hxxps://www[.]howtogeek[.]com/362203/what-is-a-tar[.]gz-file-and-how-do-i-open-it/

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.howtogeek.com/362203/what-is-a-tar.gz-file-and-how-do-i-open-it/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
2688	msedge.exe
2688	msedge.exe
2068	identity_helper.exe
2068	identity_helper.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 1352	2688	msedge.exe	83
PID 2688 wrote to memory of 1352	2688	msedge.exe	83
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 2552	2688	msedge.exe	84
PID 2688 wrote to memory of 3444	2688	msedge.exe	85
PID 2688 wrote to memory of 3444	2688	msedge.exe	85
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86
PID 2688 wrote to memory of 4860	2688	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.howtogeek.com/362203/what-is-a-tar.gz-file-and-how-do-i-open-it/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea18146f8,0x7ffea1814708,0x7ffea1814718
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13125007792529608594,9423049845945741532,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
eefcc0ab4b8837ed8f20f4e4c07e6c51

SHA1
a6635e7c99e11c8dce26c490b8701cca74aad4de

SHA256
f2dc0797f4c28c3a80cb93f14cff562c9e9e11eac0e73cd1adc2cf958881f3f0

SHA512
d9244cdbfc7730b8369c760a5e4fb346336ff75a4cb0e9c825aac7b8169c05f948ba4ded0db75cad2f2e979185d042cbe00328aa25ab265ac846d6143d5995fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\10b5187e-f8eb-41a3-a975-db424f1660ae.tmp

Filesize
1KB

MD5
65c82aeb7a8c2732b0a327cadff95ead

SHA1
51a8dc9db66b8a19e2df3d40d7d941c1d92ae0a1

SHA256
700928d42784e31a1d2d948702b3138378d459efb5b1fa51363b0a2a71e1b795

SHA512
5cf1d36f8c859713355e02181df4e547f95b76e25d3afbfe224fd5b0b37c3d9b85a7ca5bb36b55c06dd3c4d43683963805b007ece99fae210be0b4554f3e1cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
898deaea89d6733bad69ac3bb0369e82

SHA1
f0c84bf448d0400fd64e768cdb3626b7caac8176

SHA256
eb64f4bdd5d3b453396e8508589d2265553148a12dd48a1c945f256a8cb08b8f

SHA512
d7375816ae07f9d50407ef561ecdf29437fcbcd3bbdad757dde6435c408889b0180c81a17de834b9899656aa66735b2b134e5943de66ad7d34522bcf1981648a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8f291e7a342c8fa7e2d6ea5648b56696

SHA1
21a81b03277e8b06e475a207422bd8d581cd98f7

SHA256
16be910e5cfa4ef5023016dc872d6341ee61bfec9a5574f3f5c75da2d9467f87

SHA512
4301a9d00ed2fa332f1fcd2c07910fe2ecbf2ff6b63910bee70b02ae6a439c37dbec1cf0b9f2fa06910f96d421ad83de514b1b357cef5da8bbf4e18715120d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c16a69019a83ae6bd5f4d86b69e5a62a

SHA1
8677c978e7f556e517ebca0550c68787ad3396e9

SHA256
b8ef307a5176f0a9e736e25f85e4a53b1ac1942cdf821c03ff4d43e7d140debc

SHA512
1cbbd23c42f5b91f279e34ef5ae0e4df017e39075b6ef7f7ca10947865221b9ebf7a02876ec25544850206eaf935ff5ed083ffd49183b942c5043879502f571f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
121b5b0305a5b78527ebfcf56adc2c17

SHA1
ba29c78091d82dced1e56d03f0852e7892034e04

SHA256
ba4386e52899c7f2ff16b71e44c4be15b44682806e978e22086eba454f44c66c

SHA512
f6183dad98f8d6e198de1ee28e982833e635ec3d3c7dc292b7374bd10bb64efbc3b8c6cc38cce178de403478e52dab8a85990d826bd176e31c59dfd19b72b205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
484d26d9561691b69d1c341d42cd6a85

SHA1
e6d7c91ae3bd61077e822528f10c0c00830dfed6

SHA256
75d0acbf46adb4ea1b876081276c7d470517a2de5545934d69c88363fe80793a

SHA512
67fd4d0d8543fab090300a10887f45370a4ba4f54c629266e0171874cdf479816d89872edb5eb39cbd4db093448043077d6dc9c7e73f3469196382f12e785abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2f299b24e0e8d797207f441c3a79023

SHA1
fe16232ccdb47c3cdbfff802b7f18a4529871983

SHA256
5e070a45a7f57d9f28a2ce4e2a2bd4b2b0747687405dd02a45712e8b06800911

SHA512
3d752983c373639c9fa4c5d171d51aa1216fb7f8d8889609b4e66fae79bfa8708b2ac4fda50de50a8b4468901cee17bb96c469198ae7d1862467ffc9e6ee63ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d44b8824fc5df458f74b0550ab71b061

SHA1
89942fcec0d60d9867ac3049d8ab3d12c713bd14

SHA256
4776f8f7d9bab6c2bbcb3fa4e41a0007f3d23982e73fb6a75c9badf7d71dbd6e

SHA512
91ba2a88e7059d647d25f16a9a51ae30c622df3a892528c6f497aec64fe217ea23a142344eaf30684454f1488064d476539c03179853a0436c6229a6bd3c890d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a363d706aeda9735745efea4592f700

SHA1
b5e338de1bf3dda35b36d0cb4b564b2a333fd3fe

SHA256
aabb85eab1f47ca030e4ffe2b7069af99b448aa223779cc227161dbcf167ffc1

SHA512
5be5fb8d44aba8bf99bc7cc03a04dd6a45a494de90ef20ee225a7bbc7cc37daca2c6b37a71e636e1f0749440b3ee741740be526f41139af20ec65a6ceb78ef40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4cc05ffa01f989697b0d4c53fe601030

SHA1
a4619c381e02f2cff150ac87e33d6f3d28e930d3

SHA256
d1d0736232219fe1b1b6f6d5b9f71a212afadb906e06503e78a0eb0c5a8fb4d2

SHA512
65d0bea0793dfcf40873a547cedd549805da1a481d1baa8b54c4fe446dd93c59abb6a1a8df6bcd717bd978da12b3707bbd4eff16b1c1d5dc459dcd746611886e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7bef20ab68c3570ceec23f85e9eedda

SHA1
b7580de5c85df7efb53b317c6bb181e51a5b44a1

SHA256
7a955b9a2044bdb5da3f6befc677f15ff04bfe49aae1c0819dd86f3f24a98564

SHA512
0c2c5b5ae847cd2fad7309e70ee55d73b6b4d47a13928e18d456633fda71fc70a8b19054ef615e2577f07c8e708176a823b298d998b7825fa0a4ea0c9bab1311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ded417bd215e05665cceadb58be91972

SHA1
8dabd463fede729f36144ee56f456c00f223e4d7

SHA256
92316bc1d0e623407c72478e44ea46f66018a55ad14f3bce82cfe6d616d92d46

SHA512
168142b751c9bef9a369b2eaeee9a2d76708f9e4157a62ac379f959ae373c306052bb1377c05a420525ba222718b10d0c52186628d2eb87bc750ea9f6fd1e110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef90.TMP

Filesize
1KB

MD5
1cc89b18c65c7f775a3237215e290f25

SHA1
8a08bd26c22ad6bea9ec11860d8af33917de7dc0

SHA256
5a5ec57bf04891fddf4912473e437982e7a4700fdc263931da83bec4da092f96

SHA512
05f06e938afdc67cf0eee4ed6f9f67098a7feef39665364e2b3f77cd8b9298110ad0ff43a7caa97ecaeff1ddfd8ac0b3db34532b9a6fff9f5e8426f10febc9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
89b30f61b6ac855b437653d75fc020bd

SHA1
a9337fbb2666a00e9ffaf3d534601b00a868eff8

SHA256
d831f46e882b9280ced241fbfb2ec443950e0e243fbf0ec987852cbb9617825d

SHA512
f3b7fd51dabfba19eceb436227173ce6999a18fb74f8ba7fbfdb95e9534f1e8254e25ecab530dbf334e4f4d1c06b160ed6dd5969613e6d1845cd6f2bd64baa0d

Download Submit