hxxps://www[.]canva[.]com/design/DAGPPl56DNg/cYAT8vVgXFW1kGsDfr_y8g/view?utm_content=DAGPPl56DNg&utm_campaign=designshare&utm_medium=link&utm_source=editor

Analysis

max time kernel
46s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-09-2024 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.canva.com/design/DAGPPl56DNg/cYAT8vVgXFW1kGsDfr_y8g/view?utm_content=DAGPPl56DNg&utm_campaign=designshare&utm_medium=link&utm_source=editor

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
3480	msedge.exe
3480	msedge.exe
4208	identity_helper.exe
4208	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe
3480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 4884	3480	msedge.exe	84
PID 3480 wrote to memory of 4884	3480	msedge.exe	84
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 324	3480	msedge.exe	85
PID 3480 wrote to memory of 4864	3480	msedge.exe	86
PID 3480 wrote to memory of 4864	3480	msedge.exe	86
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87
PID 3480 wrote to memory of 2956	3480	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.canva.com/design/DAGPPl56DNg/cYAT8vVgXFW1kGsDfr_y8g/view?utm_content=DAGPPl56DNg&utm_campaign=designshare&utm_medium=link&utm_source=editor
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9835546f8,0x7ff983554708,0x7ff983554718
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3486165090727981243,17679363571149433308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3486165090727981243,17679363571149433308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,3486165090727981243,17679363571149433308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3486165090727981243,17679363571149433308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3486165090727981243,17679363571149433308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3486165090727981243,17679363571149433308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3486165090727981243,17679363571149433308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3486165090727981243,17679363571149433308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3486165090727981243,17679363571149433308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3486165090727981243,17679363571149433308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3486165090727981243,17679363571149433308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:1960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
bf8ef9e81687a8d3d34541948520275d

SHA1
cc709d2c5905e691358620a71ad2c314e43f9ab2

SHA256
a27536e39c52920805c3d24c3460d97314ca76158a70a97f710f3678efc7e1c3

SHA512
ed515cb7bb1e020a8c1042ecddf1c732576a83365f80a48e490b90f20dc8b6582e0cdeb41996b14d300ca507930ea5e825d6038c2acbac6ad94fc5796ac7c2cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d0e35b8dbf191031ba36569854a638ce

SHA1
f92cf16839fcf5f12884f7af2c0add680e09fde9

SHA256
7092d36c0d62be5100f8aeaeeaf08b9a06dad9e10426955ac20cc881549bdc74

SHA512
5fbad0dcc0303e73c8ca61ed613088784708d3def9ec033e7e0b720c65a5784a0a28937e567628d5f7ec4b15f836c811ea095ab5f40d1fdce430a68fdfb81f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd43235ef72af260ab6c5e8287b593c4

SHA1
fcd9edd4699e8c430ead7c5a21dab3c2e98038f2

SHA256
8ce6925948b638d37ca0d701b0d3b898d340b3471b78095f292a9463f0d511e3

SHA512
41b1c300f35014935151439afa415cbd3119d16d93d6ebb9c8dab8e3467d18d952212e40fe60a6a33d126156fe078158fc3ad22a7525cb3b01b74b32f978d70e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
97B

MD5
5f41d6ba1c54caf2aeb2e1667c0a25d0

SHA1
7eb91a9aa42e9fa144c959b4ed1e2823447e9af9

SHA256
9f858b6560ca1f895ff0ed183bf4230017d4d3bf5bc795e58ab83c89d1d18cf3

SHA512
17404c62da4a3b9be45b8e0e644301a0706997328cda3f3944e130df5f951ea64645b0985da73392120d3caf54fef5cc71799517eb4b8bff3d2992234d665556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
150B

MD5
f674e27e10bf35f35daf6c254072f4ab

SHA1
915382cf0e38b324625e363c48cc5d349e4b8e9b

SHA256
32dd23f9a6019d30aaac5bf6fda2642bed84d6224340fccb18edf267baf38a08

SHA512
e3b5149f848f6dd81c4eb84d93dc62b53cbb1762c5b17a9971974e1fc72e91cb59adb849dab66bea3ecd99cfc3a10784ae4916e3b256394b9d2ecafeea60d1c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
203B

MD5
2696e728a3fcd63da8ebd21792b70995

SHA1
63827695bd0c2b295be921ea83a3f255ae3479a6

SHA256
f0d63b044dfd0d2183e6855f8832be033d08e75d928d68c83ddd9bb7f8a2ae5d

SHA512
d71a99a49c276614a4635006cfc5da79fc61c0198fdcdcdccd253ca89a567ca12539d27449ed082ae59b9af59f8db21a49b85d159f251c982453336fbd31048b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d1394a4c842f7861ad7ae5e20da4b484a0c4acad\index.txt

Filesize
196B

MD5
d33e84f83e92656181afc6909a272b04

SHA1
7a9344f4893b93027d49eed028cca7d3a7088a88

SHA256
2cd05073c8808ea6164169c0cb3220700c1812a58c9199ada3e389c549501a7e

SHA512
1c293cdf0b4947913dcffe9a5910d3f6f39e4d3c872065d4eaed2abe4925bb29ed63b10fdb57b98ae7c38d00d885f23ed7e27d6c190019239648883ee3045de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
12620ff5c5c74286a52d5999af502313

SHA1
79c2c84406fe83a6033c38b02d0783430e8ce9a3

SHA256
2f15f972ff93f9b7b3ea2c32b8560277b70d929f1eb5b7e2b7da8bb2bfb9f819

SHA512
f3ee1743b23247277f5a42ca86a8efcb897d0586f9941b8ca6c0154dcb044cf33dce414ca462d2bda03d251599aa03fd56599a05ae68053a7ec34d01d486dfdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581f7a.TMP

Filesize
48B

MD5
823f4f7f938a12adf81b37c14f01df99

SHA1
00d7aba194ce4784fabaa47a641b62d599af86c4

SHA256
3a876b113051ffaa4f336d830a11f7a97b75e65809483fc954d399767b5af4be

SHA512
37391bba25e182743793ff6f4b218e0d0ada0a9751e0e182a3afaf8819a1b82c35ca05a63c1a1d6ccd94048da0f1633c52115e074837f53eac7bc3cdc7241e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
6846059b989f72520984c80d75211964

SHA1
66e8568c971c59c938c26b0c33c669f9e3235e6c

SHA256
d2abec3bdeb46f89b6306a4e4a072a7f59456ebe487ee23bad7b40f621d17757

SHA512
d5c2ea674eae9fe6938301ea1edfc4ebb3a41a030fb534cbed7eea2564f2d0d8f14cbfdcb64767bbbda379577d8e22972316da9c282435effacfe4b879569dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
723012189949b1e90a637b483fbec970

SHA1
e2c2abbc2f8e37d23f67a20509b9be31efe0e581

SHA256
9f7c9f1297f46e7d9bfce496c66ddf0ca4ff5135f8c31395c03565eb352a0ca1

SHA512
660553ad7c5b1979f1ef279418f2fc77b99c905de9bbaadea44cd3201e68c139d8badc2250733159e04ea72958f31de263113f82ba58c7e572bc66c7df58c1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b15.TMP

Filesize
865B

MD5
974fe45884ceab4e51bfce6d3a3acd87

SHA1
2b02760df49e4c7431bf88adb380d5f8593125c9

SHA256
9b9ab2c3067ad0e3f1cbc4e72d984a8bfd9fdf8c877109c5282e60ff9cabd038

SHA512
b701ce70f05cb078d4bb5f5daad651a98e72d88aa790d4448ce3616c172cb9106c74f60fa31f8b5db00209cfc2c0ce9077e2a5b85097e256c4405319ab4ea139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c2c6a585081fc7dccf419e95c865bf58

SHA1
4c94daf9e32f6c4565f7cda10904b715cadf2dae

SHA256
3abff7d321230c23276795b3c81e8d1555d4edcd3bade3547b9638355f211c77

SHA512
7ac327b897cb70f5a70c9e66229660e1d849be7e608ad05742b85fa20968bb2b9c01d8b85bfa17f0275e4d34248234addae47a30f429f064f2f2c0a48d91f38a

Download Submit