hxxps://816b462f[.]5880c482d0a3061180a519e9[.]workers[.]dev/?qrc=abc@test[.]com

Resubmissions

18/10/2024, 08:45

241018-knxmvazgjp 8

18/10/2024, 08:37

18/10/2024, 08:36

18/10/2024, 07:54

18/10/2024, 07:44

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18/10/2024, 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://816b462f.5880c482d0a3061180a519e9.workers.dev/[email protected]

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5064	msedge.exe
5064	msedge.exe
2452	msedge.exe
2452	msedge.exe
2108	identity_helper.exe
2108	identity_helper.exe
4136	msedge.exe
4136	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 4988	2452	msedge.exe	79
PID 2452 wrote to memory of 4988	2452	msedge.exe	79
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 3364	2452	msedge.exe	82
PID 2452 wrote to memory of 5064	2452	msedge.exe	83
PID 2452 wrote to memory of 5064	2452	msedge.exe	83
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84
PID 2452 wrote to memory of 1724	2452	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://816b462f.5880c482d0a3061180a519e9.workers.dev/[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe98123cb8,0x7ffe98123cc8,0x7ffe98123cd8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,17782730893059656666,153109549459047538,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5264 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
d208d7b2a7e823e69ac503f3776bc24e

SHA1
a00edb1e539f6d48f6dd9f46086b4360f6690a9c

SHA256
1ca10f84a239f30427ea52d5d16fd78ce34bf2f54f1d8f4a0e572fe2d24b8c45

SHA512
3798553e5933909f73aad1c749c96fb73a6a14f8868fc624fa9de3833235935d7eea4f5df7ce1e5d43036346fafd67e5105e038866cec15a53e884070cbb4ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fb72721fb03346df97cedca66e903af9

SHA1
608259919023655959a49b83bbc112132da37d3c

SHA256
3bb4314cee3a53259adc922c3ea5c21cc8909111c8b22847f38fedb4f52aaf8a

SHA512
ae90201c512ae814de15a17f39d4dff14b139c76d45874e841f2d49860124f33e26f5bf1d6dbf6a3d1f93ace4a481e4b8c6bda9ad81226b0d5c40288d0a81332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
52db3612420d7a5adcb3a7fa6f0f1cd4

SHA1
2be79ef7d45ac61781a564227f73014b8bbe8651

SHA256
d71d6b44b4907d4e3508b8c87b4eca5eda6cd0e245810b3c31cb93ff5ed8e455

SHA512
4b1ff7537c66dccd8a2c547ce522776981443450c4efbcb222d6551e2e6c2ec40bd52e7d00e948b6eda1d0159c21217d6dab7dcb00b4fc2adca7c6da74b92c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
537accb634ad87f66b136ec99597cd64

SHA1
014076594e5741edd222830dc08696523b4db5a8

SHA256
622bc76dbc650c388d53f2ee4a86f04dc073d1d27f1e1febd8eae86caad25fcd

SHA512
853d2d1abc4827ba9eea9a2a79f029ebc4326779735152adc9f4dc77d0c4098570be386fc7d23c54f42acd5012a5111f77bc71e2bce00b8661da67922f580ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f041bb4db0cbb914bee90ec93894ef5d

SHA1
9852959b0d4e021f03eb6ab2e9af3a9e1825bda6

SHA256
53a826bab5320a4b8968684f8ce1246e30ae5f3053bea4f8f5a36182a5ee527f

SHA512
04e58069f6aad2a8592cbfb35875de2a377c97ee0cec15a5dc0d0946180c156e783fd31ee62a64b2be3a07cf53c486fd00c5d6ce6bc2a78459177c0c2e24618e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
77b2004113b79caf112d43f992f1b0bc

SHA1
24d41037969122cbbdda91c7a03d2ec06f3d714e

SHA256
87f3e053f391f300c32f1537153e54087b785996655677d626ffea11f24f53aa

SHA512
702e8af1ede3eb4ee6d699e959655cd472d621a79d2ce4a6eda6e8cca70f966c0d019f462812ee85992869d1375dc98acd39edfdbc8b443299a20315c1aea973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
7c0868a405cbdc5d8be4a3f8ec216de5

SHA1
9180478eabf201701f6cc381d969c0133ba34045

SHA256
218b3e1545798dd5411e3003033c0e87433fa070de71d36bf287ad1f31222384

SHA512
384497d4ece261b5ee6e9582981b12849b8f92daca51abcd906a097da838d568c7c18cdcd800e86a693151a25a9b08c1db3010dc8c5bb1e052f2006a80f0f35d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58196f.TMP

Filesize
705B

MD5
c1c6123bdcc83a7a1d80a738416ff424

SHA1
0dc4278a38a8550d21528a4662b6101a9ffe7757

SHA256
5d1a5af3e14b02c23e602d711f37bda79e24156b686f204578a3097a17b5360f

SHA512
2cc3eadbe5b4d871f7f6bb5888b3580bb13c06589e3c75d24491beb4347a8c8492f63c1516b4510a483be696c600d2b7a7b7862abb813e7a6e38b13c1c34ad64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
59cc754d465222c381b78f4971c1e273

SHA1
9e9bab8962c0d1ceca09085eea1d8bf774936ef6

SHA256
5a6195142095e68f77b2f1362ca8cf041d3be770b8eb5a1def6f672461ce853f

SHA512
847e389d476520334b93dc0ccbdd9a90db3a97044424b5990902751c4e23a4ef12268b65d21754d6524deb98688744857327c5d38739196dbea217b582d1ac1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3833588d7a918a6e732847b014cf2c11

SHA1
1b2cd873e2273f6d53d5f1cca4ad419544d823de

SHA256
08e9422f62a680fd80db718b076056c5c8cda998cb240fe312de347b730c1d3b

SHA512
1d5e4f4c0a17f7322f64ba47dc4f1442a5f65f7b24cef1c956456e10b358cefeac5ab910eeda41b9d6bb8aaef46818e1a929743e3e432f79e218902af0d8508d

Download Submit