe
1936	identity_helper.exe
5620	msedge.exe
5620	msedge.exe
5620	msedge.exe
5620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe
2644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 4720	2644	msedge.exe	85
PID 2644 wrote to memory of 4720	2644	msedge.exe	85
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 3116	2644	msedge.exe	86
PID 2644 wrote to memory of 1360	2644	msedge.exe	87
PID 2644 wrote to memory of 1360	2644	msedge.exe	87
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88
PID 2644 wrote to memory of 4832	2644	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.hellosign.com/account/confirmTeamInvite?guid=f278e5f5c4817097dd3b9fb71fcd2617358f425b
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce0eb46f8,0x7ffce0eb4708,0x7ffce0eb4718
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,6327846973681916631,11155219605062466161,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5cd515bb-1ac6-4aba-a257-75182afbade0.tmp

Filesize
8KB

MD5
50bef36e8f97d04282a0a40bd7f03283

SHA1
45be551987c1e5c9b2a7c856740de5d29fb26e79

SHA256
8b1096f40e1483a70456301a577b2a7440b0b9936a515eff3c28fc15845302ca

SHA512
368b2bcbe5bd446224459d4c80bb7d5e6d2d0f4ec9f4fd968a2c85db5d395e15ba285aede77b28eb69a19fe3b3167348c82da9b4df8a8c3c0212f80e1bcf6089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4c33c164bb17c10a45320271944c5fb9

SHA1
2982d73098ef868cb2c80c8027f618d6a1d87c01

SHA256
a51553ac55b6abd57651f5e8bd4276ff48c63def57de96edc26fb46b099fbd30

SHA512
bf63644deb87554c2253a3e5f7678ced4a4f3e016027ac2cbafa070541a038a4b1c1cf8538abb199e236c91d862150182b544419ddd7cbec2f27101f4977c0d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f74bb046228b07f5b080c53fe015ecc7

SHA1
36e4780087abb71379c06691e9a4453277238755

SHA256
0b266a6b9d681300efe0dbf506f9f77cceb787779eda9e83d52206236ec25b92

SHA512
50f75e255ecf1fca39ee2003b4273723c16de5116a20975e416ec7a06bb3fa49557fc4cfb5c4e2f4a564e371986f15c3a6abc3ba0574409676749aa9ae36f375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7a0af8d89ac00ad12e3b240df6a78498

SHA1
691b030579200be155c96d4604dbfbb00d4674fc

SHA256
255130dcc79f023754829afbf710390b606bc5ad4dcc4743cc72a7ed754b344a

SHA512
64bd738e6fdce4abec1fc27ab6033287a6f5548a2508bb671e617e21b388a8f57848b85d61ec3989ce7ecfc7619a305908c2eedba1743f5d6d9ce9794c02e7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4526ffd4b7d742898992f703f91aa8ee

SHA1
6455f431912524d4c0d8e3cfe9dcc4b96f728883

SHA256
a989a1a36d608faa05d487920cd5d99ea9a7b767f351574c4346c2b74ad95ab8

SHA512
ddbc37fd0b1833e57bf5976de79e4cbae91cc23d86f55a2156e68a937c3703248e7a4bce5237491916dbc72774e28d445941ecaef5e0222d8fd6b1a2604b707d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
411daac4986345593fd663305f54d827

SHA1
6909844a2c7ad0b9a3f8efbbdcd2f8301c6a57a1

SHA256
b229d38921ca5db56ba8ffadc353be68f1b1926228106f5447c25194b8c261e9

SHA512
38c2b9663d3b9dfffddbb830fd3c92416b1e74f7a94b052c1b75f1dc90507feea7d977c535daff4ed62ace96afc8c57ab94ffaafa6e09d23c6bd02b49cd317fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f486ddf908e4daebb552897ce21593b8

SHA1
d9dc9e211bed1f2bc7d7d720a49fc854b162606e

SHA256
ef4dffcbf1038c7f5a1924beda013b32c4b027f395469df86db827aa52662002

SHA512
d07a26d4bd203b46f32500a0d5914ec5cb8e1a8e1fc98346cd3ec7c7f9c431384ed558b6f7beed1258e4f44bea8af60e9f3a0dba28a173263d4ba50e8f2e966b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
41622958d97149e88018df4d1c28d20d

SHA1
227bf405b6a995f07cf1dbba8d13ac693f830bea

SHA256
8ac5328757ac20bbd5e6df90f47485200a3f44e0bcc12aecca7e8f3d7cb0afd7

SHA512
fa9f54f2802a5faabb194e9dd3e28842a981b5c73cc065946f22305c9facfbae7ad1f4106d28b2eee49c4093f2ee3427df4e5ab315b036238146c5214ef76019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad5ad5f06dd31aaed8d3b3a76cb73f42

SHA1
5813e6415a77ffd62cb2a72cab805f734ff68588

SHA256
4ff4a895fdb576840b6460be8350a559e1d653214134b2a5e28e000ecf0b9d21

SHA512
d50be40e4c1ecad72a104cad536dca30009c104901ddc716b032620b9fdbd5a0bf67f1db20a28e86c031b674888877d79a0eaa67ad58aa359c3732d3a053e456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b5324891e8aa1d701c5e9a17045e39e2

SHA1
a2630252755f9b8f4516495e6b7e6c7e47eb34ce

SHA256
b84495fd8dcf563243168f590097120623444f05f73241364216dff732e80568

SHA512
1427b0da9fad12af5df5d1ebc771b81470107bb51ea96c08d4af61a7655266b3b72ad2922cdc5a656552a1d943f846e0aa0e870d51cb102e2a3c43f649cc2f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c591eec4e1dfac6a937191f52b15870a

SHA1
14ce67a30fa9937486d5af151f496790a5877333

SHA256
0607f1f8ac14c6691c182874785596cb193d1933239e080a198365ccb2293d4d

SHA512
78ffcb5c6ed44b4fa5be1b11d73fd5be534970fd5c225bd72eec46fed5ee60bc213b95ff1b6e5a507bbf4e7704cebfc688c1ceddd9ffc447e579d26643c69dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1542148a94cd6fb66031e10914c6a7e9

SHA1
c390418a6ef4b6e807fc32b31024140e4cdb2a8e

SHA256
d54b98b4a26d92194e6becb238800388f58b2d8a02a3b81811617ba0149b7064

SHA512
0f25cd9753daeebcd0346004cc25b5af8e80a33f0b17590aa4e204c51fe6eded0d9bd9dbd2c826dd192fc4d68e9579d115433b94b945f3c8a6d1456842a42cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
303f82ae5b055254b530ae3454a9d71d

SHA1
8a1924e87224b3d2d4687363cef7778827d04e39

SHA256
f4c7075e9303e791ad053903ce5141bbd52ea85c47e67c9807da12d0930d6f2e

SHA512
1406712e907e600a907f7a41f9715d94f9bf011b7929bf45320c8c614d74e9f69fa6038202616fe88588abf918ab740602ae2cfbf950d20223d76ea3ae98e0ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4bb18527ce7d5d4b24b778696b418b64

SHA1
99b905d9915b5f2caab545b9e1c91114ed332ba9

SHA256
ad94909ca09fb2d8ff001f13c5a17643b54ef17023c9f9c6ce6204821c08e696

SHA512
9bf97103bfd0c16a11e5826d02414f045d1542a6e9fafe0d9824f65e09679ebb4e309e93b6fd7b37527b29a9dd7799810da12444a0b79a79bf657debdcf39c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f05ab100abc271447013a8eb4fd34e50

SHA1
81a293b54f8e60a4f10c7271e4c27f7b4b896a76

SHA256
5c1d5adaf42402dc3db2c068d25e8467401056a960d7fe2257b3b8adca0e815d

SHA512
d76a9e58d083738ff41b367742aaa17b39f945015172dd7fa6bf788c08dba08944b227cb65810e91fe3a0f65612f9182448552b621b051c055fa3ca940a8ca50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7b584b65202c0020dcb3abb4f5db4654

SHA1
a667fa72d1cd50e6015a10ff415b6871ecf74356

SHA256
e9ae82060073fbce872eb7fe33f5fe9f6f8280022e59f6fad645bd8b5b8a32f9

SHA512
298a7a701ad6a4d68cdb3a958ef2dc88882bc9556e7df7691da69105bf4d10c4a2077f57c2a9f9e3666a48c407a4cc32dd9aab589ce93ceb1485c35760747331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
269fc8b1556eb580e1f2f8e2c6bab508

SHA1
92637dc7f5d744508d0f8157b0fbb0d3194cd9f5

SHA256
e682639b0e94c4b6fd7ce824c4b2b5de300f3cb8f903c18d861731e4d3afe6c3

SHA512
0bbf9b370a04b726f422d8d63d9e47aa0e4540d1ea9d8202f7129ea80e0dd5e38f63b2de04efe6a508bde35e60fee060b88f3eeac1af52d1eaf0221959571269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6a0635b5510c92a92c896674c7488d2f

SHA1
71373af9d93a1878cf0db5774695e4732435a290

SHA256
7c4208d8a2d9f55398939d58afaca85fcde3ad3d973f761759761be84b6e7b71

SHA512
0120762c8caff1420b53cedf2874a0f30db1098e93a46d2a94502930962d6ee76661ed108a447f23a9173bc1da845b12f4fae0723a2ec77ae86f28c5b331c72a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bf1bba719cf6929261586070d663a151

SHA1
60f50f6ccfb5da269ca2b837a66762ebf9035b41

SHA256
a2698cccdf771293fb59b5e90afb20a80020e45cb8a4038509ee0981d5f8c304

SHA512
b3b065619e78db5e566c2b72d74bc14cd2014c1ae1e9224a297320407fbb5a563853487bee804660a3f6890a7df2e531977e1d6271713d9b204d9e82ded3c562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2a18515400d76c7ff0808ae7f94048f3

SHA1
38015747d96e4f21884d5ce616686215f8019442

SHA256
43c8ba36f859da950ed4494c9ee0d4bb35a88bebd61c92116603facfedb2d734

SHA512
f05dae83818af152269eec5f938475fe6831d51f63057d8d6897bdbc8098e42a5d461fb3387df54e0fa6149a852f25011036eacabd0a8c7c5beecf5e7727ed7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e762.TMP

Filesize
1KB

MD5
e140bfed734a44dd70ee037d64869e55

SHA1
62209608ffc53e7d53eb4d193675096c69a7934d

SHA256
4ca364d0d08a1080153c8ddaa44f46468e66fd27e93d0f892cded67694eed0a6

SHA512
a81178a7c99de484a9c103e7f05fdffa9f3e411875c70f2606e45a7afeaecaf3e2eb82ac4ddca62ae29e7b3a638cdc1802cbde8d278396cbf2b332fe9bac192e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a0ed8b00-0eab-4497-881e-fb2bfb2cd917.tmp

Filesize
1KB

MD5
2c4d56ee3917741ca1205061e9be542c

SHA1
e3b9aac1db68ca10ba47eae8d1318ce6a87299f6

SHA256
25d37beaea9c7c91d7fa875df22ea95015bd167736a1b253ad1c12d06fa5b790

SHA512
ee72978a60b9c7569b44c9ca12ffdb27cb8a6a5141fb4930ba874c181bb07da6c8dde9c712d7f7dcc19ea791d6d200dc490d47430d073882dfe74e70bdd3e663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e226c400-5cfa-42a1-a2e4-d52f1ef457ca.tmp

Filesize
2KB

MD5
242739e3acf5312f402510876ff5cd2d

SHA1
b3fc1384f64661869e9a24f89649305365e1693d

SHA256
f64c53f1ab506ea5e1a606fed80d020164bf6c3c469716ff02fda6ebed1b2e10

SHA512
13649e60a2cf923aed2322ff4513b7ab344b9c5ef44d2959a3e9adbb0470ca6b5a0e67ebcb5b9f5d8d686a65edac9f287e711fce990680c108beb9bf3fe56026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ce41242a-70ce-4bea-ad30-3f2d49084253.tmp

Filesize
11KB

MD5
925b5c5a6ddc9c9b648b7250dbbfdf11

SHA1
1d0457042f82f9e52cbf4ac7bbd7723b05dd0f15

SHA256
883b60446186ae77e0689c3e81039cf77b2f8f72c7701b3d8bfa41ee57a54bfa

SHA512
80741e6cd7a477636b3d3a72d271a43394c0125daaf5999a64001d63275884bad7e97ca031f44226eee5137d4a6fffe34c6b713418f260b1f3a9b57c0ea84a70

Download Submit