hxxp://gg[.]gg/196blz

Analysis

max time kernel
148s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
24-02-2024 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gg.gg/196blz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
4996	msedge.exe
4996	msedge.exe
1892	identity_helper.exe
1892	identity_helper.exe
2976	msedge.exe
2976	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 3064	4996	msedge.exe	80
PID 4996 wrote to memory of 3064	4996	msedge.exe	80
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 252	4996	msedge.exe	82
PID 4996 wrote to memory of 4444	4996	msedge.exe	81
PID 4996 wrote to memory of 4444	4996	msedge.exe	81
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83
PID 4996 wrote to memory of 4928	4996	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gg.gg/196blz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc35383cb8,0x7ffc35383cc8,0x7ffc35383cd8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,5594573998763543528,5127153796689558318,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a91469041c09ba8e6c92487f02ca8040

SHA1
7207eded6577ec8dc3962cd5c3b093d194317ea1

SHA256
0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f

SHA512
b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
601fbcb77ed9464402ad83ed36803fd1

SHA1
9a34f45553356ec48b03c4d2b2aa089b44c6532d

SHA256
09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15

SHA512
c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
17c4a3dbdf144fd836c589bec43f918d

SHA1
165e7bf35f9edbda6746b0c21c2550dc759eeb00

SHA256
0869ba56df7acc60a757c2244c73f9fc89d81aa338e08b629c7aeb5e10938505

SHA512
288ee65c1532e709a696ccc4a3a17f64ba358bafe28b27bfbbaf64cb6fff5fe59bf2fb83498ad09763348c3de7a616eae680a72a264c5a2538a63db13b562f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
db5a088f53435acfcbb09618b7970667

SHA1
52c81480e34cd06d951d386b99da38750a691d21

SHA256
67f79f43b955492f2aa8e7274dd3e6eae7e99836a82e6df9575f2281407e818e

SHA512
ae40b2b38da1a90c9689fc482f7a339ab4ab5833afd73a8e2c140d6bde60cd79712458ea708884b168e3ed59de67c3b6697d6bc6c9ddf9e13177c03ff0d5ca06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c65099698867fa121c28ce9b7ebb7425

SHA1
5f03a92f7c54ae245216ae71563315b49665eb08

SHA256
afc720d1a2288a3712d971cc76847c9a8144582ea0d3e1b1a28576774ce02d64

SHA512
2d18ee4714ceee74ccbf7048efe602f83c97fba2f184107421692be2041cde7097629342d6ddf2bbcc301c70964bf607e35680299a769a1827aadab9af94408e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
215bc2b7c6ee9d54cd2effcdd9d4b66f

SHA1
10b300410b37cee96c690b20fc8275c14d4556ac

SHA256
6fe85b236da544116ccab5d7a82b5a4742d04448db03086af744c0a85b9b732a

SHA512
d12a726403c82043a37c5916bf1244476a6bcfb04834a5a1f6c3ccc508d299981064c72b04ee49ef434c1e15bd45f39f2b4901ea49a014da5d95c83d11170416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
966abac9249daa8b21dc5ca8c549896e

SHA1
7071ac6b06a69f8bef7212dc766302ea04ff8b9f

SHA256
80b569684645ae36edd9efffbe296754c04dd1e81fe97fe623422f78a7597345

SHA512
04b2221ab5a70dda0ee9949a43213ac8b03f36218057b8d60d4bfad9e5da582a2c3949dbdd6f9a682a35e6829933c6057ba7771a5d4512c99d7213f5dae844a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90e80135acf45060327c12a7299cbb1b

SHA1
f286db1e5cbb176f8b1f4f432af4bc7af03f9e50

SHA256
fb91468d8fe7a72b46bac5a754d7245152f1e7469145320baef85042f808a257

SHA512
7e24da30e375936467f16d7cf280162c66f049a0107708f76205b0d44b814ce71c712ba69ef095081c41faecade02ec7ad91d1c02a0f66a03d357375c397f91c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
19b8d2568cab8b9d4c6077d5acc83ffa

SHA1
b97238334cad62a951192e4a3a36da5a1fc30248

SHA256
3c1ca39c0f4391620d6f546f29cf4c9616d8598ca8d13ec8ae0de32dfc198b42

SHA512
04f6313c1907bdd32c6873bda809e1fd0bd17594275f4a17ce7f476e419cd04fdd1016cfce831679d952a815e7a019f859858937fe7f475d3f60aa006f468175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
ed604291f73e8cd49a02a976e6f61a38

SHA1
bcf03ca96412c40503b982abf70e6dbc7a77b403

SHA256
6a2545e896a249deef0f4a6c0fc818c738a7c4ea626baa3efe05d936ba708317

SHA512
614f814ae0114f367a8c7c349e4f56c2adf10b60bfb74ac21d07ca5f1b081ea4cddead0e3ef09c5f8c608c0ba29fc2bb9c9d4e98e7e790b3729ee0c5944d3430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
9b2ff8360ce2321df0b37a79cd2253bd

SHA1
f8c3693d9fae4c0f099c07602f8e3b0e9f78cbc1

SHA256
16d39aa91510af5d0fb3c5db687df050a26e37ee9a01b7ae5b501a2823fbc06b

SHA512
cd02557953cc64bf0dcd8ef7a6273c65d71b39b65d2919f5e81910dab13aed402c3457202e615383ae9deeac508d22707b299c1b11d3a849dfec6e16bfa72764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f0ce686d81bdf033cd6eb5201aec4e2

SHA1
6ee18894af6486a8a4813e713aea19b793ed3b7d

SHA256
8ccd379823cbf928c581c9b38b0c56e22efa81c18630907b179f77e020c827fe

SHA512
8229bfa028d86a7472299e4278faffa6a7d0f9ae94a02fa80a4de0aaf382cc13889f56d33db7af9e37d7dff97f43007d4f70881c870878bb892283aef446479d

Download Submit