0086657478d188f066ec661554df0f6a9d1d3d17637f799910c9c7cf0afb85ef

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3724561cbc3cd59cf093a2db57e25291.exe
Size

159KB
MD5

3724561cbc3cd59cf093a2db57e25291
SHA1

cc13bd01072eb040a4afaa5688a7beffdbe90dc3
SHA256

0086657478d188f066ec661554df0f6a9d1d3d17637f799910c9c7cf0afb85ef
SHA512

203c59e705b42cfd2407895e028bd7977e982a4e78183f3ecd44ca5714a87e27e4e26cc3e84e6529252e0a6d1a6b35b36b7479da3ff1b27b28c2008b068dc330
SSDEEP

3072:ZxMG0b444qm4Me6bzZcM2UOegTODXb3S4cSG1PX28K4nCmroy:10KwMeiZcM2UOe0O3/VKX1Hroy

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3068	msedge.exe
3068	msedge.exe
4320	msedge.exe
4320	msedge.exe
2572	identity_helper.exe
2572	identity_helper.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 4320	1108	3724561cbc3cd59cf093a2db57e25291.exe	92
PID 1108 wrote to memory of 4320	1108	3724561cbc3cd59cf093a2db57e25291.exe	92
PID 4320 wrote to memory of 1120	4320	msedge.exe	93
PID 4320 wrote to memory of 1120	4320	msedge.exe	93
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 452	4320	msedge.exe	96
PID 4320 wrote to memory of 3068	4320	msedge.exe	94
PID 4320 wrote to memory of 3068	4320	msedge.exe	94
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95
PID 4320 wrote to memory of 3640	4320	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\3724561cbc3cd59cf093a2db57e25291.exe
"C:\Users\Admin\AppData\Local\Temp\3724561cbc3cd59cf093a2db57e25291.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash&Lang=BrazilianPortuguese
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff435146f8,0x7fff43514708,0x7fff43514718
    3⤵
    PID:1120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
    3⤵
    PID:3640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:1092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:1600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
    3⤵
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2572
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
    3⤵
    PID:2916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
    3⤵
    PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
    3⤵
    PID:4648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
    3⤵
    PID:3264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
    3⤵
    PID:4196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8158811671011172461,6704969813558236005,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5520 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
aeb8743037b851c7bba4391e334f6f45

SHA1
181fcf28be4ebfe4b7c11ece93f27bf5ed8655f3

SHA256
6fb2151298e8de8a29ba39e72a65a3d85771295234d7c2a871a66be71401907e

SHA512
e8eb176dc17d6f8bbc0bb3aeb7ec6abc98120f84acf311d7c2b4eeaea914217c8fcc1819c88e89d8daab730b4dbb1374e52bd624f59b9d57d541a1d62b7c8376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ca01bda981424e7b458f7cee7279fc1c

SHA1
3aa2241b0e11969e07dbd7700a51f98d94350927

SHA256
f53297e7ff71f1c275216b10826e1f1328332ec4203b173c6b9ea90224ddeff7

SHA512
62d374fe0f3764d6db5688ee9eda0b40f63acd0045d80b3a9bfd05e1b90d5630f25c944c45e9156d4a25be10fba10ad1da50b779c8b4016a4921ab10db73ae48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f09855ba3b1a7b12601beb4ccc162f4

SHA1
e2de9fed8aef92b5d4b1cecd765805a699ed8156

SHA256
8c0b815fa4c2bc4b92534d02a05076e0e53ee7e39b1a87d7a121baec1b194654

SHA512
1f4508e5beec86f0c6360867e95bbeb3cb3483e8800d47a1ef45bbd08bd07cdad2b4629a919b1a9e354e22189100efc76168d1784dbc553f91f273a19f19c9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d7afeaa7e26f5fad51b39d966d10c52

SHA1
ed4e371e9c5260d1daf1024a69ee21ca498d6e0c

SHA256
71467a122d868a0263130d35c3a5717d9c63d32878aed8b9e350cd4de88b954c

SHA512
50eb7dbc4f712311b81c428a45fbdb2f24a74560e09feb3f00b1abd2e8e6718da73377ff817eb295dcea2681bdcbde8f39642eb147119ab18cc0265ff2466db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fd8dc62c7f18717afaef99d23bec395

SHA1
e45048c0dae1a570241c3ee6ca323226869be2e3

SHA256
a1524352b460d60e33d3f7ad14d841cce3b40094a65293dd92cfd36e3943097d

SHA512
cde75ea6855a22e42d6d30a7bc87cfe221c27f397a8705dc0dca6d414d42a4fc3f6693702da3aaa7913e5a5d83740978f5e565208c999e89d0d29660cfb4218b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dc0d25eea99e628ac224babae2a2bc31

SHA1
70d55244ac60737ce9711e81fcfcab935d4db7d7

SHA256
52448a485e5eed3aabfbc36690e2e918a2fe2fd21e303c980cf1cea29ff33cfd

SHA512
b186f2f3afda21386f1500a9395b50cd6a8a3e036a65d9d68a4cabb0ad69e6b706b1a2594f4f93542982e1d0df5a0a4b87f68be36b19d848d15794c1dcd359d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
3949c75bac9cd8e74223566b5821aa07

SHA1
809daffda987041a4113c4a733da2ccc181898b7

SHA256
bced232f26f64ac666673ce1fef0ecb656a478ba440848a1a76380d2cc8dea70

SHA512
8fdccda62dad5d8cd192dd20f00a07ba4c9213902f326ce629219e0fa00ec165c8b3beb4eb260320cd355319b54f69c751c9f4829d5bba61bb01520ccbbb0c87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
3bc887147b4413d2511cc13ad0bd0a50

SHA1
7cef290825f581c786e6d5801e20e027fe50338b

SHA256
126cc79a3ba0683ee1da96738e459d462fece9b3b3cd805f8887129d7957329c

SHA512
cb8cb2a10dfea54ddba775a0bad38e992d24f37cfb79a140a72cac7e14eeefab8f4e17e9f2d621ad0ffaf3dddc9338c40ed617af9f2b2bf77eed5ec6edea0e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fef1.TMP

Filesize
705B

MD5
d7493c6277aca0e370943f8fa3543a22

SHA1
8553de8c36a9afddc15b384650ba906f4e592040

SHA256
b30c96fd3ac9afc17ff3d3b97e083841bccde14fffa09e249cbf549cd15757b5

SHA512
9778d7648bca3159ce4a3aee344d7b4a4b739cdab4200edcd08651f4179e64ae99852325c431a5f312181f18b5ec012c5faf7f957166758634985a404f1511cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6d27f0116c74ea66e2c8d96efdf087f5

SHA1
76bc0f881b5ccca293abc376e5136232e4af44fa

SHA256
32e151012a6eb2a2bff23525f0078a21320c29c484defca5ae387a2b44f3483e

SHA512
1f41dccb2a343876775139a4c486efe6f383e88fe1f1bafcc583b00c6a09d45c745757dec9ccd3f625f6add40fe5a240b5957003915fbaf8633476eedd11c445

Download Submit
memory/1108-0-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download