0644252f19a715f2c0733f912ed4dfacaf36b48caad6a69b472ab81fb0f72b81

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yKVGLQ9WeD.html
Size

348B
MD5

556fa9ef4c895075c2d0f63053c16a34
SHA1

dc372fb233c6de9ecca9e616621f88d3c373e2ab
SHA256

8fb91bab32ad70ce6d5dd747959ed867b92070e093320416ea5678a6ef16ef8c
SHA512

ec89605e062f88190ae5780e8fb16e2c0d5e50938cee826aa4ea9a95d251c0833910382186a2eca0af5a88bd298ae33d14c24515e609e917bed067e50c8f4bf5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
1992	msedge.exe
1992	msedge.exe
4024	identity_helper.exe
4024	identity_helper.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1392	1992	msedge.exe	87
PID 1992 wrote to memory of 1392	1992	msedge.exe	87
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 3600	1992	msedge.exe	88
PID 1992 wrote to memory of 4624	1992	msedge.exe	89
PID 1992 wrote to memory of 4624	1992	msedge.exe	89
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90
PID 1992 wrote to memory of 2164	1992	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\yKVGLQ9WeD.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe121246f8,0x7ffe12124708,0x7ffe12124718
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,5623905088050590724,749418570795142683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3772

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x2fc
1⤵
PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
63885dbe070c32b98a2228875a739986

SHA1
8134d9a1d4ce9c31292689d08ac4120ed54e6e66

SHA256
c278d369e291770450b69d688d6925460143aaf7968b109bb934d2a3820cd6ea

SHA512
b931ee74ab1aaba0e516d7f571ce41048ed4d5194c603d18a5414e50d1559defa82f46833ecdeba332e109ca7dc4606fe0d29dfe68c110befd8fe10a069286f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
82de4fe29bf4baf58d3a7701bb336353

SHA1
198e0f94fc82470482af713cdcee74c396a59ffd

SHA256
aacef2710b7982b2e47ed3333227eccf8e718c4394010153d9b08c2f94f05668

SHA512
ee231e17a87a63a324f5467ace2236b699bfaf1fb8b19443d8b7aa5d39e017e6df71eb769505e91ae79898c4d6bd61a7ae3d7a9251bf51022908c7a7f44db997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3eb6757451e702222a544d56f9f9ab61

SHA1
fcf6fc47791d4b4936ca7763f9c9abb74f96c0c9

SHA256
0672512d31ffb72c0a67a3481ba1b42000e5fdbdaa969d90e1a7f0d715faee3e

SHA512
fa17b617f8c304b80c9be0a47a426dc4965e6205a40ba0a0ef472174144cb631fa8054b9caf038ee84991cec1728182b357ae57b599a5e5024e08018b25d20b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
122a24ada17204a0fbfc226e05a89e2d

SHA1
de80a66e05a9c71d2b7b211cf536049853664b7d

SHA256
2f94d7de4c27a477eb77c87e53455c1862c76be251c553bac94ff3fa5559c8e0

SHA512
db7a9ff6be8c7fc83c69d652b3bf9d0bc70272429ebb612a3ac4806029071a5c9b2003ad481ac1f7adc8d2cac47bdeaa98be9ce6bea1e8a6597bb6bbab1cce07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61663f3a6f3d73b046a366898ffceb9e

SHA1
b716671bb16ce93a9a6a739570245f1a03a00138

SHA256
028b94cd90ea317a0c66d1effed414e18b60de09637c2f969e287b7d7991e76f

SHA512
dd2da106adde8804fbd2d8f43145362ce912aeb56628131b3ab3fc36853e7f6c74fb002441dc08a52c974943776c4c367d657a553f0882519a8fabee26a0fcc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0f53d5fabafaa20f8e6b08e05f9ab02

SHA1
3d93ff1871199a8f60706a414a98efa209df74e9

SHA256
fca6c3bd256697a13f554ba9b0048f9c5fe4980254471b2ec989d7c9d64ec29e

SHA512
df1d24c50fe15d9d2c0c3c0876427a877fd9cb3440c60597687952a2a249ce3fb03229420ac9f3d57956609a347c9620427bf55b9e2ccf55c4ed58f447f82da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c996af7456dc74439c4db89bb675095

SHA1
ebb02e8d6925ba3fe466c489d84d563cf62948e6

SHA256
c4181b08efcd58981900bd81fec8d76a317f8a8905ff627eb152811692319557

SHA512
e02b74a9cbb450bd9dbe70241cd5a2ea8bff02cf13bde4fb5dcdaaa247041cad7c9a09c302ca7e7bde3c7bc37b8bfdddc7ab7e33c34ccec625f981f39762b59b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
25ef4c9b81829c368b544d524da98bf0

SHA1
36f19191bc70d9de5ed04794c7ffb6be0e4e1437

SHA256
e936c8347c637777af5313c3aef2a1dc287ac6e8e96ca9e8d226e9e32ad81080

SHA512
c7a5e7a6134ef088996fb96f36d0a140e34a85f9e35ee6c2c11e489ada471d78ad0b99f63213edd1e339df4ebb64f5ef883658423098bca393a8a379f63acedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f013fb3e9f19db0cbe5c9c5619bfb20

SHA1
ed1622e33b02315e7f2d65b1da06d1f7360720e8

SHA256
de1825a2ef65df82f68e0c0196d5cac2b9a3ed64321e3ec439d79d9baa0eb173

SHA512
8147d0a985c8485e3fb0144d66989137f2c71cf7ad6698d2eef6d318b3275b2e2d30fc1909fbca6ad043c56cc84af4e1245304e800c73515731187ea937e63ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7ec8537e57c734502049207f6c6d9769

SHA1
8eaaab408d55e0e3f8cf3d3d4985b6d8c71ca846

SHA256
314f231375a1d3ce323b38c6a701dda81c893efba1a5ad21d251ad1e519b467a

SHA512
d501bcf8853d3f6fdb599469e0ce6ee694bf92e3d231a77a53ae7ca3bba65c0887abc61f04b0265dfaef8ca7514909379d9e35c67dc41e0a3164ac2b34fed987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f9d3db4db5e02ecf1a542c86a55cc77c

SHA1
445cadeef6dda76e705620f1378151f183d705e4

SHA256
b03d4b7580b35426e64296dc3ccc76905657d0feb221552c7a20fad2dd6c3d0c

SHA512
0c94cbce2c6cba332129e56392e1be70f0b4ceb645b96779bd0626ffa3a92806a519084a81a93dae6fbaeb569a3ea2d36647b5ae56e6a98b618c49053f4af02d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44aa448a7c3966e836330b834e519308

SHA1
8e44864f3f17133b0d31d9c827f250cfc3ed84b9

SHA256
917ecc8bfca55cfa886565192c6bdf265d1c2bff95178187efc51ba8c8dcf315

SHA512
b0950ff2cf89652c5d0a81d93249841fa148bba263500c649ad0afec3471871807fc1cf1fc7c909e8c26788a1d00b797a3db49985fe6795ec1421802dba66d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
85df5634c8b624d6ad76e880078d48a4

SHA1
ba51b08ffa8b841caf50dc1f1a3e86a7c7bc97c9

SHA256
4322177f1b25c930b21a0b827483a73d52884bf64a376ee123f65ebbf3f75140

SHA512
a79b2f703ef0d9252fcada013b8a2d5c3d5f57d8fd611015edfefb24a0791831e0a2f91e02a2bc53af072a0ffa5f0d13e987dd3e60746fee853cb37f7cdfb35e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
56e2fb9b5ba463ecafe7192db0942c86

SHA1
c12545b86d9b5c39a8ea28b95490b0423ac8fde8

SHA256
3be3e400651550533d8db986cb2da9124b225558ba6dd4a57310b998a0dfe21f

SHA512
75d37a6488cfb6a2351534b73ac3a06a0bfb5c8a266868594b0910a06c3740b7ae80023b7814a7e32c19b8307d2f430766ede82b3ce70d185d29eccb12646090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70cb409b7bb7e00bd9bd5cda39ddb994

SHA1
718dc7af32b8ed8f21ece2b1de6fd33492dd9696

SHA256
5e234fd2251e835da0c10d243dc2fe9c236308425ce02d184617de315ffca2a6

SHA512
801f858373691b14667c5ac4131758f585b3468b5864f0814fe0a79970f62496eb9ea2bcd7fd6b7313069523caaa1499f023cc22ff58eb64de97b62ea4a665f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ab5e.TMP

Filesize
1KB

MD5
e56d56dcda140f282247cdc3471d8f54

SHA1
dbdadceeb3219b15b48616f55f0a1714f5cb32be

SHA256
24e24696a91ca91e0925d7cbb96c2d107f49354a96e68f809f2c9726634f75a9

SHA512
071f98498d8903c761ceedb7d94e523478edfdaeda1e9a25e8dfceb79bf5e5dedddc42c759481921f9f9950f1f4f5d5f03b2c91e97d75fe82bc3cb1d92391f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ff8747314d27f2681287584317e3e7ec

SHA1
ece40775d18321cb3e363ab55fd7edbb907fc172

SHA256
005cdae3d55581ea366853161e02a5cfd1e20565dcbfb13641383a0f8f9f8649

SHA512
9826109a19f9cd4874d76844650f37f54378d392d1a78920490b504618e6b34f7e983a7920c2a16b1ff4bd0bda4eea8d31d747c41916cea64e594baeb63719e3

Download Submit