647196f385dc141e753f8608b2352b045b12dc40b2db9bb3998cc88d4512cde0

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 07:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VirusTotal.url
Size

200B
MD5

2db202345a67825e86c3f13db9dab74e
SHA1

f09b3b4b70c3290f6a1cbb23e87fb5a0cb6027af
SHA256

2465d801e388468ae7c1bac9deafb0d87ae87d9e1ba9993d46987d332763b243
SHA512

7572d25d26ab6d85d0249b410e5d37d6999246d0d8a2589f876c8d485f931f9aa25c64648631d66a51aa3fb18cb3c22a91b789b32badf0d4e75cb917204863ff

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3656	msedge.exe
3656	msedge.exe
3628	msedge.exe
3628	msedge.exe
3828	identity_helper.exe
3828	identity_helper.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 3628	5052	rundll32.exe	85
PID 5052 wrote to memory of 3628	5052	rundll32.exe	85
PID 3628 wrote to memory of 3288	3628	msedge.exe	87
PID 3628 wrote to memory of 3288	3628	msedge.exe	87
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 4436	3628	msedge.exe	88
PID 3628 wrote to memory of 3656	3628	msedge.exe	89
PID 3628 wrote to memory of 3656	3628	msedge.exe	89
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90
PID 3628 wrote to memory of 1396	3628	msedge.exe	90

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\VirusTotal.url
1⤵
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.virustotal.com/gui/file/6b0d77c906e501fcbb2c61180e2cd08677bcbd4dd2781874bef819185dee953a/detection
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd49946f8,0x7ffcd4994708,0x7ffcd4994718
    3⤵
    PID:3288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:1396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:4044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:4508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
    3⤵
    PID:1212
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
    3⤵
    PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
    3⤵
    PID:3440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
    3⤵
    PID:2044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
    3⤵
    PID:1496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2376251059126533557,10446151468863679984,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f006f3c0d85818c2a7fb3fcdfb9323a8

SHA1
7e916c373cdf071a399fd761ec1f77fc462fc2e0

SHA256
b27604b5080a257af1c9929435b58e68af2c5c7e7934cf8b11828b2a0a0ddd66

SHA512
72825c452380c29eea0ba2479e07ae3c3eec911d1b933585ec4d41b463aa43f3297ed56958c8f5acd6ba798b26528d6917a8b28a0b58d3be6e3830ff9704a3b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c917965602f2cc27c26022b158463065

SHA1
d66920832c27316c04fab9271bf0ff299a17ae66

SHA256
85951f8306a31d3ad7a46a222d33afbce2f13093bf217744e398915fafbcba36

SHA512
8cead9c7741b69a619f2fe5314f9b434d32f881cbddb6f8d5d9a5e376fe6515a110623af438c4fb1e1118937f904dee3bc665f00b438ca5c383a74ba2b3feace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5ee149418bd1678bf716f58547fd2924

SHA1
98a84aa60a85d55cbec6c159cd9ad0caa42619ec

SHA256
dda06b8ef61d9b95c041a127bdadbe08211096111f8f58f73b2f7e3637cc8e36

SHA512
d94eeab1bcc6ab45ee1585a7e718c8dc38cebd144194e274f56ee592f757febd3a241c7081b6a9ecdd7d84ce1e189b739732560580ce7b37e92f831c045956ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e256c3defe94f532fcb250f1a8a126d

SHA1
baf94a7486a05adabfa0281eda65d5237ca3d0b9

SHA256
3d7c03eac7131b4b9f2a02c0a239e8fb345a4f03482a8f74f57c7308df95cb99

SHA512
e8e857230e5e1a055161059ea08d2f2aed7e57d7204bd98da7813c94185b4c689578a977a01389080fbf8a1834302a92ced621d17adf73708db95540a3934fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
828c259deadf09fcda0dd483c8d74d2e

SHA1
0fd74b164095244b4e5a00b4c4a888e26c79a25b

SHA256
6af183d3aa16e8c8b85088862fa8061fc29929a922dc744aec624b2c25f1c5e4

SHA512
aab7dc7e3acb2f3fb40a638582323966c57e65440d8855e7408ddf9ca4772f1870179fecc87c4079c58ce6692e2d77465d6c5efc7c689fec64333f5186d6cd4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
266d97b5d457f33eaeed367087bf6614

SHA1
d9a23c446762ec811057baa6a9752df160c796ba

SHA256
1f275637c5271dcd0afdfe744857ade5356cdd7bcb8fbce55838a0df931070b0

SHA512
857925fba440f012fd6c5101265ef17d8934074be4bc250e922389042d22bfc5b91582ac7f828c6cc9970004cd3761721241f0abf34caa6f3fe388bf54636340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583081.TMP

Filesize
48B

MD5
127250501a90f9af4b69e6799cb95343

SHA1
cc1aa856b4d220327347e22384db02b3d89d2f3c

SHA256
dc9e2737e9346cc29b5a096688f6053edba469e5c8b3de5ba8e98e4df120b4fe

SHA512
fc13667882bfda8640915d634205cbc5f5ef597969b095e015d6fe19c6890904da920b01591774e4c929e3141bb96c6a041e06f0ef9a52adb4be5a2fbfa523a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
1fa1be2c499bd939f47d4357bd51c4e6

SHA1
f8f5e6d8a98b2b49d1d4be8055430edb154a2d1a

SHA256
d66e82d81d6e50ec71cc892670c397c05bc47c9e336aee7889a1be326076d837

SHA512
c971d22cf5b1e938bd0041421284fd9bbd2170e92669d2ce399681c61d63979b15bb3de117c22c51e389456b1d6dcbafa9da2c93568856c51e24f27c1192d2f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580904.TMP

Filesize
370B

MD5
ae3c13a3d949b73e4f587fabe1b742bd

SHA1
e731d2cd04a918d3bc6363d13a4175ecbe18c7a8

SHA256
7966edb2b1d42bd491d486a0f11cb55d38cc73343fd15b22bb7939dae20cc8c5

SHA512
5ad318f6d32dff8c76bcb4f78f5e6511cbb122a29471dcfec2432a00396451a3cfa7aa3d6e575e5da01482f5875e1a1690bb1ae89848b0fc1b2d3edf3df7ccb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ea40b175d18735e813f23cc831748340

SHA1
37df1636f6efe006eca7f44de7c8ee81cf560a37

SHA256
8d648c4880256271c1092b4987a9a741fc1e6308f266df33c3307f085b302f46

SHA512
a999fb5b47f9369965a9a6842491580f32d82d340f41e4dd6f2f2ec90fc05356be46e2c08a7d66bb1a18e5a4c26b202a89c8fc048b312378b20e21af2855ef5f

Download Submit