hxxps://archive[.]org/details/youare_202403

Analysis

max time kernel
1680s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 19:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://archive.org/details/youare_202403

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
2740	msedge.exe
2740	msedge.exe
1804	identity_helper.exe
1804	identity_helper.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 4352	2740	msedge.exe	85
PID 2740 wrote to memory of 4352	2740	msedge.exe	85
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 3544	2740	msedge.exe	86
PID 2740 wrote to memory of 4412	2740	msedge.exe	87
PID 2740 wrote to memory of 4412	2740	msedge.exe	87
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88
PID 2740 wrote to memory of 3260	2740	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/youare_202403
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfbb046f8,0x7ffdfbb04708,0x7ffdfbb04718
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,803816469345898516,6257837970185984942,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x2f8
1⤵
PID:800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
602395da1f4828f834846867ca0f5751

SHA1
4810ad80a5b96f7f61dd4d808a1c499bf448fe49

SHA256
0a0d8e42df7b83177a84f6db89cbda6830a0de7b396a25939e0e6e20730363a4

SHA512
8bd887835a53754d854e3c9b238b30717d908c5867a4c724a73f5f7a00f5303dd2b265b27ac1d329536d4b59b8b1c7023aa1b535e0c52d0982848173c897ec49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
333B

MD5
bb0dc3de7112b02d4dcaafdd860619c4

SHA1
6365e6bd2488b2ff7080b2fff4e2d86054eee225

SHA256
57f3b8957c1f2a31dc27c944b3440bb7b4fedda38397a980dadeda3febffecbc

SHA512
d1844d1111df11bd63e8f4baf6c9a18fcd909b5d0feb23e44f5a05c2a4723cfcf06afd9eead0b4e7a67a338d5375969bb081ae50d9292ed4abc57cd9dedc6505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73e49cfe6978e30927a3abd6304d9eae

SHA1
90a6fea708c02a8d5577e92ba7c27fb5f256086b

SHA256
7b558bd30e49d3e4bdc62a52c2a9dd104890b39acc45efcb6da92d383633507e

SHA512
666ca8d3822525788e221a7ae7c0fde8d8eed2dfe89cc1477c34760d0797951a066fd8923e395a088bd940fe25f37dcf0cc4ed184fcc191ba0c5e9c2db853003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e369d8222f4609a7ea65c5e7eb9fa5ff

SHA1
4bdb1c4f7b8e8dfa12e890e96fd2d34c9ba41632

SHA256
3aaded4c5b9e566db5034986511a9c06c3394eab57c0cadd65ca8e78ea97788d

SHA512
7df8cac8cbb0496ce660a0a6887b89ee15395bb54ee8bcc1792f64a886d17eafe6c98a415730d9b20c3c364abe85df95b53124cab7046c98765ee06e2b9f15d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f44e15993d80c599a92b2c1758ddd42

SHA1
68751ebafd2efdd88371507a7a7ea62439787860

SHA256
5c41a14286be2302f647a6c509e26751946d28262f9085c6846ba580d29bfce5

SHA512
ac1c54c89374f1f12eab5f002360c251ea4e6ed8ebd4d1a0a6562a9928c3b6af7be61963d022a631862250eeb26dd1af46f75f693ddae015996ea4d2ef85a6f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5bdffcec79f6e3772a922d848c90957f

SHA1
cc3579e75a3e625d565143b7622ef39b3ee7440c

SHA256
12e1d22fd29947fe4e548e03dd20cba42d7edae207866a7aa2e5181adc2945d6

SHA512
b387ab2577d11e6f2966c63bd44db5ce289c3413943af31c74904015eb69faa3fe8517cf349cce9079c09132068bf9221157cde9d1ecaec80ff97ccc245daf7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
2036e57a78b9c99cbde6ef227235cc69

SHA1
83a4b34eb787b95beddad9c869fdff99f5a9f7e3

SHA256
c273e06b45933415119287b732e7b35637bffe6e9ed2e70b764c856c306336c1

SHA512
25293c16abdb0e049f39490a67425c5e312a9e07ef0799508d8cc6a7068d8b1768e976676873bfbd93f90e72ea5ad30df258cd1136d8a22a5e2396794618d1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
35d7207ee9eec8d68b3305a8f5b13a47

SHA1
8322fa14c18f93c90b7f08657423dd96ea2eb17b

SHA256
77f545791b8b9782dc2e0ef22dca8e976863a562da54cba4b2bba38d837a0966

SHA512
cbd11e93ca561c79371535f128dbfb55bc393bd1152d131b56bf8cafa40721650c624dd6c23a7d08f15d1617ced63630cc3f28fba4ac68533678b74181fa0cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58124b.TMP

Filesize
204B

MD5
6b75c6e6a7f165710fcf8debc70de691

SHA1
745095c2df527a87737822802c320014c332e7cc

SHA256
5f42c10d68726cb04b7d30231d2fdeac6fa4a687d1bc54c76cbf2f92d92b53b4

SHA512
66200a44ce43c67f87ccc78fc29294617c42cc79b4a41175dd4ef1e82bf8aebc1f3ae70c34919740180a9959bc2b5cb8dcf3820144fce7281c5780a0d830292e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
992810d91745423a0236c8bbf3715863

SHA1
948d7eab3332cf6c590b94b3009ec5b79f3aaa10

SHA256
1dbf4688ae71129be5908f1b58b81548cd1a3ce8656fe70c7f0c4d1e0213c0c6

SHA512
b032a9a2687fee45454af82bc853db408b911b72aa7bd2a3755198c5a80166388a7ecc00961eb27aa292e6c5db57a327e6047f02379dde2a78f5579cf360ed03

Download Submit