hxxp://cdn[.]preciso[.]net

Resubmissions

23/11/2023, 15:52

231123-ta886abd7w 1

23/11/2023, 15:48

231123-s85sysbd7s 1

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cdn.preciso.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
5112	msedge.exe
5112	msedge.exe
4864	identity_helper.exe
4864	identity_helper.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 4948	5112	msedge.exe	84
PID 5112 wrote to memory of 4948	5112	msedge.exe	84
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 4280	5112	msedge.exe	86
PID 5112 wrote to memory of 372	5112	msedge.exe	85
PID 5112 wrote to memory of 372	5112	msedge.exe	85
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87
PID 5112 wrote to memory of 1948	5112	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cdn.preciso.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef34146f8,0x7ffef3414708,0x7ffef3414718
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,1741321876601842427,18322358142123566144,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f30b8232b170bdbc7d9c741c82c4a73

SHA1
9abfca17624e13728bd7fa6547e7e26e0695d411

SHA256
0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

SHA512
587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
7ef11ee9e5d8cc4f4e669534b56c3c91

SHA1
51ed29553f68bd05ba0040ca19721014b1b9d36b

SHA256
9af0312bada59655c229a774b0b62ea7a3cf8d96dffa56601b88964d2654ff96

SHA512
510c8ae8959f9748c024a882cb8b8a8a70c77c1a7f80aaf4460d829c2cc759db9b96228458d60df00beca121daef99c379397bed45b486c47bc27ce7962337dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
24a3417dc4a3bf6a4222713e425bd254

SHA1
eb467f2152ac300fb65dab6d65bb81f12dcb5d90

SHA256
a20962381cfca37454e20560e9f89b27b7dabba002821667429da56825770483

SHA512
47fe9c12946859eaef78a709b4f567c20b9db4c2ef25ee59f582807438a56659f30d2bd84f77f892c8d08ecbd59090ab82ea534540e2f52f9ced539b5be2cd38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1000B

MD5
7ad4b985b47dcaab5daea2a047b236de

SHA1
981d30b1b2c903671b89f2aff62cbb02bf2495c0

SHA256
648966048a6570ecb146805a669c2b1890a80a740eeb274839fd30f2819e2590

SHA512
f73a734f1cc967b11ecbea46eb93395eff978b0aefe06a352c802b1f7cdfb13eac38582d8056de251b69de07368dc6ad1e926357842c3518afc848cff24a6e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ee40f6a8eedf5b00fdc35b282b1a435

SHA1
4520b52b839180190e9cb05b22e185ff5b6d3a33

SHA256
8aae76e9a29a7e110e7b1ba186053627724e09ddf6d4b2d01645e0774b3fab8e

SHA512
a7ff51bce4e8bf5dc7fb75bae3d3da3d24a7192a9498e467541c22e0b0288d32902dd6275885fa688b2bf9bb38d5b78b56d747c3c7570d853410d21c0b1dd618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe6d0d7fb138832857f877072c33664e

SHA1
be7b44a8508f672e31317ed88736226701583b69

SHA256
51f0d1a14c2611f87b00d865ad49bb2ef05aa042a2b2a211e7e7026d459fb0a3

SHA512
ab26dde323cba22ddc8b846bf46d68fc67b9c52764ebc941351977ff2c95f5f8efaac5c40fb657e14838e1509fd0d74ffeccd1d732ecd7d461a9e5a717d911a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec84333a47cd451fc8b1f80d684121dd

SHA1
dc5d1bd8415489d1fb2f00755365d5c848de54b5

SHA256
1d3fe8eb2a372c70cb445a4803a6625343ce6b0be21b3b2767f5538368fab2f6

SHA512
5954af8aec243112c57fc4cf9d9b1b8333849d6bbfb08ea665c9472534a1744f88200e23abe81ac6c3d03eb1b4f823812d15f1d4c63911478f4f1ea2f321ea4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41790398599dc8c7d9c02ff88ca0ab3c

SHA1
cabc5b779fbeb33658115b92a10520a390c71c31

SHA256
d366274fd25eded4303add28fa206ce2691b63a47f908c180747b821dc770f76

SHA512
b83f1e86e7b927fbf61e3f4b1ede901dd2af614c73892a629914cdfe1ec08c35d5f68a8e2be479e6ffe65f511dd2a508e361756afb31d69f02a9140e77f38ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b8abe9b2d273da395ec7c5c0f376f32

SHA1
d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec

SHA256
3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99

SHA512
3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
8e1fbc529a4ee531602fd1dc47d98449

SHA1
8c2ce74fb2fe530120db21dfa2931d35743fca82

SHA256
516db1274522565217c08a3769b3ec9b4d07655f99599e229fe0e1887dd58365

SHA512
2f36fb21883d655b5da147a5d6b3f00c98b87c99e9670bf198224db1b67043e6588a8bcb0734236e6f3e1f9124dbce36347085bb182af4c81eb962f4b57947c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581170.TMP

Filesize
204B

MD5
e41e988e258a6acdc24191f097769424

SHA1
3863cb100319dbc2a6880bd0e20419188f3fa39f

SHA256
db7b17ccaeecfa115b849c6550b911e69fa4fe4fb95e97ab1e3f18f0b457f811

SHA512
0bf93eff806a1e58172dd766e18018f2258db8aff2ee7291ec57cd60a86f92ccf166e3d78a2579e52936db7e048b0b8c5634d6f05cf2886420bcc55e9683c0d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7ebda64dbbcc4497a40e03c4036123c4

SHA1
988b46d78ce036df20aa5679f92a9b06f9dfcd97

SHA256
11b95800548928649427ab85b123ec6b74660983274a2775f179410fa52530f8

SHA512
e100f9ac4102498990af481b694b232f9a69d373ff40237be6d1d2b797c685ddd0e1b736bfe4488052cf97b606f7422cabe2ad5d036589cee212b85481672216

Download Submit