hxxp://Dameware[.]com

Analysis

max time kernel
972s
max time network
1052s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2023 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Dameware.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4116	msedge.exe
4116	msedge.exe
4064	identity_helper.exe
4064	identity_helper.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5184	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5184	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 4152	4116	msedge.exe	34
PID 4116 wrote to memory of 4152	4116	msedge.exe	34
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4536	4116	msedge.exe	87
PID 4116 wrote to memory of 4648	4116	msedge.exe	86
PID 4116 wrote to memory of 4648	4116	msedge.exe	86
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88
PID 4116 wrote to memory of 428	4116	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Dameware.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5cb046f8,0x7fff5cb04708,0x7fff5cb04718
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15601445865381886732,7365115650043452270,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1204

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d5af55f794f9a10c5943d2f80dde5c5

SHA1
5252adf87d6bd769f2c39b9e8eba77b087a0160d

SHA256
43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764

SHA512
2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7166616d37807616c6f7160c6e70ea64

SHA1
df5ab777c141096fd641f677ca26a364352e6037

SHA256
52f1b396adeca75d08ae2f6b3caba8a7e7f10711651eddb49500cf7640bc0890

SHA512
6d137370564d1a62af5e47c0d6d2cb1053c92a3c32390370eb7edf6002c885846398dbfd149ad28c91194fc4481c680c3324b6f8cca230821a6155bed774f7e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1a7fc967eb5d4fbd7aff6eaf7536f1d0

SHA1
31463bad30a9b4ee0eaaaec3ca8890c6be85d27b

SHA256
133346a72915a671cd3670259e5fd7fe23fdb9e959d4038ab67af5e5c5b34baf

SHA512
dd9ae44f0c1d4a10d2b33ceb0f20e77f0bc6ea138c1f69cd5aac174fa1eda15d1b960ea5e87e4bfc2c11b4c2929426e0adc33071d49989856c13a3bb9e6cf864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2f200f9de8070eba95ece97dcc38c7fb

SHA1
24741e14e4d6b3efa65e028b951916987a454af1

SHA256
ad252caaba8308dddaf548d9d0deb51a788f2ab0c32e1f1c39718ffa0d02286c

SHA512
b5b7faa6830b1502880ad5729e3e93844caa3fedf80be52c5cf0d184142533288f0b18ce02065cf530a3d0b21851d7331912ee39542cac9cb25c106e4e43844e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d50b7f212ac81b340f62d75fc5ba5a12

SHA1
eb6ab23dbf8c9c3d378eebb55b9461b3ae056039

SHA256
364cd4d69e6c50717817944ce471127f3bf9481fa71f08859e57db255a4cdfb0

SHA512
6b6d989da72e041a8719d48407232678d4709d2000a1627af91fc3eb3fdd88638d1785d62fe72c31312282f38ac37f047efa59e7d9367c9d9ec6098fa0b50e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0feaacac7c95138d2fc1c38497ed9516

SHA1
7eb7f06f0de843184c9564d22c92bf0edb8d66d0

SHA256
294db0a47c5caf45efbb52c8baa7110add34655b4196f9accf597f7b36511183

SHA512
276323d616e90b26d433e701cce6a559ef390c522bc49d194f35d5ae085926e3b03a17141cc3680e95262848bc0a64e8ecdb37016aa9aa72d14b0b79b77db324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
10f5b64000466c1e6da25fb5a0115924

SHA1
cb253bacf2b087c4040eb3c6a192924234f68639

SHA256
d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b

SHA512
8a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
98c57e71473613063107a7dc0b5f8946

SHA1
185d75375881f4504a47458be7f0297dbf676408

SHA256
5b296be95b4bc2831183206c6485baf839c1445bc20b6f3e98bb148653362913

SHA512
c5e6244077458c92cb358236e48153de404ba1a23765d73bb8f024e4af83c2f356c13beeb2635b65355d7b7f526d817811be1c4a08ad851c7dc537461d46e844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
49900d4e4e1c0690f0d62cd3b5ae098b

SHA1
9e1d7bb96da2a364a31e6b98e8bdad674b05ae82

SHA256
be63e372494b5b92528a3ded79a7d78fa7faac37bbdcb55c874582ae54bf27e5

SHA512
a9968fbafc681fafe491a7017f157f704a3f951309ed60b34aea701cae377d854f18febfd0da8e63462602c6aa46e642f3104eb3960b17a8e35cdbd35e50568e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c5fd92ca83c57b4708d9a596384d18c2

SHA1
ffeac3342f23b394e97412c54d0b25233a72d565

SHA256
909f28c9bda781204bc8b93119243526a5083f76590454249b745278a9569ba6

SHA512
9ce51991e5a8736e0081dd4c946f471e20a95e50cb5c606d86d3f9df2a8bb4ff72e072a7edf1039d22fcaa3e63e4c8c79184c3402bc71651dbf3ee9d11a5dd7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d13a07ae0f9e841caa1d8797c7b40148

SHA1
56238cb003ee50f232642e4432c9e0cbd0f05486

SHA256
d4774a8cd2200c50de3171ce817a7beb37020f36ba4a09163e5a9e8c40032bea

SHA512
fe68b0eadf7dcb591f7bf29f552d5c79a5a5a80b46e5da04508cca9cf3e9ecdf5c04657232a59bc803b269d7381428f4ff97a67c6cc0e1097023a82a513e97ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
75eb7be84a0c09439068f1d6190b88f5

SHA1
f36bf7d670afad3c04ae28847060de973ef9a862

SHA256
8171c23391acbd0ca7cb8781b37a75a85ce28dc4946187c3e0ee1ae54c6c4853

SHA512
c10ee20dba4e6629725664fb2b856e008a104c74651f5464f19e8c8a2145e151515e45d27c1cbf62cbc586df3ce91928f22c0cf84fd5c51e2827f9e24f6f79fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ab309a6e0746707f0a3a8d0c56c696a7

SHA1
d64007285c3bb5da4d5a61f48135da186f2cc76b

SHA256
51095e20b42914768377b85d7540cac961cf7f89003ff1d01b4baf38b0b5903b

SHA512
93b49eb7bfc327c1c0ee06ef13844eabefdb281fb4133e66ba116dbffd6f76f41707a1fc0e4e5ee0a5b84c390a49e83f6972331b0cb7ca9ac25f659319033a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d409.TMP

Filesize
3KB

MD5
8e7123b89aa144848765db2339e2dbba

SHA1
c9e18520d9da3507e523c4f4ae1ad0a755e7c886

SHA256
39eb868ced527c57d938e51510372265fb25fd2b0951cb2e19d184299b1b348a

SHA512
215e035a0bc15c168c181da8b8173d3aaabb2e0d8e9b3a8a20177867a738985d7eb5dd4f62ec7bf272c4d7de748569ed068bc6c5602c99952b51e1bbbc681ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4bc3d8f9ef3a434b6f658a231fed6cba

SHA1
100adc12a4deb6e41bf7ad6377270824b3078744

SHA256
c59c503b9241775fb2512104b107201fc59e70a16828b6cde417c47bbc54ce74

SHA512
5ef7908686e105fd5a35263caade48fa7e75aa9e2144c70b4818d8073089fbc4b7c1f379ddd22ec5523a18b30312aaed1ebb0f9ec3998836d52f8cfe2fd2b587

Download Submit