hxxps://secure[.]na2[.]echosign[.]com/public/acceptMigrationOptionForShardConflict?token=CBNCKBAAHBCAABAA7UsOJghSdFJQ5rYiOwimDEBB-kyQg3TM&optionSelected=ARCHIVE_EXISTING_USER

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 19:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://secure.na2.echosign.com/public/acceptMigrationOptionForShardConflict?token=CBNCKBAAHBCAABAA7UsOJghSdFJQ5rYiOwimDEBB-kyQg3TM&optionSelected=ARCHIVE_EXISTING_USER

Score

10^/10

adobe phishing

Malware Config

Signatures

Detected adobe phishing page
phishing adobe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2208	msedge.exe
2208	msedge.exe
3952	identity_helper.exe
3952	identity_helper.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 4740	2208	msedge.exe	86
PID 2208 wrote to memory of 4740	2208	msedge.exe	86
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 4332	2208	msedge.exe	89
PID 2208 wrote to memory of 2400	2208	msedge.exe	90
PID 2208 wrote to memory of 2400	2208	msedge.exe	90
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91
PID 2208 wrote to memory of 2280	2208	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://secure.na2.echosign.com/public/acceptMigrationOptionForShardConflict?token=CBNCKBAAHBCAABAA7UsOJghSdFJQ5rYiOwimDEBB-kyQg3TM&optionSelected=ARCHIVE_EXISTING_USER
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad34146f8,0x7ffad3414708,0x7ffad3414718
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16835841168047275117,16093816801688975169,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3568 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d8f4eadb68a3e3d1bf2fa3006af5510

SHA1
d5d8239ec8a3bf5dadf52360350251d90d9e0142

SHA256
85a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c

SHA512
554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
f4cf8690e822920b17149cf264d62eaa

SHA1
62b1f51b9dc385f1afb222bdd460c0cedbb466a3

SHA256
f800b774b11a92f74a188801d00e29760ec2c2a4b841b9a43abd6adc6c37b7ef

SHA512
2ce48274bc3af1de759ae8686266a378188d542a67381fb2635c42e3c2063846d6cdaf9f8cb654a3719d5f790f341010b4ece3bbeb1f24b88775d44e69f052de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
5751a83375ca891428f9576da51ef3d8

SHA1
313ad8399d4d73b0fcc09af4776f86c6ed43746e

SHA256
87a14616d85424bea947de8369f4bdf8bbaaa450802ca0021abeff3a122b8ce8

SHA512
66a1748451f02592b6f0a2a985873008774cdd1534d8af7319c8d1df9cec42b16246807a2f2276ca3a35f0fbd8dbee0c53117f7ce00829befedb821541ebd5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
672B

MD5
9074bd56e5044ce6b69e920e983a5f45

SHA1
e2ef70e040ec5535eb028d2059d1b4d0e2c02b52

SHA256
1d2a18e3a5e316c067ff173f17263fc745bf03e52d96a676f35f107e3f2cf6ca

SHA512
53abb99148b225bf3a61c74bfa6d7a37bba37822580ce3040ccfa4a0e0d240c03b57ab8a51c78ee61dab80fec0477acb78f7357dece039b4154c0a55dc6607dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
efa9904c7665e73e48d45b981f3b3b57

SHA1
b5fedd3c92177a7c9b0278d6d912c3affb0574b7

SHA256
e3a7242a155b5423fdaf6c45bc9802c7c396561fbf0a12ea63ca2a04d0694530

SHA512
9f586f24f1ea7c30341429e6f7839a327ea86aa00d1d80af88430a4d96b9af17a63d648d45c1aa137c716b066629e9651c8cec3fb74f988e7bba9b662d3a75a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a240479d8f61f91439bc226ebcb0640f

SHA1
b6a321d7282d70c97777b0ff007eadecd7a4f6bc

SHA256
289b24448ba3ca4b843a19dc48eb4530852177a249e4f03cd3ed0c9c4f958e92

SHA512
0e74538dbf8f22bd7b0d8636706894056e31d1d0ec377d423accc9c10bfddbc484186fb8d13e6a544390a8627ce396dac2369ef008e032b5b6d1d5164eadb2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b1753d701b817ea0c4a27959629ae5b4

SHA1
a53d076d28767eaa8e04cecb2dd9d4b0d978d8eb

SHA256
fd234d7924be241b29755fbf6b95fc5495be80189545816669c89fd026c7745b

SHA512
4b214744f3f6ec5bb2d8fb4cd05ebeaa696d15f555dcece7965e9bdb514cb42cc80c78cc5e6533f7bd43e7e89b4f4a378bfdb991cca0e5e84dcbb1034e1f9d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
02142fd09fb89a6235671645982fe9b2

SHA1
d7c64f5726e0b1156f6d128fecc0e7aab11aa4ac

SHA256
1a9efd4db906db17e1c51f38ddd5b786106a161c68305d5a883fde3563e8581d

SHA512
49100d30d2b464db4a1ed9a0e614f635c04cca4ea7d7411a0d80f35e398919eeb11b8aae750150ceebf1c6e6caeeff32bbbc40194d05bce8d157fb659c15c0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d985875547ce8936a14b00d1e571365f

SHA1
040d8e5bd318357941fca03b49f66a1470824cb3

SHA256
8455a012296a7f4b10ade39e1300cda1b04fd0fc1832ffc043e66f48c6aecfbf

SHA512
ca31d3d6c44d52a1f817731da2e7ac98402cd19eeb4b48906950a2f22f961c8b1f665c3eaa62bf73cd44eb94ea377f7e2ceff9ef682a543771344dab9dbf5a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
169592addb67c4f45f6bec7fede79723

SHA1
ef7db8c6a82eb8c92628e4807f922339d60cda5c

SHA256
19dec86466ab36c86995de27fb3e8368d88c2cf51176ed17b78c3bfe948ad13c

SHA512
1d6eef9a695c121b13e878a329daddbd5d714d8af379585ca8051eab90013ea3aadc3bf815d8bce758abbd57be09263a1a16b378e55f0744eb434eb72135a815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c307bc761d4a961977c095e5017344de

SHA1
0b5f770923e27fc79159cdc5fba8639e99bcbf63

SHA256
1e18b9cd2afc95331d437572cef1a5f15de08da520da275df5f35c05cfebd5e7

SHA512
bd0eaba5ddb924c514d5eaa466ef768d7e2b43b8022b4e079a3251c6fa042fed1e13ed4f17c029e88cd380e2a4da34a14166a452b64a5250f2711eb70db321de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de5748c8cc3a2b83edcde0b6eaebf670

SHA1
075d3b0b6c980545e253c91f21af9513dc92ab89

SHA256
e29c0049200d8517b830a8859aff6be9eb8aa9778fc191eafdc9e3ee54fab9a7

SHA512
a9f82cea64b514b24030ad84e82e110ec66f7aca5b961d4b27d1a00646c17c5b9888910976a548434de25da5f573060bf8bd456def4fa855eb1a69e0ffe4560b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583cd5.TMP

Filesize
203B

MD5
189dbc79b5b3b99f020e3ebc7c07a671

SHA1
ad059861aca923f767e1872d244ba0266b7f2ecb

SHA256
b0d4e2cd86027b06f98c8066f16ce3d6eeae86bbb5a3e73bf293b195300767c8

SHA512
f78929a6732feb7d88e52a046ec75b12d3991ae7d2e78e5577b08290967305bb37f18b1880a8f638b3994510da66bbde8c94a22606550f9c8ee2d723f492bb4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
36feb83ebad02305f6af129902ddf1cb

SHA1
4644cae991046c819a9e1ed27938f741fca23ecf

SHA256
daee36134a543e7314e0dce274b07538e98eea99068631d6472e68adb48d9f66

SHA512
f7cdc9d4c8557d712c4f5bd78b7d8affe88e8ed3b5cc2cc7f09bd440569abac54b7af3a5231dff76c122b131d8649adc33b84dd3c256d3edf25d4678b2bc9314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0473ccf9d3a76f4f78d99a961154a77

SHA1
0442baa750d9d5dcba9b228c83ec1f3c30d2b7ce

SHA256
0a1c12695ceed072fe297a28c1d16e340c7b931d311184a3c3ace9c3e7345bc8

SHA512
a9e8ee4b3ac4f0ce4b4f159af329cffc865c77a0c4ed45ae71f9ddc6e44c438dab95636aadb50534172dcc27454a46c2713192ee985732ca9ec0f8865ac541aa

Download Submit