hxxp://consumersilver[.]com/viewmailerservlet?d=6402_119616_6453_6339_6336_6756&e=tojha@evolent[.]com

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://consumersilver.com/viewmailerservlet?d=6402_119616_6453_6339_6336_6756&[email protected]

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
4848	msedge.exe
4848	msedge.exe
1100	identity_helper.exe
1100	identity_helper.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe
1860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 3876	4848	msedge.exe	82
PID 4848 wrote to memory of 3876	4848	msedge.exe	82
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 1152	4848	msedge.exe	83
PID 4848 wrote to memory of 3056	4848	msedge.exe	84
PID 4848 wrote to memory of 3056	4848	msedge.exe	84
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85
PID 4848 wrote to memory of 4668	4848	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://consumersilver.com/viewmailerservlet?d=6402_119616_6453_6339_6336_6756&[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafe8546f8,0x7ffafe854708,0x7ffafe854718
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5656 /prefetch:6
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12166490326128298910,2639357913249609574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
93153d481aa25eba122b04b49202efb1

SHA1
863313bbf9d8f38b70d1f2bdad7cff175f415b6d

SHA256
3b81cad89d8c28f205d2c22d34a3eb6e7952bea13894d5af74f53cbabe808a13

SHA512
6754b475b0f83251f4ece29023de985b9880d5e3fd6cffe5e16bda8967c322cac73378c63b295701f2ff5f582c7cd22591a90c14d33a2b34cc111e91fe4f9665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4ce3f0c254e989681cb995a678bbbfd3

SHA1
33bdaf61567ef3afeaa20cd4736b0b25c8ea6a59

SHA256
164f1b768d6c82c07699f62b096984f23c7e5c2a0b43c52ebeeabd0564c9938e

SHA512
af6edf41dbdc84c0f3b1acff7bc77ff7d1f395c4823dd7221be783d3c90bbd314ac24eb85bc22c1d1f93c3ea9bee8ab2150e0d0b1577e43a4f28ca7591f1f896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0ca3672a37502499a4b99b70b3a19c4a

SHA1
72bf25ba00e91f69bace7e8ab5f1cece1f7dc7e5

SHA256
aca0296972e1d6435c7ab48f2ab010e48e0b97114d9a0aeef4c120cbb8c30d84

SHA512
83536cca9d3d2ce970b23935460c3ce26c05b851e07630563768bf5c3c59ecb547ceb666b452141c8b32e679ce2a7950e767803f9d33de70751c8444cac47343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
72ab5d6feda62fa0c484d56d21b6708a

SHA1
1d3c77117c62e706eabea537f2fa5a56a5a7a4b6

SHA256
22cb59460ee915c14e01285437a36192f121be517d7da616bf40c5724a5a72bc

SHA512
7da339c807020b8782963afba729e62c3b89ba4fddc78ba73b87d432bf1011d57147f1c17788582d1d5f39c4cc7f12ec24cc033d8c935b418ab32e1e14f37a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dff090e3852575ae54023d2cb60de0cc

SHA1
9ac94d463b8bb60ec3fdd27f7742bc3450da37ae

SHA256
d4a0629ea9267a5aece58361b6ceda6716351061b4bad7bf739502a80191321e

SHA512
cb1c2d4a32d2e8afe05b44b561b77252047c558a816e681a9154b8269fc2c7872a4c481109e64435ad5115b80cfc9da4d64e614c4fb771cf84bb0bc4591181e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1b88c809882bca79cb7807a3d135bfd

SHA1
fcd7afcffd87b4207d02948dc03f4e082227ef06

SHA256
af3c68fe50fd850fa55801f058a4c9e39e6a791883c7024c71eecc1ffaa015cb

SHA512
6a57b41916d03b7c410beb86c73ce7c9845e159ff71943487fd8f8adb7b6314b192ebf480a0c0340345ec2c411b449cc6566781a8338bfbebd7f76451eff24cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
12f39435de7171416fc4a3ba0825ad46

SHA1
7582944a82b3331bdc6afaa21f56f7cafe4f3b85

SHA256
237a9cf165779ced234f7a08c3d426907e8000b4eb72a7b89688285da26f302b

SHA512
b0cd67a8a73f093317ee493a2981f4481655b497881a7ea136b2f09112bf6708e3e1d6cceabcbe2b8fec027885fb75d36bcdbbb3d0de6efdabcd49458883bf0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
baa11e325988cca20298120f99446a54

SHA1
b28383cb7fcfb9d8dfde9c1aace62a7a19b3889c

SHA256
5cbd23d4812b02dbd4a064abfd01ab6366125b49ee5bddae0dc27ba034dbb7ea

SHA512
0c6676dcfb2eb032efa46927d1d2d25ebc815ee2e877e9f45497ecf25857f609013cdbd07b017ef9c5d6d3fbb0c5f857b26c81cce773777fcc8a31cdb7d910a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2cbb456925bfa4dc2d1b4e99894e693d

SHA1
0527e7a31753459b5b3d421e6185960993625a68

SHA256
6e42a2810f40c9e208e35a4115b2898b565edbdf84c2bd967f4ac2308a7a56ea

SHA512
f093236206a240f45820b4588aa9a09a6186dc48358faa31831868883312cfd5d6a950caedb1452dfb6095c944365b4268b5d3fe7258b5b92349e1dd8bb31fb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d231c254adb29a3c8481dd552e6e2398

SHA1
891f0217524ffc3fb06ffa8f26cb4d6c4ab7136d

SHA256
9f9e89a91a2fe6b9e0fa4933499f2164406be14f4fd3696fed2b3a4e07829d1e

SHA512
6244374cbbde6e40c6cf0b85a5454eead3fd88f88f5838d3143ccf5eb5b1b919c203a8c5dad1ae267d84300f364e7cce69e53469d4d083fc3ac83aed5267fde2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f3b6.TMP

Filesize
2KB

MD5
7c797d366d8042c9168d625f6ba933fb

SHA1
121ab05b477a01e33bb43f6ad592304af70d9dbe

SHA256
8c4c419d745446a8ddb5e1a0d7430862d135784faf5a64a6a96211cede925b3a

SHA512
74145263a90b85901bbd110b37cbaa7a8f2b708b1a090d9e8f89e2b4380c4eeb659d314e824035331d397c3ea9af35d5e9aad4a81d50cb73139692b3f4233934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ede2bc2f36abbd1a2b93aa771f3937bd

SHA1
c5091ebfee800933af239f5b84cd3a9212a73a68

SHA256
2593e369809b854ef507c335a6ace475607829cca71190f17ccd78ea6506481f

SHA512
73d3c1f559202a54071c034b8c88eb029311fd1efbf4e05aac2e7894e6b0a57844bab45a627e0564cfb9db44dfd6539328bf8602ee3be4aa1dd9b3fb9a605691

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit