hxxp://borclaiys[.]com

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://borclaiys.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
440	msedge.exe
440	msedge.exe
3136	identity_helper.exe
3136	identity_helper.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 3912	440	msedge.exe	82
PID 440 wrote to memory of 3912	440	msedge.exe	82
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 2856	440	msedge.exe	83
PID 440 wrote to memory of 3264	440	msedge.exe	84
PID 440 wrote to memory of 3264	440	msedge.exe	84
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85
PID 440 wrote to memory of 4296	440	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://borclaiys.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6c7d46f8,0x7ffc6c7d4708,0x7ffc6c7d4718
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17822121199802167246,16359012842262557577,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
454a76a964747f8053f24dba9f3bd80c

SHA1
d714d3aabf9986d3faa62ea68766e7a0909fd6cb

SHA256
4f726b6d98ac55d1eab095142ada8944677ef1b8e255b0fa5fee15b1451d707a

SHA512
008c68464ba5b70b7b40025c200cd800f5d2a59d744718226de8eec7a385b335752538204935d11b691c5b2cc42e30ba9979cfb57e8aaf800347cdcb06a51226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7081be403c50502f66fee8bc3b65d030

SHA1
c5dd2d3a201a35f56b36955beb61dbb794715eb4

SHA256
dff98b6fab005086a8338056dfc135b15e4a2ca588c66e9110ea9065b0d829e2

SHA512
f1d20710defc96cf5ec51c2b2621e580cfe2046a13aba114e0fef299377b843e4a0223d4dfdba8c76a6b6b275e3851d21c9c708fd237f966a8efd6b1b7edcbed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c0fd564c0d763b03575d15718c2e47fd

SHA1
3c9e7b2b23ebb8cfbc18f736ce01c51ec3948f65

SHA256
e9f9e8c9b29411674864b29808326bdaa15b6a8f0ecb2cf39c4b883464be34c1

SHA512
f6e1e72846109d502a8c33593e9b2018b75d3d70595204b6760404e7724b3a08aff5f09f3946bcdf4da0e6ff60b83c027539599d610abd35d4870587a3fbfe1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34c1e836b393b814bcdd2e8a1c778b6f

SHA1
a810aa09f6f4d376d8a799dee09a660d130e896b

SHA256
524cf06668af3c2f07bfe813108d51f26b6b8833aa95cf65285f2a016c0b39e2

SHA512
156d272c90ef805c839ff4bf9d8f798175cdfdb382e85d422eb61e97dc78682413f6e97595f84623e634e4c5b9206df6c7744263d7932a06127310aa47dea048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
539f67348f8476fb685311ef8d27130e

SHA1
2639b73737db375911670b60b0f90be1ac47c1da

SHA256
0a913a78be0562242725291e94d21baaf556457a7f6f1409a3263bfeed55c730

SHA512
df7a2e536d92044989b3a42e405387f1b677bdbc915e1a79d3ec6c3146fe982c5348dbe022fe7366c836ad694d53f3f75b0d23ee102c50269b2cc2a1ab4d1846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
091b99149bca12e3270a1ddb5d56fad1

SHA1
f970e399eef0700b4cbe79aece9a6116edc76936

SHA256
58ef407f54f6d57605ccdc279a541eb4d9354e9a7857fca52dee288c984a617f

SHA512
f28c5041bbcc6db125f16b7c62a9214c596a200b20dee3accafcdd3722cac5844f97b015ce51e47205d1a9a61e14b03b83470199f26a56303104dd30f785490d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e40394b333b72de0b4935d77495fcd24

SHA1
ec3927cc278132ef9887f7cd1f52d036522a4d4f

SHA256
d392a9fce4aeb20900addd0735de8a63574f74058f151887d97e352362770ffb

SHA512
45bd0e0021cfd8ecc01c34036898736d95879ccc51863e48518eadae3d8e03277d399d7681b9dad4e8a87dc242f99268f4c1d508eedb304e4aa4b4d507588e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5816cf.TMP

Filesize
204B

MD5
b15d5b2d7f4d6110d5bb67ca8223ecdc

SHA1
0834c1f5b3b8f9859b5d42ffc13389adec7fc9d1

SHA256
4c1643cecb6cd0a281cdbcc0d2c9d1b581aecff176fed0a198935143c9cb12ca

SHA512
f0a502a32e38d2925d61b500e089b17fd3055681fd0fbaf249df29ef4e72b0e8a2c5959d1792ee0fd56c6388cd1fad338759fb51b3a333ec6509e4f79afa5483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
900a77d4276aeff7f94c8c54e9387095

SHA1
43dbb6f4453381ec35f2f6e3ba8d2711e9f4bb3b

SHA256
dc8e5030dab75af7a3adee15a6522045067fb3e9a9b0c86d1f3c3e5af51dd6d4

SHA512
8c7ffaebb578e8a9d060c58d02fb727c00a1fcaf39c519191e781cbd7d7f8004d6102373bad3aa6907cc59bddfc2f03fb2182013997c279c8ca0738e70ec349a

Download Submit