f9753221feec9d106c5ad16120eb8bf9a6fcee1625d870373de7496cdccf4a4d

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a.htm
Size

1KB
MD5

752a1a8e638938f8e466e838b330f7b1
SHA1

5a66c6f7dc710496af18360253677a62a5bc260b
SHA256

f9753221feec9d106c5ad16120eb8bf9a6fcee1625d870373de7496cdccf4a4d
SHA512

e6f1333f3303b5c30e59e13baba529279fadb5a83b3984f0f83bffd69978146e062ab82a01e04fd7af2bed8a85aa6512acaebf24604c02a317ed8b633d736c43

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
636	msedge.exe
636	msedge.exe
5096	identity_helper.exe
5096	identity_helper.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe
636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 3572	636	msedge.exe	88
PID 636 wrote to memory of 3572	636	msedge.exe	88
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2804	636	msedge.exe	89
PID 636 wrote to memory of 2940	636	msedge.exe	90
PID 636 wrote to memory of 2940	636	msedge.exe	90
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91
PID 636 wrote to memory of 3992	636	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe713046f8,0x7ffe71304708,0x7ffe71304718
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13919680254848324908,10477501451308644531,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6511b1cd-289f-47f4-93bf-3c40f7d09a37.tmp

Filesize
6KB

MD5
1a712f81e97352bee304245ab9091a3c

SHA1
5fa48dacb5b71f2491dde8cbaa3c1f95bfdc38e0

SHA256
1258d8383ab797bf766a83e351d55134efd16f0e3038fc3b55ca4d3221547fee

SHA512
e8af90b441f695ee47ced1b36f6b0b96d08cf6c5461bb5d64822991aad0c6e7be8dec6c6f50cd9bd77df12cb6970344a25b2878d59e45010227357365d01eb9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
da14a2d5fa731ee1e1f33540961b6888

SHA1
80a6ceddebfd4dfd33f831b00c1c7c368fdd1759

SHA256
f1d7d5d26ea9153064d9ef550fdce8989983907434ce42dc93d50ae7ae2648fc

SHA512
6086f2bee9f27efb338a9f9c0018353fa31f995aaeaf3e61f53b471f9061ec238b2656cf102bd520bc0a60cd029b27fedab7e2d64df7495155a5ca62e9288058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
340B

MD5
c32f166681915b30f1b1d518bbdbba25

SHA1
aa5c4573ef1cb73c22c79d341eae6bb1384312e1

SHA256
2ec2a8444c50ccc54454d9216d6bc20259eded16f17bc789b8a12c7f1538fa61

SHA512
762a5d9776a4e7f08356eff9ca74ebfd2b3499438766c58fe9f9c85fa77a6159c81e96164590c608b71b7f694a93dadb844adf8ebd7eacbde1c44fd0b2383b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc7210c209570a76ef8a4403f5cd99b0

SHA1
470b3c1283370f4c9653ec3d5de9117702e58d12

SHA256
d5d8ff5c86ef099bb2cdd08f353d79c3a05f341a579cf3ee13e5fcbf7cd90228

SHA512
e3e4bad9a55ad2435459858b5e8326b043f5b7950d98d247c1e49dcd29fb8d57f61385e3971794e8a300e3ee753309acea32ce9ed55a799cece69cf386ee3af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
69e193834c5960e8ecc0064cadaf1353

SHA1
93c5e9c2ca5cc81a2ed6fb6e75fe76474939a579

SHA256
0827d2edd334711d2de20365c5981872f7f02933febc7fbc9a27719aaa7e74b4

SHA512
cb77a5c64743871fa436658f8764e238dc3b56c956fd70ecc71f89d26287da3ff926f8314e0e03cd31e282ee6038282133e07a457d870b5b84599feebd914a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
839b959c7981314856048e7b63f4547a

SHA1
8c3bedbf9e91edba895a34c6af6a292f0ea5daec

SHA256
40e9b41afb49f224eb4bf621fec0f498e5bf5b66900483ca50eadebd7a0d7652

SHA512
884da02f31f42beb47385289a18488a8b625d35438d5d7c8faa495fad06e83e8b9a3ebe43bb1a2848d7563b304b9054835334e7a87961ce5ab555eab5053eb59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
256a7741a0c9049819f227e647bbe9ad

SHA1
bb9275daba124d9e2581d5dbe04d9622d4aaadc8

SHA256
1fa52232754471896fbb4585a999f02ddec0e6fc361040a89766aaedbebe90ac

SHA512
56c06b76f150f2263aed28dd70fe773ec5212d4982bd48e0bf1f89405b2de9de842c436ac38a14207bb31b5873f57c8f7623a0214d3641e9284409fe7e6ef472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
9737d1c599cfa16df1b9a1b2040e896c

SHA1
53181d4ebb5c33f8f44ce48691adeb3248c20624

SHA256
c0fb54b0f6bf217edf91cf5f7118f9325d1fb2936fb306f1c55cd81bdb00ba6b

SHA512
9bb4144287ace2c1e41b34608596ae00c6efc4dc416d93707f952fdc56401cdc8328beb5352db02589d8e9a08fbd1a660a790f960c2776b10f0a2903c1d71f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f538936caaef078cec2b3f644bbc45c2

SHA1
1e363d2d5f46265ba3211128bf8b35d9765a3b0e

SHA256
78075b9beebb0290bf10f43753258a925c7d08cded8e8196d51bbfff3218671b

SHA512
c83b500b5a6b3254935d6c14ff0b0d949343ee02d2a2aa2cf655f749591ffabd0dbc9b41ccf7e704aaa2994e5073e87ff9237dee3c6ad032bb73afe2aa96127d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
d26e2901259c8faac7aee5460383a933

SHA1
ef80c3c4dd44cb5c4b0ef516056aeb4ad1d53b5b

SHA256
62f61b670ad58fefaf8f5348e94c55060d10a2f40e595301ae0ad5694e48e146

SHA512
546bff14750ecb17b3742917dded3b19824e138bfe3dce7a43864442c0d0e66a312f800e146be442de0c1f405164269916a55d9411a87669db758b57587f7f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
6943226ffe6ae258e898925541f78b6f

SHA1
abbf5044604bb84d9f569f0c558d4d7d7370dd16

SHA256
e9703e6a8db9b0898b45ab5621d44570427207af0cc09390f3cbb860713893dc

SHA512
640788153351dbb7184cffea20abb8cb76051eb1ea1e0a4057b8be2d3af36d1e023c984cc05841873aab906a50f5ae8a5a89eefee3892c5ff250501104809752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58143f.TMP

Filesize
538B

MD5
9f89e998461ee404c0d3f0788464c560

SHA1
c074145577fa6f02cec96738e7a5cb096bdd991b

SHA256
e6fbd0468483f6b4955ad2f9773cb8ce86ec600dc5cd63ff2a8b51ea983d7a72

SHA512
d23e16d177018519dd39412dba5cf7ea0a238f8f3aa46f83cedf21ccb434da536e89288b3873b5da5e4023ecce1e06d02a08dc9f126663744b0d26371841b8eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fec3c6052ff057ae7df1f202cd9886b6

SHA1
52e0142dd85e818469972ea4ecd6893968a71288

SHA256
72519c433063040f5ae73cb07cf1050382cd4d62d91df1ce63c88f2dd0e7032b

SHA512
8b2eab4fa8ddd2687bdbc2d3627b20913ac0f7bf387f3030ecf7ff9227706f0606e46819947460f55ab46f9318bc58df7c55fd042f7c4fd94f58a10524baa365

Download Submit