hxxps://t[.]ly/zzDZy

Analysis

max time kernel
174s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.ly/zzDZy

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
55	discord.com
56	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
48	api.ipify.org
46	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
3388	msedge.exe
3388	msedge.exe
3916	identity_helper.exe
3916	identity_helper.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3388 wrote to memory of 2984	3388	msedge.exe	84
PID 3388 wrote to memory of 2984	3388	msedge.exe	84
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 3260	3388	msedge.exe	85
PID 3388 wrote to memory of 4004	3388	msedge.exe	86
PID 3388 wrote to memory of 4004	3388	msedge.exe	86
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87
PID 3388 wrote to memory of 1260	3388	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.ly/zzDZy
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff83db846f8,0x7ff83db84708,0x7ff83db84718
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3245903653187861761,16060595111598473966,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9fe91e24dcdf239fe7decee433057a97

SHA1
c185faa01a14acf9df1ea9e7d794eb4104198954

SHA256
e6ca7dd5adbcff2fd64638a15a21939d77ee56cc47e342cf0f296e7a18373dd3

SHA512
fabe7c7e70899f16b3f3d854bbcc9d0e147457464c903f46af88886f00f925a691939b454c192045bb4381cea83bdea41a79647e55f12c39256f1ed7b40fc035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b8358984e21bea9574f0a9fff3e43b36

SHA1
77dd3794aaff5c612df7d1fa52f413243ed73c46

SHA256
e9cecad84a85c0a98dc0c5990776c5345623dcffe3ca28714034ccf9ad80a7c8

SHA512
dea7ce7353b50f923b43c8dba550dbdc56cdaa0e68891cff83a1cbe5cf847fcee163f735d126d32c2b4725ec24285faec020c6aefb4e38d938c2acd1b96ff3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
982B

MD5
e221138d35582900af49738caff36110

SHA1
d75ae1caa2e84a59139367564581d214109ef914

SHA256
e40195fff64a7382e4abbb89f8c16c08bd37a49b88b2565fec117e6ae8de2c36

SHA512
49e545e66485c5fcbd8b91d7ece0818767d617170366f6931fd859cbb17a55916ab0b5f5a707fa4a7faab3bd8b07c36e0f2f3566e4973340503d29e53e3a4315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1013B

MD5
5b505de3a98e99880ca6fabdc0a77942

SHA1
bc61e69dd93537d61d13ccff2a44aedde57bcf08

SHA256
76ef35d664f969675ac836c9ee85d1a8c8000e00f64e148a20669d5d764353b9

SHA512
da3bc3829be795f574caa9367d347e6ff44274a0f84ae10c07cc4da2776fac72ab80c51f3d2d9540c903d8b3851d9b1daf01772aee58f0bbabbef84ccbe65232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65dcec87ab6076e31834aff641068c16

SHA1
97ba242c570537bbe3ca1f2ff5ca39cca769b9f6

SHA256
fa3c55a190c6dd3841e13bb83da283789eab56412543720211caf4fd21a73475

SHA512
6791f446f2be50c8c7f0be2c3f0e668da9123a32ae3565c168c3b088569929ec36283e92d2b5efa00dd8a03940a773e492136b8aefe09550e16612d4df298d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84ec49d5d907de436f81559e5802350e

SHA1
3b52fed6972a10b5142af89ed7abaeed2a88db40

SHA256
215dcb9633fe06a348e55455352a18b519a3743f4882095f8c909ddfb14e4991

SHA512
75f8e6d527f167bc7176989e9f2ea3a378a9a119029739b90ce4bd48313155b73c172719b7e2df703f139c619a9a5dd4a9d0d1f962b32ce04babd99db2cec1fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9cdcda9bbf2ae782936480deb4b0ddde

SHA1
acc1ea1b9bfe98144d58fc03cd28eda1d7b91bfb

SHA256
1476989a8688454724b3ab096683219fc5c398ca2aa43a0e9c49337f91276725

SHA512
0f9afc84a2d62273e2cb6d676a22c4225a395807ab452bfed987cbd43fa63df1fd8d5932404640b3ba7e20ac73e5f7ac2e8c44e0f55edf288781b9cf2abeacc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17dad8f4ed240682f1ae7b964fcc03d8

SHA1
b3ee237ce9871ed9b0b558145c66c21888591567

SHA256
0f579823b8e9a67c136c2b3385dbf4e25a577f8504d3c03bad2fa8cfa0c02bfc

SHA512
026c7487cdb06c1ea32517604d108a2c9166d04397b750976a96950f71e5d6ef029592d9668f80f8e62d3242114d94b0e70ff6738370d37d8025ceb64cb93747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29ead54ae1331dd65e2576139f3153c4

SHA1
b97ef37e84d0a5a2b418571d4aff2fc693b6f368

SHA256
b0ff3981e3101651a1cd5cbca45e6dae3b79570316d18138901f46353e187633

SHA512
bef90b85d1b37f08d84ae761d542a26948238953545d4dd3ea43e6a08d7a5458996b6cc8aca321118f9c88c9a8020b055d61c88582fce7c65fec5fa476742098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587105.TMP

Filesize
1KB

MD5
dbb071e04aba64e916a83e5b2021b67a

SHA1
6e96cc98e0877a308f6eb9df480235680459fa46

SHA256
e44e54f287868f74a3d40d252b6fcc999b2e0c52e43e2b7510e00040e4dea0b2

SHA512
84aac72b5d333d1b462b94f227cfa5006f5154f03c44bcbbe380a25608c5c62093871d69ea443d567b630a300c599720b04530382fbf44426becf4af163d1eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2cc31c7a87224a40e9f7cc088acda255

SHA1
69785d0f717166a93f35e0c0be68c26789ceaabf

SHA256
f0a47a8d1d408cabdf1c275aa944fd5d7a83af9d8b46a3c709f6467aea8f70c5

SHA512
36608051c4b458ca88f3cfab3dc76210e2e920a615687d4c533123d71eb373edaab98011972a9134f48c60b1f432c3aae723f6cb675d833879f6cb0be46293ba

Download Submit