hxxps://dmce45x1ny3g769[.]lopcjsbkcd[.]ru/lvt0w/6MqPC6DshA0/bg-wD9dZsgrAMiWAGapDE5Hvy69dM9TIP6S15GyAkdSPpEuP3YHIPrCJ9irLU3B6QIiTooq73sVWWCTsyqj

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2023, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dmce45x1ny3g769.lopcjsbkcd.ru/lvt0w/6MqPC6DshA0/bg-wD9dZsgrAMiWAGapDE5Hvy69dM9TIP6S15GyAkdSPpEuP3YHIPrCJ9irLU3B6QIiTooq73sVWWCTsyqj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
1396	msedge.exe
1396	msedge.exe
716	identity_helper.exe
716	identity_helper.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 2732	1396	msedge.exe	21
PID 1396 wrote to memory of 2732	1396	msedge.exe	21
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4344	1396	msedge.exe	87
PID 1396 wrote to memory of 4580	1396	msedge.exe	86
PID 1396 wrote to memory of 4580	1396	msedge.exe	86
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89
PID 1396 wrote to memory of 4556	1396	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dmce45x1ny3g769.lopcjsbkcd.ru/lvt0w/6MqPC6DshA0/bg-wD9dZsgrAMiWAGapDE5Hvy69dM9TIP6S15GyAkdSPpEuP3YHIPrCJ9irLU3B6QIiTooq73sVWWCTsyqj
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf29246f8,0x7ffdf2924708,0x7ffdf2924718
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17021689590175138212,1260259412073375625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5416 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
20302750c8321daf727b977042c03e0e

SHA1
73e185a8767ac119734d4cd24b54862e85a1dc56

SHA256
b78628d74d4c97264b0360d8a62dbca57733b19f489051d5634ef3efe3ea0092

SHA512
e62a19ff2ed6504e42cb0bf5e6913bfc54bae4d143c68ef03f3e487353580eab1a63a58a873b13bfb33939179c874a8295af92a1c22c65ac33197ea03807d4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a41232c568ad129a99dcf7ccba456382

SHA1
33546bbd9658b864b2d9b4fb148426c927528948

SHA256
17ddf62d53505ec27a72a95e9869b3eadee06dd0472489cb1c1a8c6fab6cebe3

SHA512
74a2143a7468edf3e6689fe85786515330c7f2f1ccec13155c11910d67917535e865a573d821d18ced24a56c4e631367b4416d9b849286ea517276e8921ad2dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3aaf29fd1b7af0f51af4492e0d36efc6

SHA1
5214b12add415044a83bad4a947b628c4243b82d

SHA256
229e535f02cdfc83fc55433835073a4072291e5e832bc1032bddaf03a739d37d

SHA512
1921c1777d473c182a8e6bd18c45ae46fb2e73324df5110fe6db2c1e7bdb9a3f0ea7957ca95d0bfe690b1543a0201e86681a7581acf67f2f163d893eb555f173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0c9be6bfcc7e97141a3ed86f8212ef61

SHA1
f378b7fd1e844671729efceccfda33c799646592

SHA256
ef6afdf55a2213f1e93bbfa0a078cbfe2486f5e8acb5177127cec5425ab10e82

SHA512
9dd08cab45542b3f015908c6635ba31e6d0a78e3a7b3b6dce2c338b4bad2687c8cbdb67879419a493d09a640de66c2f7c77d08d97ada196ce75628d024fd3349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
920202552dc96b81e8073b93ac57d0a1

SHA1
47f372794f1a8b0f8b7ca82a8393b0d818e967f6

SHA256
14488bcf0ec8f0faa92ef2f057dd5c4295282cd0750c1d2bde6f0c8d72a39d56

SHA512
1037a77ecd055dcd483f3a1fa20b438d2bfe22798b858fb4865b0689629949c50f032c78efd3e08902d4913eed779374253386b806a6acd867626a162a46a5b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a71186e351db724e9d3941db40b8cfbe

SHA1
60034a6a65ebd7d2146e2c51afa9e98651647049

SHA256
cc4d116db49a18df20ee77e6673886390bf360e7bbebb5fdd0367fd0c5d6b8e7

SHA512
9fa67003147cc3f0287dab6cb67713de1311301acc2fccdffd0f74445a79a9a81d269bd47e702fd02288b319f705dba75d71844825bee5c6507d3144c0d3571a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
be1dbdbab9e1d9a179b643c7ab98d4a4

SHA1
4a40d01a84a39a390ca7a609649f861f3c6777a9

SHA256
c3b958eef3e11bdb327917cb8c46bd1a478d32623d10739349ece83917784b09

SHA512
acb13f0258289f2f9011e2ef3e3c8b9b93cb4e344436013a28880fea85cc0c92f5dde5c677a2c4ef906f709f8bba14186295194691cf4d57acc05f24c8695b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584457.TMP

Filesize
1KB

MD5
d225b6cdec97a2c509b510a5a8442341

SHA1
25d0081be3e19ee0abd8c8d5e7f4ce87500dbc75

SHA256
578e2cba2b795f0d17b1c3859154e5f8688ab838be492710c9cc99607e02a911

SHA512
a599619e8db2415a891178ef0a9ca6e99405b6d83240618d05379e4cac886d57241f5ce18fb789c3cc51c7cce7d97224defab5a3b1969105fecc2b99ed3485b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
53213efe65c89f4a7ebfb75406ca8f31

SHA1
f441d75ed64ddd2333ca940a994284640aa8b2c0

SHA256
2830ec8c1b90794bb14efd631a2abe77323cc4da884785adb1d9bef1d9bb0a23

SHA512
87dc8ef37e369ba33061f5bf23ed968d5d1a6b004847298756218316c27cbb484117469a6f24aa9e6c71e26246a69e2ca732fde6044a809ea6ae859c165c490b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a6e8a01dd66b615b61f9e3bb1cf3d930

SHA1
7b83185d9fae2e49c99af67afd86aa4963af7d6a

SHA256
5322a3e3e1acfb799ded59b01fe31701d707f16672cf88ac3b6c4bb5310329f0

SHA512
5bdaed797b61a8f08ef79835208b426c8277074c10dcd8ef0f4c3f6a8940c3d0325d5b74de9276e9ea7b57bd7baa50a4e89de79b293a00d423235d79700c21a0

Download Submit