e27d05f19fe244de85e3bf9922d12ce61b306dda2aad461488fb55808bc39b2b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9e705d3bc090b1d4366c45c5aed8f0c.html
Size

285KB
MD5

b9e705d3bc090b1d4366c45c5aed8f0c
SHA1

ba150e0885960b718369b99ec62d72c962948e61
SHA256

e27d05f19fe244de85e3bf9922d12ce61b306dda2aad461488fb55808bc39b2b
SHA512

434aff8379a211ab9a9d6bb18409f4169f549fa110e22aa4d6019fcb586cbcbf2edc08da0a45bf00b2c52add7ca49e4900662677a525da2a8c714e8206f0918a
SSDEEP

6144:SpmzjtUG7Q/+OFmzIamNFfz8aHtNnAsed:Hz5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3316	msedge.exe
3316	msedge.exe
2676	identity_helper.exe
2676	identity_helper.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 4208	3316	msedge.exe	89
PID 3316 wrote to memory of 4208	3316	msedge.exe	89
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3720	3316	msedge.exe	90
PID 3316 wrote to memory of 3584	3316	msedge.exe	91
PID 3316 wrote to memory of 3584	3316	msedge.exe	91
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92
PID 3316 wrote to memory of 3204	3316	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b9e705d3bc090b1d4366c45c5aed8f0c.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x78,0x108,0x7ffb2a3446f8,0x7ffb2a344708,0x7ffb2a344718
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,17427988619745373028,5821826079565500918,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
72B

MD5
130bf0019d4ed86fcf5640a70ebe1870

SHA1
cb0c28f23f28f99573a9f569183950130388bf36

SHA256
06c6d6e0e4e1e1f45e4c6ffb5266e41a3e099bc358b42b50858138127ebaad46

SHA512
61b0ed0413baabb81116645693c6c06eec661b5b95be86846b407821468c1472b829543249206b6064af9617b9f3b7087bcd8c089f46077cb9209b0e4c31c516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f9775fde54705d4a32b25066f3e7fee5

SHA1
06ffbb1f3d08bba27b1cd893b1c506fcebe7313b

SHA256
5b9b6c491599e7c42f278c75489ca09b955a3bf11e3fd7b0f61c4db85460daba

SHA512
bd2a21bdf2bfa991b23a73825373754b564e040d892e6e2df2b74e1c492cce26e4de0384b2a501ba14ec4ae168277c9481a130667e9603fda8ab29796d168920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
980884da37e46ead1095f03e821ae64a

SHA1
873b270ffa9db6de4ac60b6f6c78b7246800823a

SHA256
17aafd290395c348d6ef2a6e827322ced9a571fd9c71667f8923209a6070b809

SHA512
4998c45cd169fa4288072d1f86d0ccbe11f2a34472e6daa9b033df17d29971ab94aa72e7aa095dff246a44c834e98c56036f4b46049512f208100d713ae44eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7e9bb4f0839444d900f92704caa652b

SHA1
5789a81a546ac256a98fddb56246f30042cd7e9b

SHA256
caafa77e15c8768e9dd0fd8ada30c0e88a3c7e9d6234191604f488c57f1d25a9

SHA512
509a2a3f25cf7ddcac61733dd49f2bd1ae3bc37776862b85c5d03d365a3c9dd35863837652894db73103a05a450fc5a3779980f66c166e491e70f936656e0627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4179a6818905ac0ddc24c74988d81e64

SHA1
613756f956c6837c95feae3184a5339002fe2b47

SHA256
36c31650dc0be1e10250807f6de41b404e53b7868d630cc963f278cd012d98ae

SHA512
a15d8078fd49bf66b122f083fc406c2ebf6c4c326342f72963148c59ddd27ec3eb53cef176998156ef767f3b6a2a1f0fb1263f1be42be1663cf4be3426a91fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
998c6d72ff4f3d17e788dd2a5d91cf90

SHA1
57a2c55e22f5cbd5e2095785095061fffd526d0f

SHA256
6276ccf20d908f0b41604d9a708f4c2da2eddc6d7556b58903e2f38d589ef7d2

SHA512
cb84c380f8941aff388a6969973059c41c132350c8185f18f4c21d3c238ac51bbfe1777fb712974c66ff85b6db0add931a98292023ec81cbc9eb4f867e4acb4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d813af25e6cdcc91f38e56534a7abbf8

SHA1
f81c7675844e65123f7c8323a82a1c128d6c1dea

SHA256
084955e8a074d76638ee638dc4221db7421afe194cc7481d67593abf3ea59395

SHA512
50974e3c406c90790eb8ffb3e2395f050b207bbe259f5f73e77bb47baa154367e826d854fff2eb2345deb9b0a0f5c51e77465998a6e75b1df0cf6a7aa084d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5818f2.TMP

Filesize
705B

MD5
70f1ffdf84aa207f6529e570d0d9a6a2

SHA1
6575ad3e49ff8585863c8cd11496123f95a58a8d

SHA256
a63c69476f770983456532fb54de00ed728bfccec74addfb4fd4229374876981

SHA512
1213fa1245616534edc0f0bd1ad562bc5e4e609f5df2bcdec8e42759ccc58f8765745c8f563c6a05a60617f55af9a5fb5aea11786ae98ee8dcfe979f670fa900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0a374c3e5824a9e2497904deb6c4339b

SHA1
c0e0f61b736217dda2e8d20bc88400a48b546406

SHA256
a12cd65cd952db6124cdbacdc258a0bf335179dfa86f48b55feae7cda2d2628f

SHA512
270e52629224684de4fe30d988a2a99f509e54202a7e58920ca1f245fd48bb52081178d49a89376fffc710e69c4858438394f423ccf2cc99a33d163572441e8c

Download Submit