hxxps://urlscan[.]io/result/ff18db45-1582-45fa-975b-5b882be81508/dom/

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17/02/2024, 17:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://urlscan.io/result/ff18db45-1582-45fa-975b-5b882be81508/dom/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
116	msedge.exe
116	msedge.exe
3508	identity_helper.exe
3508	identity_helper.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 500	116	msedge.exe	82
PID 116 wrote to memory of 500	116	msedge.exe	82
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1928	116	msedge.exe	87
PID 116 wrote to memory of 1272	116	msedge.exe	83
PID 116 wrote to memory of 1272	116	msedge.exe	83
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84
PID 116 wrote to memory of 3860	116	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://urlscan.io/result/ff18db45-1582-45fa-975b-5b882be81508/dom/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9604746f8,0x7ff960474708,0x7ff960474718
  2⤵
  PID:500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15527022116459062731,10323636936229694265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5560 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2b65696a-0167-4d65-9545-ac1fdebd99d4.tmp

Filesize
5KB

MD5
9bbae008fcc7321829f128a803cc61ae

SHA1
53ada8863206add95b203ef144c90052c7919ffe

SHA256
253d259bb9166d82b2362e6052494bb624b424ebf490fe9dc5bed5f2b897c73d

SHA512
cbab13e993b60d19bda39559663878c27cebf578c8e89281b3e5d321e063863fc7845631da5cbf1ff75f36ea8a3fc589a529fe41f0cc1dab8b02166970955352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
afae92db5a18a095389cf6af174a7c26

SHA1
0cce34866ca293b8fdbe7fae09656037c3f5d04e

SHA256
136e058465519149de67652d9bf2c8ec97e701825f2e987db632fd829c77a157

SHA512
9f463b3541ab9644eb200f78e2de23373002ea14180037aed7d38e3cb97caf141463cc49189d2eacfe3ffe18a2344244f541e7bc812e90a523f6bac5efa46f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
8329dfaae30d8dc680eae124348720c2

SHA1
1c738c87d24c8b1da3df4f58b895fbf725319342

SHA256
11d4b17e39b609d0d396056d78e0e5233e1856efade5617c52a0370017ac32f2

SHA512
af6aaa1cc2a49a09aceabd9ca378cb26d04b5b2345e70d55273112caaf99b5c8a23599d5cbdf0f1e2b33955194df1d4e942aa0773210c90c69a6346e8ac83c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e37458d93e74900805ca301ad5c8700d

SHA1
c7726447775f7fb108efda736687bb5949c6a296

SHA256
35f4531fd69dd7e3630c8e6972f293b3bbea90d5c18ba440f1aa43d934840494

SHA512
7516df75635ab2b88134b104dba7c401f31eccdec2a256fff27cfb352d5c490b01fbabc4c57591c94be00ba9e0f63e552fd73959ece269173d8023d185ff23e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
9b6833d7416f8e67b9d633fb252d006d

SHA1
f781bb9b1c6ada8fa640fa1ca0de57a7fa6fdef6

SHA256
23a71b94a406126f633fabefeed40cc1662e755374a47bbf714e942e5f016839

SHA512
b4ba076a12113e4f4dbbd1998b88d1367559e5e245929013900795fd932fae78f03efd41675d8ad4527da38277cd4d672be9e001aca10d8b4d93b8121c2c84cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
6f3f0680f9ba5c106bb75813083aad9b

SHA1
79e7179b6ca5d6ef07f0cbb07eaff04aa66f2503

SHA256
756d20cdd3e01f1ad653e5f4cfb1226506c39b3479e074e6d739b1c1165a576d

SHA512
eadefdcd347f49ebfddb78219018ee4d5802fc549288088d5057ef643653d251b02efc04dda673e197f6dcd6435c1d60edc72de1209ba0ba5fca7eb4f4c47f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
47e8afd95d8c9aa15128009267e93f93

SHA1
a88b867dc247fc5057e72eac23290ade0bac7fd3

SHA256
2eb92143fcdfa1d182d4fdaac8a9273c70d75fffe824bad72af34d46662f227e

SHA512
a4d448b1e8e3baf1a5b1efdd3edf5fb6bb9699291e32f644bc382ed060525eb8f5518e323bf13a49d59927eb37e85abbbe89f617d58a2202349295714d931efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
369ae990845f9a66b11ca00546dcbfce

SHA1
f8d4a17253b3d4171eff8c638090cfaa426dc3ce

SHA256
149b9d0fa81469095a39f264f44bf7b76c8a9fb6ff3b37998c1f6c36d0a55731

SHA512
b6645ec07d2e6065227f020b1f173a0477129e2df2edbe1c77cea283646d89c60367c5a0252c6ce99ac542ed768d947b6b0d5219cd20986c75732acc92fac4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
54201adff2cc77cfe180639c45cb4f59

SHA1
f91dff11e93a511a90a23faeacf08507314dcbfa

SHA256
bba0c97e7ab9ad71bec0f7e595d105d44e07c008c64a417314aabc10e68d66b9

SHA512
44579c8f45f219fb308720387a50ec9634807cbdc9738a5d12b725ce67b1170be388230356e7be08fdea5e9563c8dd7bb2740df27bdf0b141800aa9981e0e6ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c6a935fa2eaafffad005e2a5a2cee0d3

SHA1
ebce528f6e7c9f963a084296c69ac9a9556abf75

SHA256
d304e0c7c38556ac1b5ad4031864011b68856049df6a267a703b2d71407764df

SHA512
3f895ef70393eedab37cd448181b1539e8f885e4fc193a3e206dd2ffe1dd52239d25e72fe319d3acf75ff818afd173a1acfafaedad3907f4cd9004b96bb56fe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ed1f.TMP

Filesize
371B

MD5
489c26fcec81f44e8cdb61026923af35

SHA1
f66f0dfecd31ad6752b77350c604818d94ad6b5f

SHA256
91a65080308fa88a762872316e6f942cade665e145ac303d2417703715aee7ce

SHA512
bb76a4a22ad9e0e42ebf04789d33ca2c872db32d882626ff1813b5d6104dde4b0858adaaa80d956d9768393d1b0a3428089807e015b5e118f4b212a6448707c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
629ed9bf389a64c38c8fbf4861b84361

SHA1
bde49f6371fd421826ff87506aa473a53ebb9216

SHA256
df08a93e8ec14bdd01250a66e924aad6252105d005a688b986e37b0526333dcd

SHA512
596ee80a27f0151bbb75a160b6d13083435c65589ea16c670ac479d825b2ebd0044204b1d0d240bb9c950bc1fe9a9784b5e6d0f5725d5e5929aa9f1b91681ece

Download Submit