hxxps://webstore[.]ansi[.]org/standards/csa/csaz7672024

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://webstore.ansi.org/standards/csa/csaz7672024

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
904	msedge.exe
904	msedge.exe
4556	identity_helper.exe
4556	identity_helper.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe
904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 4296	904	msedge.exe	83
PID 904 wrote to memory of 4296	904	msedge.exe	83
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 1344	904	msedge.exe	84
PID 904 wrote to memory of 4020	904	msedge.exe	85
PID 904 wrote to memory of 4020	904	msedge.exe	85
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86
PID 904 wrote to memory of 412	904	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://webstore.ansi.org/standards/csa/csaz7672024
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c8c046f8,0x7ff9c8c04708,0x7ff9c8c04718
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,12828904547464584764,16981578695400042473,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
b879c1b5903f1bf99920b61f2dd6c941

SHA1
318e5c1de88d58b2bc31ea8c86415f193fc6e59a

SHA256
38ed002d0657399c97c2f6cc641c1d59fd3b46897b0059ac85246392acefa544

SHA512
7f991f2e0e9dec4139a0d5297c66167880c68bc9789d4b646d8a5214501c731e290814941b795eb2f35c1387762160ef4878db551ca1a44ec6c7f7a0d426238d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ca48eefdcef5ea4050a3e227c8906e7d

SHA1
8725627e289ff149e807e07e5849b41b50fa3e50

SHA256
5bc69468c2388a963949288451d1bc3edfdc36a9f3004dbe62cd1d88837dd78f

SHA512
136cf2d8f5960406bad0fc4b5be8c74523d4161d3e53da067d86ea6876b2711647c157fbe79115ac22311fd5197773bc6793b46a632745760a8c6a03f5217d69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6fe0de40a427286ac69cbd998dace606

SHA1
732cf310a5d8946d77fddcc68f34f2f6f514c633

SHA256
b069fe93183e96f41b3ea4fd27eafb2cac4e08ee0f95f3de6c81c9c56863e811

SHA512
8c8b1b6b681c77cb9add8e70ca1bee13ae18dc3fe6b1605a6ca94d95bcf13ed1c1425b41633e11f34332bb2f22c721acedf2580ae37ad542feb3bc5cc41f71ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
858cae689ab16bfddb33f088d1294925

SHA1
04c0b999b6f73972e1691a2cf67480b3c723d959

SHA256
39ca0f8e19c1764778ba5ae1d865dbd3e042146b406351d8501d36746d48b5fd

SHA512
b4b097cf99ee9fce3e661ebd17f566e991c9e2c17c0e93b5c70569dbe4f3b47914d62d97d6c5b8cf082fcdce8a3cc531df9e532ab502eff63c7c43089d8a26ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8cf91498d07d37bfd0b41012241a3b56

SHA1
e423504aedbbaeb6b20c66a59392f73ab701fd52

SHA256
5299098ba5754ec1219e1514ac832b4569496390debe71f9b7f5b9c7114d2d7d

SHA512
64ee17ccc4ab65e28ccf01addfce6823a95ae9ff69cdbe675897e8ce9ce68d4302519fa4c55b7e522bb3c6d01970965c5edf3e866ac2043ac0fd331607a7a305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ff3de8a6d0d5fd6e9e6723bf30b841e

SHA1
abe73e0fc22c48fdccd74c33f3c3df7124c876e6

SHA256
f1f3dca7973fa05e9250f33e7885a50d38fd20147c24cf76c0ff6288cbd7a30d

SHA512
2658e7104eb2af18684fe97d206748091a6e925ba24810d824dfaa5147657093a64e3d63e7ccd5cef3df1b6d6a35277662022cac1c44f97b51b24c7a21b23424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5055406b41ea63ceeb3dc6f37a2ec718

SHA1
105e9957746eec2f46a3633faa15c7ad66c7b8a0

SHA256
0d67c309518092567666dca7534968964b9fce807b413158b3f6d96f784dcd27

SHA512
06586f5b99d7ddb79aa007d3f8f6e2ec729871cc5c467360b753cbdffb7f815eaceedc8a7c5039e2937b1b6b3434496ef3fa57f031c1c2687ab5be00e735dac2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c82b3d640d9127a5d9ea3eeea3891cd7

SHA1
930881c47ae0318b897b258ab0c00aad8995e779

SHA256
fec33a4f15fda011ea3ebec145b70ebda08dcd98d9ee33e2884f34f0ecfc63de

SHA512
88fbedd61b99650937292fc6582acb94d7c0cacac55ec8b63b5f81de30483eb26c016ada52d5f24229bb4e147520073ec430d4b900c892bafc08f558ad6ddf24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d5e5692153ceaa2adc2d90960cf907a0

SHA1
0cd8938660cab5a755edb8be5072a1953e515186

SHA256
71f615de168877de190eb2c456ca8495fa09d7e42ce63f4d9af41a4bac1081a5

SHA512
884ce6982e1cd932f95ca62a41060d108bbd23a5c573aaef3cccd7caf7fb2df505b571da3ffa5dc5d4d15839ccf2ecb77e16e03a386348ac684b6c79a82e533d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
21691713b53e6982be852b8f3da4c479

SHA1
04cc1190ac900fd3f8650763cf28ffe641268af5

SHA256
5909a041b0fcbdbfccd89554f7688ba7f9cd0fc2e8c795a5aac91a253ef0170f

SHA512
ee8b1dabebc55b11dd69facd1a9017507d1ea3cfb71744367f2aeeb1bd50f8a0f1707e4a6924a0fe31250b605d056dc2d45aeb4a6a7ecac68d2277fe099ceba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dd45a37eb1ac0d1fdff8063834bff5ac

SHA1
0214fb54c6ff9aecbdf66e79d69ec564e19782f9

SHA256
1908d2ff46d077bf54a4f7782cc86efbd03106149bd22c6018a130645008fcbc

SHA512
3be9e90ec83716d6267ce3a8386672863b1b0b1e2c56dbf3bc022dd20f455923bfb207a44e1cdea46a9009ede5df7dd81014046009644d9811645f07aefee2bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e0880dbff8bda48d25d4220c5c6eed77

SHA1
b4d9983d258489d9d4e9b85cc6e5c42367ba0728

SHA256
f85bdf924d8751fb020ecbdaf6088a43cddbb5db45870b4d2944a0828f39e4df

SHA512
19d1923b4284d0e1cc5a4ff52293ee0d2acfe9ee70b3202302e09554cb79f8d212fab0d4955e0792a28de8efd34b0d8223f32e6c09a09b475cf7fe4d4cc1ea12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90341739eabf17e9fb376974f84c7eb9

SHA1
89319cfc9f26b11bebb3692f1233de7851b7aa4c

SHA256
cfc0ea2ae5d13856317789dc171f1b68f4fded04a5a6990f32ce5bb1b903208f

SHA512
830b83e9659e5c030e12ee9e1e53cab7470d7fa57e3b62fafabc6f0412d95651d057a35f91204f488d45e54a51b4d923a911b7538c7737ea95f9bec8426db913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c96d515ff1243905cfe44918d148c4c0

SHA1
fc6f3e03d0a9a016f67795dea714e18cbe19d8cd

SHA256
f75efc1162a1eecd3250da74d14f6a87957f02cfb67121dbeb0c52a03d047c7d

SHA512
6f62d4159472218a00e48161de23572d77641a653633063c0b22b85e6a69807f44789c49fe54e7c790bf548073608586f66391c1bb7381fec5298b0d73804bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cfc99a87de09919002f72bd3ac806a9d

SHA1
e513791ea606871aaa60545416febca76129e713

SHA256
61e8ecc6ada6830599543557b65450ab2d46865d11370fb4d4d42a9abaf88f1b

SHA512
1321e9b40477846bd71ef943daa232d65a8314bd2575936eab72f795b7ee34b166e10c0864386aec25dfb973eefd8dc34144d37ad9f7838402aba89623d53428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e2650468a5cc19a2fa5e019cdee21642

SHA1
92f7954c693d5a26a7d81dc74c505d9d29e88edf

SHA256
9c851eebf0815327c88ee9689a58192a9d203311fd620573914eb3d9c1479c03

SHA512
d15bf597cd3eded347fa3a18c24fa2fe4c1c916186cfdddc142f0747caa13a3f5d91104f1a83e3852c20ed408063f5de7a4aa1868ec3ee04a65a1cdab1bba74a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df44bbd55830a553cab7017afeaddeb2

SHA1
bc7bec7d3d7e4d1cd598396220aa98c8f75dc238

SHA256
ff713edb4c11234c9f1a8527fb4bbdc5ec25bc63055be84e85e678f2f57a0505

SHA512
d9d72e9267c3899914c70d2d58a0b395dcf6062f5ae10db632b75ca44f5cf3a833545479cc7ed98804a02a6d982313f4c3d72ff9078f862f8f8e72d748e542c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe4341f10ea065a6dc35d2d7710b997c

SHA1
bc9153b96620e828fea0fa4d6b4b7471f3911280

SHA256
d1bd582e9f8a999a9884c51192952de463c83aeddd9062f53e59895aa038ac68

SHA512
9851b87707c585cd787386d23643d8ef86a637644e27396118c74bf293a9cb678555ca4bef8cff38cf74d2b02f24d4137ae856d5e9f9c8612dc5c0a610f1c073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d958.TMP

Filesize
1KB

MD5
4091b584acf6e4c678cd1ec271936d7d

SHA1
28c5a3b5bffe649061e9be13770a6dd469ba9c0e

SHA256
c07ebf78204ff8b6454833fc06523ad8c2df08d1b48604c33d8a65b773214a2d

SHA512
f68eea5fde0d4f546e6b37b9a564b5240af5fd2cc79d2b0bcf0c47b1f0083ce5709a701c4c18c457c51a32f0354d69faca9267e68589022589fede6bc1c42e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
42a181a8e3ae554cc69573baf908d128

SHA1
f535d28c0357d20d75d71fd88d32090bf7d6fd16

SHA256
121e99aa10037c76d49930fcf00ac600cced0de345c291ea5598f6bce04b44fc

SHA512
96e41c4603c9cb6538462da618020e6c2eea5e0be87d1e57785ae5eed0975184b37bc1d9a0ed48e3baa93a61be5d0531bb52a9365e4c19c33f530f58b6544532

Download Submit