hxxps://objective-see[.]com/blog/blog_0x5F[.]html

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://objective-see.com/blog/blog_0x5F.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
1136	msedge.exe
1136	msedge.exe
332	identity_helper.exe
332	identity_helper.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 1516	1136	msedge.exe	84
PID 1136 wrote to memory of 1516	1136	msedge.exe	84
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 3580	1136	msedge.exe	85
PID 1136 wrote to memory of 2216	1136	msedge.exe	87
PID 1136 wrote to memory of 2216	1136	msedge.exe	87
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88
PID 1136 wrote to memory of 3996	1136	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://objective-see.com/blog/blog_0x5F.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6faf46f8,0x7ffc6faf4708,0x7ffc6faf4718
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7556245265375118087,15145274707225101144,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f38951143ede15b2f00d3352e458d47

SHA1
1130065985230474657d5f744e99312f22c69485

SHA256
3a559763ad1634ef40108700025a909cc76ca8c66d6c77f41a07e2ced4c9ff65

SHA512
5376e21235d1b828a0d04e35d26154a1e52db3fe02690fa272ba982da55b88bb0ab7473e6b2031fe8d19798abefec072e22542132b175912b31279cda6f15f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b533661b945a612876de1e58ce73d065

SHA1
d93286945efeb7f33b49f8e594cdb264884c827e

SHA256
e5480b47432d7b0ca972afe477fac49f5fc1e8e82aaeab6401de99045949bd65

SHA512
672bc0f694e763a8597eebcce7728716a09515ad17854fae58d1f8df8aefca152eaabfd637bbaf8acae8e7936309809525a9f058a990148964a58c831d96dc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
cf0fa6f0ffa803ca2abb7b6f13ebf31e

SHA1
e0e7d94510095c8e807ca3dafdf819906c2eabfb

SHA256
a7ac63f3fd11f30a39d8bc2efc386bade5968d39f1b6ff5ad67312f1fc5c1f0c

SHA512
885c35d5cd45ccbe99dcb47d6bb25201d87cca9740e225c679e5b12c5b99f81d99351a5791f105227a743f8c36b908c36e5b0912d0a5a91c183a03fdebbca95d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2a83dcda7975f5f02c785cf06e7e4f49

SHA1
8fa749208175c31ca31e6654eeb2b3441c7d5e7b

SHA256
c5042fccb69b2ff0090612fa907534aa406cece3b531e738eeebb207e6930cfb

SHA512
2486b75337796f96958ce1b7127ece74941f2e204d72158b37bfce7cbd13baf6ad9357630664d3f8333ed4f0c2531f9b153d1798af7c7547f72839dead32cf18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
392d01f1765b44f3b6d3d29a3004273b

SHA1
0b1169d7c2d5612d06a7664937aefbec7cf45464

SHA256
a636ef8ba725b9c81f70af8df1bac3bced10ba6e64ff444d0a1975542a64a5cb

SHA512
043b9b2d88c0bfa3c84f364b832ff79c30b8c6616fe840d70a81b5c19bc32ec69fe0ecb77eb3657b3b92a066263238f6b58c987291ef7e55a858fb805a343633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4fcc5627086e58b690cc52aae81fccc

SHA1
8f75e8909f71621ff47af133a1ef95f682026ef8

SHA256
ba8d2c094433dcb1b6ee9f7ae927f3eef93a8b51c3e74664c5fdc6ff27ddfec2

SHA512
0ef19eb78974420a9a2334aac6af487d241c4e79eeabebcba774be1fd5f793d24fa896dc20d9c49059089c6e7a5d176504a8cd0bd064ce0a6ef1f0b9654f4ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
efcf2feae55fcd5955b1c0fa2d31bb60

SHA1
f9782fb220eb31bba8c3b8d8701ab8d5cf0bf284

SHA256
4c7b19ba328ee998b0233bb64caf3c21849983f8c7001fa1f4b6ea3990b77daa

SHA512
0b8568d613d80dc3ff968c47b795d02d52e66d733d356734db6ed1a9378b709533d3f1edfa040ec43a44e6dc05a6c848fa1c4d88e1514dc982aa0dd589176806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b5f25716f23fe4dc46cbe140fc5d0bb

SHA1
f769bef28cb6cbe1a57b5a2885dfd5c8054d5e17

SHA256
260e721d64270ccdc0190105493aaaa560f0b10cab3b6b033a2d4f4377a092fb

SHA512
25a2646a0ac1c9acee09dc206879cdbea3b5122fb86788ecd02a79fe0dc771023bf287676223814198e73e295834e9fe65295e92febb6477cf8292cf9a8db6aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
eba8517f3652641367e901d3a54f7581

SHA1
fea9f4fd8d38fa53f21cebbc148d48fb07fe13c6

SHA256
2d7c268095e786a3e6c729a4503a10709df851a8899197637e6d42aa11fce388

SHA512
da857ea24ab0a1f4e1eae0a23c1b50e86c5e4c5781f9cff94eaa20127671ed5b1ed681c9b626366f155ec89e767ca11554a77f0f4c3a42c44cf821654b483517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92635a52f320955c3fbadd5d9bb4eb5c

SHA1
f18ec2ded935d26f4a43a871d5de9f742bf09dbc

SHA256
cf2261e49c14c41672ab1c2ea54147ab69424e3d780b771e5da65c66441118e9

SHA512
fb6a80ee722d86d8a15c9158503fdcb095831c9d75f7995b3cc5840fcc4d8387ea022c4e03cbbc7ac6d36a38460ad884c641607f6e858d6c68381b32dd93d16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a3866aaa92b3adc07904be688ed923e1

SHA1
cf3f1702b721364306facdc87f19df9a3478d6d6

SHA256
7d48b75d19db0377a0bbc2919ceec0bd58c919c2ca8726a67d914c5898daadd9

SHA512
0eb9e6084aee2c54670806cb80aa74e52983d1fca4edc589af6709cf982da299bfe9bda4a4805e24328310c243107b468888a7c74f457385aa01ca46d324aed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58eaa9.TMP

Filesize
1KB

MD5
6ecb0f7d9170dc8d1af620708faccc11

SHA1
295980e9e6650a7c3725025186a2366da0c02fad

SHA256
7e2c47d6c500a4510b6bdce6162ae0076ff69336da182ea871e46bf002d6d41b

SHA512
7a56516bb87455cb986320f056de6a972c1c4a9226acd5f315593d732bae8bc5569239912014254dd9e7dc4bf7daa6e500ec737c3346a3b5c111167631d30e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21627270a59810259588db17aea9aa37

SHA1
e87b4382c1629f3c6182439f4dbebf1f44f566d6

SHA256
df0d648109e3fc07e25b400937fc2a379bebf11a3f446e5f1e8381f3cdd8e894

SHA512
b3a5b17f5dd32a5547b2b0f7fe7e443251d03bd741a42d42e0de08557ed9d75258b0b09a5d3883f15c68d0b234f3890c55bf107f66fcded958426b2a1820c1a7

Download Submit