hxxp://www[.]xright[.]com

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 10:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.xright.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2328	msedge.exe
2328	msedge.exe
1564	msedge.exe
1564	msedge.exe
384	identity_helper.exe
384	identity_helper.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	6140	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6140	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 4320	1564	msedge.exe	88
PID 1564 wrote to memory of 4320	1564	msedge.exe	88
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 3524	1564	msedge.exe	90
PID 1564 wrote to memory of 2328	1564	msedge.exe	89
PID 1564 wrote to memory of 2328	1564	msedge.exe	89
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91
PID 1564 wrote to memory of 1072	1564	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.xright.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffee49246f8,0x7ffee4924708,0x7ffee4924718
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4423610850439073727,13826859150440273681,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4180

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x478 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f371885cc611944ee0fb13c7abc87dbb

SHA1
c77ac6043440d414559932e55a02be012311e25e

SHA256
7b4835f7d2505070415c4f94e6ea97f69fde2f692107f74ddc952692ba28c678

SHA512
417a41eb6d944568b06769ce7542b4cf6150e5286a70b7536e913ed94bf39b464e7032902041f0ec140c27c01e200df55e750d3e1061f2ac096ad0ce137a1ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
d37f7dfd75588f9a8ace726c615abc81

SHA1
5105c100be5b2e81da1bf9c4f48b9b29ef61cf8a

SHA256
7ac7e9279727041b95daaebf3fa4d7815ddc7554d36042f6e1aa6f4639d89137

SHA512
3fe328fad065c33771eae0900ee258bf89694f5b9e87fd7843c320fbe83571259bcd9d3d6578f4c1ad5910c6abe2a94c03ed477b9461721985c80d440cdd7266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5be3ab9e5be2153e938d171656a03d6d

SHA1
df30958304a6a768771fcfe3e4835069b36a0a98

SHA256
3b91346b7f68e1159a274a04788585fe7f647fd5e1db057b31d52340d2cdb711

SHA512
e8ce647ed615b6587e37b87fc305c906fab8cce37aa8643b477516770847a70e6664fbc1c979f6828d9aec53a2bdeee4b4d43f7aea9b054062530128ff97d754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
aecea8873af77339e37537589fdeee41

SHA1
6bd3c55f6729dddd132b2059335637359ed0124a

SHA256
109416205fcd9ccae1ed6a9b6a7507b5cdae6804bba73b4e05bf9621e70969c6

SHA512
069026b1fc695b7fb99bbfecad5581b8887f4275afd5bd77158c751c97884764609f3b43748ab3278a9b6d779736a3534e158f4571fe49c3d47e22489ca05642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b764ce50a18bc1551f4797d10a0d9a73

SHA1
81ea9c335a42e5231b573b0bf98d7e397cbf31ce

SHA256
4d59f2406e2b6f713a61d684b07719b4246e7acb9da932952f630ec36e148eea

SHA512
18379aad0d5a8486ea7a43282f02de4774ff72bb78f64925d4e0061437ee868089abd6602c9346a73ac9b27d2bebd868d858b3e1f0d4ba85069dd3c387e14af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
18KB

MD5
ef390da6313c56765ea6300087142f3a

SHA1
3230168b4686b6062635c209fb8b4dabc68fd77e

SHA256
a3139b7a0727ed1a8762fb4695063cbcbc2e55c62f119dd61c89207733c1e9f5

SHA512
88274480ee4d4eb461e9a5b8fcef5e17076a03e1157a2a95de35eb5d2001d1d43852e18f4acab3be79a217b5775eedd8f71f22cb6ce2f4d1087d27745a6e66e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7e17ee70941b1d7ad78d70b2c3881bb0

SHA1
80da5402b46daaa4479fd7b2480ad93810ad7d4d

SHA256
57a314ff457538eb6b94a24991121e0875379e1ab4312f2d335207ddc054e327

SHA512
3e59374bffe6dea5cbe80d46a5e3461d63ba8796dd3867b02325aa5915251aa793a36daebdb0becccd2f61614e85b83a348a2d1898757895b1356a16d39cd267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
374cac3c07e2c862661ed41b9ceb9821

SHA1
d035b34a19cd2d8d3afd8711ef6d2997e5004244

SHA256
923ec1fa3ff033facb80061304ac61abf932b3bba4fe60f56e3b0836bbd3cf3a

SHA512
0bdc9980bcb50d35792db19e856abea91346773f774b0fd2160b0d4524cfa7ab336a2fdd92e371936e95d7d4a37be8234d25597d8a57f6baa562dd12a9e16435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
afbec5b38febe7bb3d4fb8ca51d0dfb9

SHA1
67ec181f1c567378a288336ec6e495e480704b19

SHA256
deb6de388b90db0e5ada3940fe03426df9868f9e8c92970e87a82ad06579d88f

SHA512
e1bda1092c42a90a13acc576cd85defd316297627cb23631df7aa9aa6ac16d9246bdf16505dbffd58c736a59c4eb22acf3a6ef60f12ae5b08844f6962c8fa8bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
75aeb3d639129666a006f9e2a5598701

SHA1
69b85ce89d7bf229f4c8aceefd6e41ab21b2e543

SHA256
a787772130e75494081fcd94d8950909f65042b55bf697869a033b3f64a7bc96

SHA512
ed6c3a0e86bfcc8bbd4d62531154b4ca92138c67ca7bcc36c80b35146722781b92d9ea3e1290251e24cba117aacd648d927bf25536d223e3841ac9e6df19a3e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f126.TMP

Filesize
2KB

MD5
54f7e7beb3743d9bc56c57196c9b2e8a

SHA1
234fa7075da8c21b98387628018de6d28d19cb88

SHA256
d4a503d8f2233fb4027e7a1db7548ede984ef8fe5a7f670292dfa7022e5ef8e8

SHA512
d83cb578b351c8dcdc04359787baa4647b341869643a5a1faa6d413c07c94ddae000ceb8f36cdff1eb5860addd55f2e5387572970634366e4eccba5906ab5aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ca3d288fd7cc5bfff2abf2da9400b67a

SHA1
3ee6a101daf89602e017d47132e45ed3d47a85eb

SHA256
8b75b69e35e2658917b32e7547263b7fb13ccf6e6b45bd5c8f613850aea29bec

SHA512
84de6425bf935ff2961c0f4a5e9f71cc4f853dd5315bc1ae245047ac72e457bffa12d826fc2fb001888560df8c73941154eac07d6a7e0844f8d20e9a643287f7

Download Submit