hxxps://urlscan[.]io/result/544a54d8-1a07-4bac-aaec-53bfd1b497f5/dom/

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://urlscan.io/result/544a54d8-1a07-4bac-aaec-53bfd1b497f5/dom/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2752	msedge.exe
2752	msedge.exe
1660	msedge.exe
1660	msedge.exe
3292	identity_helper.exe
3292	identity_helper.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe
1660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 4384	1660	msedge.exe	34
PID 1660 wrote to memory of 4384	1660	msedge.exe	34
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 952	1660	msedge.exe	83
PID 1660 wrote to memory of 2752	1660	msedge.exe	84
PID 1660 wrote to memory of 2752	1660	msedge.exe	84
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85
PID 1660 wrote to memory of 1864	1660	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://urlscan.io/result/544a54d8-1a07-4bac-aaec-53bfd1b497f5/dom/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff89efb46f8,0x7ff89efb4708,0x7ff89efb4718
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9472116380005327199,3815700095223732523,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3216 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4de9d9690a5e417c7cd9f8fcc50c7d47

SHA1
b3a2d0995f49466ad4ee11dfc4192efb80a3d4c3

SHA256
22f632370925b9db6eaa6e003a82c58e18c79b1ca1c590b0498002a2a4f13dee

SHA512
ce9581c8447d2cdf7bf1bd3a175c0d4efcbad058b8b73d1cf0ac0b572dc10481d351dc393d8ba5b3a02bfbe0af31b752b36982520560854066816a1bb1c6dbb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
bda63d508d320b1f84d89876d51e5fff

SHA1
2df68f3d5adb31a8cae397dd90e8ef26ece3fb04

SHA256
1179a83c53af200c0573c73fa7792936ed11acc962abf440150ac4694c912078

SHA512
72da299397aabb85c6768186936fd2f8a8d09ba8fb2682f8d00d8ce7994736e1d4670f943d28f250dae2d4f4762e9cd625288dc068ad42ce1d8320ce0c0cade4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7192828d8cd47c4acce33d8416d7a232

SHA1
506401cf6aa74d6919b0b0b033a7128995eccc45

SHA256
2cfed530d37bdeb3ecea359330281b7b537a7dc181fd207b0dae9874c34e94bd

SHA512
bcb8167a404d41a334abb84c5b074a9e421a53afa9703ad0c8ff209af4503c5f76fb70b9cb1ec11270934d037d0a98bf3f24ce8f581ac6e05380aaf04852ad95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c7bd16b5731a99aa062a60f78bf57467

SHA1
13ca4b7947be24f0e52d7e7d2581394190c925b0

SHA256
d79a04611a50196baf4ed0c0ef93a48fcbdf5ea8d6c36d5c21cf8bb4179387a2

SHA512
ec3b2640f56e5386c7c5002423bca3739c57e23c8af8fc17f46dcc3f7bdade14895555dc0d46d808b8999e6c6124fcba6df32bd9958ee2a769a279d771896582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
0a4e7a135ef4dd110df5e4abcfd6358c

SHA1
05d982b9e5ee82272bb820137aa6195881b76a42

SHA256
1f86227866465ad1a25a913805ebfc611b217dbf701467ed373ebd2e00d8a9c1

SHA512
f8b5d9a9ff047db7688bfec82d125a0264e1d8ed47c8158f3906c0e1e8483a7796355934ada3163088dd5a0f97d960f0042969df7de2b50c3f7e59d8ba582d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
526729ea0694f6957652a0727983ef7e

SHA1
c6019a21efcbebbe9a40e2a662a14f7055001eaf

SHA256
761082cd83ca21dfa0580058a836bee5c08b8b9ddc9011cae9d74bdafcbe9833

SHA512
df90bf880b9fb9e8ee90f1ecae6467ac2bd03fe8e5a2f1b95a65fe79f6cc0e2503ad44824c57c1c7edd376b01685faf560b96fc769459fa86271abdd18d76ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c56e63b86bd3928cc6aaf088663bc378

SHA1
627c9942700a93fa855cd7fe241cf73cecc8be9f

SHA256
4a0f0c78e4b6a52d4ab9db7de4c7f7a409854e44361102e3ee8a37e672e76f16

SHA512
6e952305c008e6abe1eff4bf9ebc5c57fd5630407de855c3d07f1bb17865bd10feb194c22626ba64e839f8cc2987d30f2ab58adbe89fca52e10db46b3e7472ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
04ec3c8c84641f32383708a3c5dfcfdf

SHA1
713438be8b204a3204191b756082d81944868662

SHA256
b969afdccbaadcd0cf0f91ca2c1a844b9454fc278102632fa9b1949f6b041186

SHA512
e7fa0c242ec4b83163446ee8cfd804857aeefc094d425a94100b7cf8606fb0a50cb54278cbdff7b2109b48dedc7cb825cc642d3f3386c3b6de9838837d8af2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
eefa7e01efddf555352cb67f970dc5d7

SHA1
f7c67db33795b4c20ddf375c824182ae30e5707b

SHA256
ce080cc3a42a0866f0c4ab269f43600f1f7cfaafe7bff23d3fb2b76713f7c3a3

SHA512
63bcabf0ff03f3e8fe5c708ba4d830c86a673e8dd18c73ac391f44e22dc8b0914b0980fe800441b0f8237daec0bf3ba29abc88892e7c888c18f089259044a3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d99381627604dd48df02562258e30d54

SHA1
045e5d92f45199d7c15ef393be103712d87e663f

SHA256
9573176308f5ef1999ebdd88d60f4b39ad6117816db688356cce46891e667b50

SHA512
85919436f04bd1beb566cb63e7661c3efb72c5c7fe9db7da11413ad35f818013ff248b6aaf0ccebb02f664690de22c0354748a10f2dbd0c63127cac80fff1136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e2de.TMP

Filesize
371B

MD5
fca1949d04d07dc5eee97b512c7bd8ca

SHA1
44b275f2020a320a8af3b28be7fbf1ec37db648e

SHA256
61c6756badc68d21ec60fd1a969cf6669ba1d8c1acc8d5c8f551026386affdb9

SHA512
e7581c0308230c82e3a517a0ad22c4ab3c993d1291d11c11fe9051afd295a953c4b41d54d02bba0ed865d14995d312b21726901f442e3fe7ef2fc478f085125d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cbf85c9b07376e21eaa022fd0f93ea9a

SHA1
74dd9ae1fcd44d024ddeb8ace93bf528659b4059

SHA256
488489953421fcae607cbb5e3080100ffa47427d534a0d9b4469e04b65742ced

SHA512
81e2f7656b3646fda0aa455176a229b1a24cad69bc4fdc4d417f5bc42d08ddd12c6d80643f7d04cfb2a7c9ca06cb16ed1e189311b47f0d30a71ceb84f8a70357

Download Submit