hxxps://urlscan[.]io/result/c3ef562d-b417-40b8-a2ca-cf6667538bc1/dom/

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17-02-2024 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://urlscan.io/result/c3ef562d-b417-40b8-a2ca-cf6667538bc1/dom/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2244	msedge.exe
2244	msedge.exe
4728	msedge.exe
4728	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe
3952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 4040	4728	msedge.exe	86
PID 4728 wrote to memory of 4040	4728	msedge.exe	86
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 3812	4728	msedge.exe	88
PID 4728 wrote to memory of 2244	4728	msedge.exe	87
PID 4728 wrote to memory of 2244	4728	msedge.exe	87
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89
PID 4728 wrote to memory of 368	4728	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://urlscan.io/result/c3ef562d-b417-40b8-a2ca-cf6667538bc1/dom/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcdb146f8,0x7ffbcdb14708,0x7ffbcdb14718
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,22184136598107187,9678399805501667307,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
afb28c0eccae4ed038a2818c5fdb4f57

SHA1
e8bd7131b229c6138fc9b63345234cf33281794e

SHA256
efe79f2f3070f458d14baa928315e8ee80406094e61dbb082dfa6b8c2acaf0b2

SHA512
ddc66b0df0422ff1ddf08f88fac99349c158e038ae450b335ce70d2e4d3f65fb85a5d512613dee38716ca243e0c8997037fd04243658e8778c0642b699000eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
dc7050019255fc6f45e55930e84c0a18

SHA1
b9995684b0273ad751e80df5e3a8970e714a41c0

SHA256
49c2912825bca2a0d2fc2c78bd6c479f522c09dccea9aa2c23bccd6423fce99a

SHA512
32c8ba87acaa959117b6a98da3fc4fd2d0767364e8772b022e1197327a4ba04a05db1ab828f942e84c1aaa1ab5dd0caa0f13901c6920562a1927efb147b260bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9d6fbff891ad385e34dbfb39d8838c25

SHA1
b2a10a8988a4d5f9ac4343381ba00beaa307cdf4

SHA256
3a82dc8e76bf57c47dcce5549b34dcb5bb7c3faf5289928b49b5a6f6d49877a4

SHA512
e914b930b905f4bb27de0aebcd17d72c1df040ed9886a5e60b828937319915d2bdda62091fe6943e73f17cc1175bbbc15cb5c7576adb73fd45a243412480f02c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
af7d69e549ec28097a74cce27cd35b1d

SHA1
58fefa6dba0ed33b37d10d5ece0efdfd772c4a41

SHA256
5a6b6b9b6254058a9f5d9f3bf56bbf5b9efad11049a559ba29ed8ec17c1392a2

SHA512
927df2e9a16720ae6ddaac3d34719060a959676ee02077226e8d29d229f59f0e7b1f150e4b706e850b0554bc93882d74591182e3d23ac2fb367ce96894484af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
98e83044038edfd21ecac175e02b25ba

SHA1
f9487d8a98567865d913b562ddad94d1f3a22f50

SHA256
7b701516226d7e8ba7893369e4640a67fc66d3160ea6128713b8a068ef47ef57

SHA512
1b479df69dbbd9789059b6142cffc71b6d3b520f54a93b3419acfe98579d6b1134016ef5f461bb1c8f02d23a9b4406e1fb3efef4b08b0f5dc6256e4c4f063dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
da453251bf183f98cfd5d3924ff10a8b

SHA1
09a76cd35985d592701d6dabde3130cb77407489

SHA256
74648661d11ae74153ffe3aa185de8e48bea2475276ef8b9a9178d1f7c348bc7

SHA512
528d18bd9663b18ea24fbf2b9e1ec0e1922786073b65722312424faccc7b19a0e2b5d86ece9b2860729af5a3539e2282f085d1af68f93d23f09640ab4b5ec157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
4b1c99f852ef11bd9f5839c82fef6555

SHA1
b33dd19e4d16338c9fd18c6a0d9d458e7f6348c0

SHA256
72aa620436421bee5bd9f258b9069a465027c4f26a152625ee6a289d9d460c0d

SHA512
92a57b45228144e5e7fc4b2a0bf0b8311fb7522ba90d7fe1a753d684fbdc95beb2f359f965e0f08a2a3dc1a56023c426901f58d027eecd32d14c338ef124db17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
0e600e96df827b8481d214e218ba41ee

SHA1
bc52580c147d7fe5d51b34f0d6108e538e2a9139

SHA256
120e14a920736c7173c7e725e7144dc19a8c41a107cb0382ef53b71893627dc4

SHA512
7f16b245f12a00dd7d525e1c2596745071397e946088b1c2c3aece85a99cc0fdcb3b7ea1d9890a7a9f0503750db5651cd094aad69b3be12db7b815e594dfc62d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
fb72fe668400967820eb08b9e16fed92

SHA1
554740f7297e6a5f9a79ed0456521a8eb54bae1f

SHA256
06723649df6aa3762c0f132f16d0909e33e4cf51b2eeefaddd21eee97c90dcf4

SHA512
30cd794d9f2d87cfc82d471b37b81f795a7f88e35d4cc175f032396ffa014793233c6ac5e002286b7a71949421f2e704f59c771de540c2017d3e5b780df1f2c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
5872c2d21100c50a69e72862378449ee

SHA1
d9b686ebebe29ec9b8fdbdaee31ff3014798ff5d

SHA256
b5949942a161284c4ecbc772b9b58b0e33ba3f652f08394d106f3ea99bbe7006

SHA512
915767e8bf12b88d7f236c16521de49a6976a77d81a2f83f1af8982d2be219d31e549e93ddcd0f48f9b1fabc1440977a7a3225707f4699586944d53a61a0729e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f77f.TMP

Filesize
371B

MD5
49b2ad2e983a7d0b698d7543243155e9

SHA1
1ae22783db46c0e7c9d02f276a70ce77a739ebba

SHA256
a9c4350470216a314599ad087d951c80f4d47a9b438c253cfe3f681824983e14

SHA512
f2cd1a9f6d08821d37cfec02ed6659ae2770b591302d31990a38104c15568caa14d8e7c51261fd892746f9971a792669895409c1da699fe5f467b90ff6d44520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e4196140f8c0c54e5d518b40a86f78e8

SHA1
78c1b104f676e40121398554a0cb9170d00e577e

SHA256
8f91a74cd7a81a753f9f4b1a07760ccfadd4808c5b923e9232c07bd7c41f16f2

SHA512
fe4a8c19377676c868477f022125b16637554c0ea63ad1157b14b4b6dde33acf88c412739a6edd4098a13e107ba1277c5013665d27fc4d13828697bbcb68d515

Download Submit