hxxps://www[.]hybrid-analysis[.]com/map

Analysis

max time kernel
314s
max time network
323s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.hybrid-analysis.com/map

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
1408	msedge.exe
1408	msedge.exe
4412	identity_helper.exe
4412	identity_helper.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe
1084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 1924	1408	msedge.exe	82
PID 1408 wrote to memory of 1924	1408	msedge.exe	82
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2656	1408	msedge.exe	83
PID 1408 wrote to memory of 2400	1408	msedge.exe	84
PID 1408 wrote to memory of 2400	1408	msedge.exe	84
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85
PID 1408 wrote to memory of 3772	1408	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hybrid-analysis.com/map
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed34f46f8,0x7ffed34f4708,0x7ffed34f4718
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15502521957600330652,16252075353252643721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
135140d9d6b072fac1dffb41e1b18a48

SHA1
1b1fa2d219e7a4bc90f401c36bf70ad7550c5dcd

SHA256
bbef622e0f73e4af039ffc825934e4d7ded60722ac10db6d6271c482b27e199d

SHA512
a6f327d21713c1d66a75409f5f6c1b57e72482ecb13290462eb15d0c521d44c88bb2e0970826fb256d6325b1a64a22cb7f5cd6cecf110f407040f3c19658a565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
191B

MD5
8e9788a644e235e1a76f40bc09a77667

SHA1
7d4d46972b3c3b4612bc8d04c52a3e11cc16dfdf

SHA256
98c6978ad381f77905100ff332f77b917d10d0afc8dd968be83a695ecf2ccf45

SHA512
a7584319177327b8a8b650be442697a2121328d56a0bf6a74b0751540dc80176d8d6bd2cbe380f89d345fe2e38e98dcb5195de480e106979ed19c94cf25269d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55db88be3f9e0445cc50d5a402ab15ad

SHA1
ce400bd5e26912162cd0ddf92e80f11e86a8921a

SHA256
71c6962b7b1f8b338e117c812754f840854eb683ec97ac6e411c91b59e112e3b

SHA512
df384c1fb5d6a77cb52e516f09a4cbe83b6eb773540a2e46bf4056adebddd4bea221969c9cb6281072dffb9ff54c90de63579df8f05b90af5abbc72574171710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c606b023650ff7c50010314912158cf

SHA1
fe1e1e3f9bc45eb3baad08c01a03982a581fa5ec

SHA256
1c3bbb04cd9599b9d1229da16aea6411fbbd2f1dd270ffe05e7653a7048fbcb6

SHA512
812c447f69137d6c0511fb6116ba1aea005d79e2a8778d8d944f16892adc9b02bfdb7e2694e51846ef3bae6ee606d86190cce6d3e69cec6900c7d1de4d34eab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
f27408c1079b65abe9080e58f0035db4

SHA1
57a133e1b2b86c745bb521bad4d70ec90aeb3332

SHA256
9da3f3b5d97da43d26265c5717ddb2c9341137f3cb08f94fb7daf12ace49f3eb

SHA512
a6d9031d735cccc2d9eb46d1e370eb3b24381cdd9a096b0a5187ea162310fbeaf19ad575866e2fe124ac38777da1ac48f1d5c49a878e62b9ba0954403a301851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
51e91ede5eac14f98838bb3ae4dd4fed

SHA1
5f0704e2ea0334764f1c44d250aaa6ea561b2528

SHA256
d5204fbe247f34b93e6e4216cff7536148a8eb77dd8062c7d09a2baaa91ba9a7

SHA512
67121659417b8ca7283579c5bce1903dae3775f9b90a3ce4a732adcad055b8013a8ba80b5a96756614a4bb220b6da1633879042b137f717e278521ba04e0b47f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
c10fd48bac30f08cf3d3e44b7208fa4c

SHA1
31c11bade216e66264c2bb0f7ca2eb3f6ba0b649

SHA256
93995eb7532583cebc7e477882e87e5fbd33d5096290bccb3258916d98d5505d

SHA512
894741f6b41249d9d6be6827f8678407c38d8d0115665c3a91eb4dd5f6def1fe802a96eb77a50ef41ba2b1e4b904d0c6cff08e50dc3fcb2db5c8a06d134e35ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
f03f00a23d6705c03e889e9a05d79bcc

SHA1
4ec0d8440a070b4786c7cbb2ef92121347a803d9

SHA256
08444b0754cbf5c1d4d218d1428b26ff482299110b2c1ae59c44fcfb4e2db683

SHA512
5b90eea5a782c193bd589fef1101dd18d79354c3fa93867f296ab7887f1834c0868c22cad87a7a8c60da84422c27bcdaf824203c7d6401ab798d4210863a0856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
ca3673497e4884e65a2bf02d8667a3bb

SHA1
faa105a03ae124e24dcab561373d73f063b5fc97

SHA256
66ba07c2b419494452771f647326c1c5072df83d7992a2b24d448872533e6ae5

SHA512
50125118254dab667fd6d261684549a5b90ddb37184d9c7087938107b48f5380c1df7ca5bafc40e936baa345386487e9ecf86c0712687a08ee1dd5b0c6ff1861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
199c29d9c32501a1a2768081ac78a4d0

SHA1
daf24c5a7e80bf623950b2d9548508aa4e109bc0

SHA256
0619c7d095f6c6073a39133a8a8a5bdd4a8a190c6d0177a854eb50ca44bc7cad

SHA512
2b81de08fb0ffe13d95d4bccaa0c141fa890596275dd6a0aecf1c1997cbb0491cb0e8fd8c46961c8888c4e7f212e604ef04165abd68ced63238f09e67acd4dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d6e7.TMP

Filesize
704B

MD5
00dbda4032178735b81738805720b54e

SHA1
dec45b15f38feec019953019c3f0a67b0e33b823

SHA256
fbb3c798f3d648155377bf99b8828bcc4bd24762f8460a5343d88b092e4a63fa

SHA512
18c30e604609f379a89c9e7513efb76650258c350301a8a549d0ff12a6d803a7d17ebdb6811e8a0ab59f5a3075c065d6cf2ecafa0d3d0b5f715d73c8babec880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d248534fb9cce04de7a5b771da17ed43

SHA1
c6c71cf46046348e361969d816a1ead4910ea89c

SHA256
109ec6a4e9c47d288f0bedd42db7b1e93837262fbc992b6409b18a33989b94c5

SHA512
449df472d10064190cbea98795c6a954ccf5c7749810811972b2fddd395c867a3953b2c9298744f643a066a8a5f933ec392316f96c477ee55fe74cb591fa7ffb

Download Submit