hxxps://www[.]facebook[.]com/profile[.]php?id=61564538594135

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.facebook.com/profile.php?id=61564538594135

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2488	msedge.exe
2488	msedge.exe
2188	msedge.exe
2188	msedge.exe
4668	identity_helper.exe
4668	identity_helper.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 4568	2188	msedge.exe	83
PID 2188 wrote to memory of 4568	2188	msedge.exe	83
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 4592	2188	msedge.exe	84
PID 2188 wrote to memory of 2488	2188	msedge.exe	85
PID 2188 wrote to memory of 2488	2188	msedge.exe	85
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86
PID 2188 wrote to memory of 3424	2188	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/profile.php?id=61564538594135
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc49f046f8,0x7ffc49f04708,0x7ffc49f04718
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,11060981863679130666,6968919510139145692,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
4c84b403cb31fb59eb284667127132e2

SHA1
2c415306c1fa281d05ea1861729eee6fbc4d935d

SHA256
79972c699db8686fa0cb7447eceb4142352a832f92fc64487ac98af53905cd98

SHA512
cb67e20eab20360f29146d23853994f075cd810801846f9353ea4cc1efe014d7484fb2b7715e0f079fb8d9cf29fcb2324ce68aca93280a7818d9a81a2c864526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
218aa57ca633cd15a1955b80a499e994

SHA1
1b1c1148b58ccd0b46bcbed005304904bd5d16b0

SHA256
1b62c34893b3f21ff6ced2fcbe27ea57e8f323947b3ba1c7b1b1b9d8dc85a786

SHA512
8a4bbd1ae180a017f5fba026963671cc4d3558807e806c7c3a5ed2003838621893113357af953bbe9093c0a11f396c370ef067befc26107bb6a5fee5fc6dac5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
347B

MD5
e0be6ee70bf36442e53b46e54180098a

SHA1
be8d39e3db0372eb71766dd831f1fd977ec53d1c

SHA256
0543b99925ea29a0e5216faa649a54d6bd2ea3b135e209345d9cfc9bf5c12086

SHA512
0b7a1cd1a070a0c8b54d2423a1e272246e2909d309b0185a35916b0573a05d40ada06f5890c16f98776d5afce6cf4fd6b21c978930ff7c4294785b59c6c6f699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f9ee34940eded64b308fbac4ad60102

SHA1
1c2e66f7fc4c3683c138b75afd4275afa39c2b7b

SHA256
823c11ecb554bf410a8bac83cd1fa021bd5fcb99e9b4d74a4fc66b5d538247c2

SHA512
b40024fbad7b01fb3d07187a7a5fc3d4a8a53de57db8e1c6bc637cb30cfcb9f41af5e2c6f1752be40f1c72b585e2c56f9002b816cc1350937f06298c8539bc4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78beb3f3fe46e0e24a7f5a36d5e34b5b

SHA1
8a1a9dd40e12343e5b3abf6aede1730f5bfbd304

SHA256
b59a56c5e6654ddc653a9a69dd5209bba3a19f11f08956ccc31d172f85719a29

SHA512
b9aa4c8693c60f45cf3944d3ba107ab52d848bb9e7ce2d000a25e8e7f3288ea15f0c7f21a23765f3eb66057bb04e7a53eafc2ef2d7cdae13796bd357a12be1ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
51d73236ee92ba707f557beaa9cc2a1e

SHA1
e689d6e1eccd4be27e3ba0a35438032eb2e5a195

SHA256
59707b048f920f5657f4eccb4ed04b73570d1f81c20658a67e9d86a8ca81069c

SHA512
6110c8f261c1ba507b2f47b16cfa224e3943ad081b1be5a0b4f052e3cf047768f0dbd97de54ef07f30dae1e69df756ddfc2673a70725848d0969e54b025ac73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
5eb79b61293e76ba39f2d7583e1096d5

SHA1
8695aafb19a537df7b39fb8399cab2c03e25d7c9

SHA256
d33927718a05dbe534c6e17f19388b71adb11943df4dc90f44c71062fa21f77a

SHA512
9485aa870cf71b534f0ab5e4f82c4f51d709926385bd83bb53370c1bd6b15f3cfd48cff5616843aecb61c5d77543308cd30e97fc4c31d5cf2705bf727e037cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
9c4f3727d1f61910fb08de50ee1d28e8

SHA1
ef7bb3b5a4ac27369771b80e447765f57125c140

SHA256
b35cb31b5f1a07348edf1dd2af53b0cab98eed21ae8abb53fad93e7fb4be4409

SHA512
04e0f17265ea3f1b430950fe7f8927c6a095fdc2559ad0c935dddfc8a23380963a209407e97bdcc2c6dec3170c9459fdb0f493c1eac4bf743387aa210a4bf2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
7066ea9a5d84cc7859860dbfa8dc2ddc

SHA1
e5266eb390f574a4a81c67ea4e1c48c8eda26496

SHA256
aebb2a48beee8e810ef87c6e50b12f62621846c57847d36a1c66c6f983cabeff

SHA512
66cb5c8056d91b9739c6f42e956bf8d3e89fabac5120cebf46f91666d671f8115acd16fc5cc2b13c7e789f62d047410d9635e5726445f9996bc3d4e739ae3793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
42a3076043eed62bbf1050462ba39ad7

SHA1
0a75633f02673175580b5a68b76ec0a2c8f2d0ff

SHA256
3277eaabed3565a01f335ce934c6d40de45ed792d576d7a68b55073ac54a02db

SHA512
ef46528b05898fc1047771a9f3a32120bc03b128d78ed16fe00bdd8c123a73adf76aab84cf4d429d3107679fd0190ec019596fee9959ab89d480b3215c629dcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea21.TMP

Filesize
371B

MD5
037ef6ea5e6e4b6987c9d757638244ec

SHA1
17e23b78d2cd9e12d49b232e54a65fea176f5943

SHA256
ca797937cb5ba725895aeef7be5b2b38ca71d6d0941776ac5dabb535aeb47b21

SHA512
8d55d0685c30085d1642810564e2b0564517e62fcd137a1c3f1e601569538c77166a5b88e1e8a0b03b79467001a0a5a98678b29d4ed434e61d318c4106082d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b651ff738e11ef40ae914e996fe23dd2

SHA1
b89c3c6dd05647c45b34a1740378a0b7b737af7e

SHA256
2c0c5a7bfbcf95b7cdb0594bf0be44beecb0b35ed0be9a350ddc6e77785c960d

SHA512
c916e47ac785e3c91080163b73e7573e76839758074ab686776a163353c5e30968e9bd0493ca1674c4f61ffa3cd0c5b6b997414c581c2c126749fe0a30bf9492

Download Submit