5706f2a6a319c39948f090943cc87f98ba6d216b220398770aeb6b2e14bc7811

Analysis

max time kernel
147s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba4e220cad78996e8d0830c7475b9bd4.html
Size

49KB
MD5

ba4e220cad78996e8d0830c7475b9bd4
SHA1

e5b317cee1fff37dd2aca3efc093a6a52ab4a50e
SHA256

5706f2a6a319c39948f090943cc87f98ba6d216b220398770aeb6b2e14bc7811
SHA512

000021be0e647077fe124da70ce83775cf360ffa39b72081415dae201ae34a8686d5a542bcf8ce2f086b791090db1d43410ab86e22d6738af521e5ccbeb7c6c5
SSDEEP

1536:PFh4PMlmrjIA0/b6FKKKISb3CGGhX26Fua1nvQkGHCn:XYrJ0/+9afGpM0nvQkGHCn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
3948	msedge.exe
3948	msedge.exe
4124	identity_helper.exe
4124	identity_helper.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 2596	3948	msedge.exe	85
PID 3948 wrote to memory of 2596	3948	msedge.exe	85
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2356	3948	msedge.exe	86
PID 3948 wrote to memory of 2112	3948	msedge.exe	87
PID 3948 wrote to memory of 2112	3948	msedge.exe	87
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88
PID 3948 wrote to memory of 692	3948	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ba4e220cad78996e8d0830c7475b9bd4.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff621746f8,0x7fff62174708,0x7fff62174718
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10507891847600494370,10231087167526038480,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2e75655b-9d55-40eb-9c55-bbc259ab3171.tmp

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
d8e69b0064804c2fae633aa4a7c320b5

SHA1
993a141d6f5f947110db7ea6c337788a861bf8ac

SHA256
4fd8553b9eab023835e1b19984154d704290d29f68f1ace193b95071554264f5

SHA512
fec925a3a7099980a0110a46b01e9cc5711f9a12e5b2ecf5821a99b249b256cf641c4daba8d67eb467ffdc014cf35a4d066f0e7015287d593543a2aff40c839e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a3e5a3ca4646524701498bc52f95219c

SHA1
40499543e0c09d809b0ef4549579c50a4245c795

SHA256
d900eabb00ea3a0995da3f6eaae3431ba3a0f0225e3348ef1689e27a129102f6

SHA512
6fd89c1ac68e15d431f6c04e078ec03df217e862650c5e00f70d17f721fd5464f97e3e1e38679591cbd0658b27f849290a90e2d62a5407d9b9a0e6294fcf9176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2a6fefe4b890037a7dafebc32c718e60

SHA1
29d2d970e21fe7379366008a802bf56cae575102

SHA256
f6c8cfa33ee7d790b9ffd1ba06f1e6f145a4486a3e4f882170f119865b484605

SHA512
b5bb8d5ab8d7e97b3a33e63153f99b4f405b932e0b07eeb90d718da85a91e4b90e6b312a594ef1960821cd74de672d3390c9c6ee5ee51d20d94ad8a1b5a06395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bde681d2e97aa5959ac57e4bf858b82c

SHA1
aefdc4cf9647441a8a73dbb0c31f923d63d6f1da

SHA256
543957c6bc63085b0011aa2efbb187bc1827c7ea8ef68c0c949da576e44a863f

SHA512
817e7b66ab6a73b2890def22c9d8a3578e2be17b36d9257e8c1e453fb49c21ba61d98c959b1fc176dbc7ba7ae01ee85d684751cc1e4a7e5672b2c7f848cd5317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be28758d6d2925d2637db20c5b129a7e

SHA1
48e49d2daa37fadc9b7c1ca1dc7914573220d2d6

SHA256
8ae0f3ee2f1ae7bdd88fbde2e4b2f1278d0061b2d39f05bd50e57d774a1086ab

SHA512
8a9c9017a1397b64fa4d0e600e6fb3bb65683eb9175a822a2d252653bed381d40da51bc7a649f46ca06d49677cad1783f07e7d0dce2b0e5fe84a64dcb4450d4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e10c88caf250c17530b04c313f8c439

SHA1
432ad103b1693cdc8714a8b9c7a4dca85efc4006

SHA256
65f591ba58077b9b319831a568f0912cbd49c3a0703b284abd7d644522e7e7ab

SHA512
7c02cedd5e32f0bd724b1cfc54f5bae12f06800547feae5b2a19349d1202d214e497e4ca44666269120ea6acb8ea0523c7bdbf3b43344710fc1985008bf0f0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
6d1bbf672fa4973e6aaee56557207346

SHA1
d5c1878bc86933141c526747c923e6fcc64e68f1

SHA256
6ddc0d43650c8ff9bab5fd179222131a5154343fa36bdb1156b30c923cbcdfe6

SHA512
ae040cf067c2166c02cd3e89e89a15fe9968d84315b4fbd944c8e2e9204b1893c53a66f3aef2cfa940b0f360a6a8543edaa5e153936baf4fc94189486cca052b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
258889967b1b772081a4671e30c783b5

SHA1
6448de0b7dd431669de7c2a16c4c76eae7167df6

SHA256
7acac18be7bd014c2071218d83373ac9323ac83680cd8f9a38c3ff26e7632591

SHA512
efd054ece64eb4486fed339a90b1001f597319ef14155caa7bb0c397a5e28a97a5613dc8b68ba7176f47dc37212a5feadcbf4768b0976c5adc32d708367a2f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582a38.TMP

Filesize
535B

MD5
321f871ad7c7ec3e3a98095aa816abaf

SHA1
eff632dee774fd931b87dc68b402bdeb13392293

SHA256
54d25c958fa9772fbb5e333646dc1969b10a1da9d496f723a8f9bab801416a09

SHA512
1a5e14b7643709b076b2321ba0a67f925bf71642b8f93476a94191bfe9f630836a8545332e6ad7da2383ded69d305814dfae419f3a7421d390f4b01dd23fa24b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ee19fedf-c65b-4195-9c76-801353017e08.tmp

Filesize
5KB

MD5
5593df685bb8b772f080e8a260dbc1b3

SHA1
47e6c6c9418df08b92595e74b8ae7bdc4a0745a7

SHA256
9fc8e8f863ee92d4ee879aa61977bca927751ead0a69a0d649e3a8876ea1bea6

SHA512
7742bbe3a7c84301aa84ae77f19601274d9670c2e91dcc513e6a7d324f0e23f851f7ee147848dbda82dd987e0e1c7f4cabfc9fb55b3e0ab72d502ddc81dedf3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c3cee90ce5b4de6d155b2e0d34d72ff4

SHA1
a1b65f82dea8bb38b99e9e78b9ffeb5a662ca632

SHA256
58c8b6010eaac0fb1b3e192d2c2166d481cdcc34d1ba1b0259488036d37964fc

SHA512
536dcf1ade36760a7793966188db7717d9767ead9325317b2b4a2ab63b53372e2039b15a67e7dcda4cd33774e40e81438ebefcbffcc3fc2826c33f8b25c7780a

Download Submit