hxxps://lpmob[.]fr/51beaa4413e34ba28eb1[.]

Analysis

max time kernel
148s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2023, 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lpmob.fr/51beaa4413e34ba28eb1.

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
1568	msedge.exe
1568	msedge.exe
1812	identity_helper.exe
1812	identity_helper.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 4752	1568	msedge.exe	22
PID 1568 wrote to memory of 4752	1568	msedge.exe	22
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 5072	1568	msedge.exe	86
PID 1568 wrote to memory of 4692	1568	msedge.exe	85
PID 1568 wrote to memory of 4692	1568	msedge.exe	85
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87
PID 1568 wrote to memory of 3824	1568	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lpmob.fr/51beaa4413e34ba28eb1.
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa3aa46f8,0x7ffaa3aa4708,0x7ffaa3aa4718
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11062736302661957666,5324215085521433905,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f7e75a88fe92d5147528c475c6908243

SHA1
7831682352cfdb17da7174cea8674e61e6fe7ff6

SHA256
4faebaa12ccf24466cb17632b61174043ca23e183a44b29e9e3f6cfc2ce3192d

SHA512
f210c56502e232b9e9b47c13eeb941a2ae7ee5b7b27742902172935e8986b23292151f21dd2d930d384b4dc74af032297b36947d1f8251ce5208cbdf93a56ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
964bd0f74ba3a6f8f1aa0c41044d32d3

SHA1
07f5ca131d4917948827f3da2005f2b7b968f0b3

SHA256
64ea4ac99d52ced6579ccea7d1ed62efe286b621e517ea7b6b390ecdbd4c388b

SHA512
eccd06ae8bc3dd6f693ff4779cac66ba941a99cb9211b7e11f9d18ac04a3850fdf1f9d14c2d859267a472a5d3f5e91577b9485e2415dd5cb597cec587d50385b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
489B

MD5
9599c8ec81627965d4cdd43a50507ce9

SHA1
a9489ec78a66f549e676f0e07fb6a1e172dbd7ba

SHA256
4d0c2f71869e701ba700ccf4c8cfdb0ecf8ad30d2ec870e9ed38fb8118aab14e

SHA512
2cb2a0b1b5e581ec33dc4268e050b39e2457857545aa1f8f9206a074d982542aafb0d2823883667f8387f8df5fd26848daa09811cd36bdc3b5ed1fbc2d849ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95e2e5051ec94b4b42406171c84e898d

SHA1
3ce573342253673c9aa443e54c2fca90d656394c

SHA256
781ebd56293c3c73a80e3041f85505433b3f03ff79b359a8af9e56ab5a80dd86

SHA512
ea14f42f4c152b95cb6e9aea0cddc9c11c6bdcfc83631d273a060bdc539463e8926780ddbe0bebcdffa0109d8ce879a734e974cc2f8b12522be8181299d6e152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6586b2892d663dab77b541a271d8fa63

SHA1
7e5cf4d5e5b1284567f87baf26269d4b9f16591c

SHA256
48a157388acfbdd4b7f9efea5c5d813ef8e6cf2d5958507c16276972e9b9135c

SHA512
082885491bbe31aa75d22eac7228b3287f3637548adacc17ac3da9b9b8ea257b4ade95e3e7d09e37b472acba52ca1090c90307d339e23b055631673bce0a8edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
88d76733cde18621ed7567c0cfda2ab7

SHA1
41859bb156cfd94dbd7bd185567df2a9a5479998

SHA256
17a4767dee231bad758aa0b51bd7b7d8e6201c936e5b58aa76bbe5275c0c89cb

SHA512
e6555a48831412daf4af0a0039b47611428984d22ab0f851c62e68dfc9f91546542d0d68c759a988cc997b0fb1998e7aec10fa918869ed15742bfc4899f72f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
a9ef13992ca5e4935de33b60bf2054ef

SHA1
8bc6db0d13c6888dcd1c7b7bfedc4f82437a2679

SHA256
7fd132edb6eaff491ecd41356dacc9275847a88a5761e384748bd32c1051966e

SHA512
e93e2e2970135b276885e6b6fd2da8b35189c52f96cfde913335311f405247fbc66fe1fd56dad080a6f8f47287fd6565ed41942304f937ec16f02ba95f3669e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
59c645d4f73bb51e1f8817a453859e23

SHA1
530e24ba830d4397c67e408b4981064fc62260ab

SHA256
58e6a8dabd7123cab8b538c0504f0b521502306a8dd08c862179477bef5baa55

SHA512
e8fd0394e179a4fb5bab81df2488306148b3a739c2c7791eccf28d0e636bc6de0be70b470641facd36a495b0b2de35f20f2d615ef70a05f63ac56006c4b71ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
6fa5dd2dcabf8dec945e0f9f11d4c057

SHA1
21be411a9f59d3175101449b79892d01b0a8797a

SHA256
06d7e470958c7a7b19791c977f5743936822ec4a3278115991a699b7293b5bcc

SHA512
a16b610e60c31cda93e06ed2d2a13422161a78822f065ebf3f364bc617f00bf5e400d5881b6d4b63a4b4df8aca5462052cc42722776239effce015bc7274b1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
4c32dcec40fdfb927c00a47a14670099

SHA1
0a850045f9f9d6dbb2f772eefe7a50e03417b50f

SHA256
8fe0b1ba04bbbeed4de44030d5a9c36d40372525dc7615c693097db61928c8dc

SHA512
28c74703292cc0f49b07f15da08b49676d6fc4c9ab4fbd7d9aaa7d8abb7e94b3ec94b04b8df92ae71db53203ed5aca6c3d9002a64f2e52b91ceab39b76affd5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
727527a919ea5629ff6a674b8cafc1e0

SHA1
a8ba679e00c5558caa168657ca1b6d93a9a9789f

SHA256
53b742de810091972840e63ddf6819a2cd0b5d700bac96b472a98c31eee2e63b

SHA512
8880406bca6646a89a5db4b1b16da7eba0387aaaf08a27b5358ac2906937affe2cd9cd69590058573d479e3e70ddb021a197fc9f534483d16b82608ccdd509f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
8fafab0f0dfdbd1c050adb5ccfa238e8

SHA1
e32cf585cf8a60b6988987de200d3068263956b7

SHA256
c6c019715a9aae23fbda75a5e034507fe43f847f5b36e7557a324c97b86156e9

SHA512
d07b0a9a441a49f37a3cf314a38b69b1c5202c37178cd21e7683b00087d42d7ba387db32e5a9b3452946863dffd29456a50a10c11a7a26c2078330d3105be2f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
107caff6d672c3304250d4103d182a59

SHA1
a046e24749329bb71344e4b24999b672d838bc9f

SHA256
3ed68d65e346f01c579532000dde95bcc98d02b08d9ae71a8c36936eb30654d2

SHA512
81ba87466f970c2e60bc1747c39cbf1ddbe252f58744359b1a26ca6dacbfbe92c7cea9fb119cb41f4d9539753ebe1c8fb9622ee86023f8ac42307bede17abedd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
f283a3b6b1cec04541fc99f90d90b447

SHA1
89e0caec97564ebc175565f28e0db10b9e2caeed

SHA256
75c5524213c8784b492518b642ebc1f46c5a615a6e9f309e0e7dcc1d71d89c18

SHA512
64397579e9c5d21b3c078b757e0b4069656500e8688473d381e907e923bf8c174991bfe2d0fb0528b68e57e32eefd8924dbd965748ce45e8f2b8c488250d7510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
86a161e2dce516d9d247cbddbcca0886

SHA1
f32adbd56114e5aeb41c398b8b7d9efd3bd55d7f

SHA256
3834f52e57c466426977b70b44b69ff67bba6776eefdab186d1c9007b8b80135

SHA512
2f29ecfa246cd2f0d5a1e0c46ac99ee0e1e1eb69dec4c7582b9949deba023e5bed56ba94f63ca1f9796630dbe2ff6c75244f51cc02762d6f53c247218a845440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e733.TMP

Filesize
537B

MD5
f1994b0261cf63af1d37c99a14b1f34f

SHA1
82d85a284c25a4ee40787159f8cf0ecab5b54b41

SHA256
6703a7c1ecec9e6a79bd18023fa9883da530352dfab37aab67cecb385344e6b7

SHA512
565a1802217aa8967d0a5b191a9956a64829d9dbad434f502d1573593a27b25c7e7e06eaef1f89fc622a57ff9803d89cdc5cc4be135152236569c53e76428cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53a4c64c9c1e96bd6501a3c5c8a3d322

SHA1
c9610078567b15941b54bd1494ef2e445f7ae571

SHA256
148679cca3d5633c7856efff50897684a07c3f255fffd7c732ab87c7d16ae216

SHA512
522c1a3985dd3a223ac8d94b06770dc4a05026c18b4d31b8c8719290666141070ad69815b26ed044157f0251256ddb25e2dc44b9efaa27139f08aec96226671f

Download Submit