hxxp://chic-bay[.]com/

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 19:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://chic-bay.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
2628	msedge.exe
2628	msedge.exe
1632	identity_helper.exe
1632	identity_helper.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 4760	2628	msedge.exe	84
PID 2628 wrote to memory of 4760	2628	msedge.exe	84
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 4868	2628	msedge.exe	86
PID 2628 wrote to memory of 1332	2628	msedge.exe	87
PID 2628 wrote to memory of 1332	2628	msedge.exe	87
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88
PID 2628 wrote to memory of 2256	2628	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://chic-bay.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe333946f8,0x7ffe33394708,0x7ffe33394718
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,11327263785152693864,7118718854092020942,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3236 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c4 0x2f4
1⤵
PID:528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
c16c332c7bc069963bd0b4b682aa6784

SHA1
8275f851379550fe58663e24dd8f8e4eaaa759ca

SHA256
bbbede7a228fe613cdd15513e3cdeabf5271b9781bfdbf00a2d51c159bf223e1

SHA512
1b12f0c14dd5121a408dba92150d34eef58037d4dcc44cc2cd56caeedc622a204bf6b0e0f624246aea0f8551b65598624aecedf8644a8c4b7916b8e09eb0668c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
12c435059a9c2c03ea002180a759c39b

SHA1
4fb9f3bc000273f214795e8ea64846a589ff2729

SHA256
4eea1592cd236304220252e87e0debbe3aa1fa2069d590bf7a1b9f6e8f519baa

SHA512
785ff008bff20093d994edcb535711f3c65a4e13653b57dac9ce81f53a8d7ced0fb4344a23718eb1396f9fe1972bf991882479cad2cec7e07e6260133b35a143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0e364e08-0709-48a1-9dbe-d2a7a0e14503.tmp

Filesize
4KB

MD5
7ac942d98297c67f0bf482137fc8cbbf

SHA1
9025bc2f504db436569ed179d1f1a7adbf08523f

SHA256
2e8483f01ec78ece3c8965b140c18a447d74f7b2357001f55a4111aac3156f43

SHA512
232319a75a8e9912854c0a9bc5ba2cbf552aea910d42f5b79ec36d03d368ec18d0e799af7bb61fb6702304b3fd831dd242968e96b313f3850dca9332f5c855e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
23f65f044b9149515470eb0e0c7f1791

SHA1
d037c726d24013bfb9da4d3747998a3139db5259

SHA256
b6bd6319f64071b7cd7cabfdf664b6730458b8492cc498436ff146ee55347eb2

SHA512
abbe603c937e3008a1ff4b527478eb5e82a62657fdb36e97c02dcb63ba3170c9563ce82d5c590d8a397c0e90831a74adcce66c9c266fa26f80bc37bf773363f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f2e3688c7693059baf21b37705f9828e

SHA1
d0f59de788e473468c758203d8c3eae4fc385c19

SHA256
595021bfd57e548762cf4e623754b53c3bc1248c03f5ac911ee3f3ac7c3b53bf

SHA512
29d988d5589184e5c454567d60437ced41cc00a035c5f8ad0bb1c9227ff71db96ebaf11a789377ec02175195bed5c3f9295593918545754d8d13e8273fdcecc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
63bdde1b817722de888576649c9702de

SHA1
6cea2fba62dd23e6489cbde627fab9f2d8bd603c

SHA256
d7b34675c6fa17cfca0dac04277a44f2538adc86a4527ff831138de8a33edd08

SHA512
8bf77c81e16adb80c7c8703fa67d6fd732914a5fe7dafb4e7fcd147b9e1f09e70c31ef5dc8f7307809a21abccf5ab76fccd6a82d3a971fe9027daac6081cb9aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44dab030874173b84dc56e707ece61b8

SHA1
f2d53a20182bbbb713f11946f0b56371ba401599

SHA256
19788c323a5ad1f1a4c147ba18625f642fe9878d328f3b1e64015d5dd7f0d205

SHA512
1a93603e2b2288756d35f659006e4e79eac09dc44455e2670c6a4a2c77e4b45efdbc6cdec81ece69a3f56e28aebcee8c52fca1b5db94f30c69e94fc694a0d257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f733caea032518afb5a9f703c41495b6

SHA1
6ac3a4a3ead2508b7fe37d3bf5c4bc07f075fbab

SHA256
b7ff8c260a2c2b78251f1f6023f24264a38a88f936d7268db00189c4cfb16786

SHA512
93765e25dd7b320717d47696a68349391b6d522c29885fe9de02ac1e6f8cae08be3ec6fb5ffc4a14f8eeea7eef5c5ffe4d4de6a68318476ef7d3e28975f9a7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c89789b5fa292b031182e5c9235f8e5

SHA1
d081a58233606fa9c6e5321e31bd9d0ea2975c29

SHA256
f5f6a698e7eda7de87baf600e34f48234f0c8ffe75e836defdbc245a519f5415

SHA512
fb17b8de3145159bb156852ccbb7acaa99e8f6b8d5f46aa542f0be2b1447b7af5fee3d91b7ecc3282ffb89b34103f404dff5c83bbeafd14bc374e4a333e143ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
867B

MD5
028e836c76e5a32ff60bd5c661d0d303

SHA1
0fe0d2b47ec68f498c3a5bfdaf925a7a0f46798b

SHA256
d22ac53a2c00341ae77116b8bf4c495ee8f6838b4bc680f098784dceda51aef1

SHA512
afdc9855071cff80b13970bd030eb21e030deb9acb189e04b794a1a13608f268df9b493ecce5800936ff89ca8959c14f5866943e8727e6fdc42616fd83dc55dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d11fbec3da65521b6d277b4971e7c2e0

SHA1
5e261b79261984257ffca0733bd8ac79fbdc9b4a

SHA256
547d4f0b0a901b9ad492c1d19a64b6da93aeb165f5784685883c8d636c811f39

SHA512
a32d2adf52e4871f4e5d178641cad2a0be980288a78400aaa921bd4b9c9742cef5f58f46042a8ac4a3ced59c38bffdc73fe4f225cfe4315691dd08072e769818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583d14.TMP

Filesize
537B

MD5
2f32e49aa001dce87c13f54a87f74fc2

SHA1
663b4ed8253e0dba2add18226d21cc80fb4a46a2

SHA256
75fc061e19e3c281b3468e25ccabb381c051d85f465a7e3800d307833b943d14

SHA512
8069d452f8d88532e752908a790fef376b9437d4d5874ff1d03759feee9155b79a9ebb84349c696e3f02917e26f1999b4f526c86918743966899680f53ed351e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a4c8177f96f09d61099017b25075fc5

SHA1
b0d4a10db685af3602e5acb1df58dc3d7a2ec0a8

SHA256
16b3a6704d14104fb6cd7eda785a58ceb64d8ef5e33a7b54e75dfd2b55a20741

SHA512
2b051520b21c9674a9a8c641688a35fdd9e30fb4ef330fcaa66e7311ccdab7935d48d01728855517708e116ea87a4a22d686b9cf1a115daa1798c9cf757c2031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aec4741632cc022d1132818c6972f51b

SHA1
c17f1a08fe4c31efbc2f7fe3618763e490a9853d

SHA256
8e06a752466e151987eafc0349ff95f7b31d8517e678e3c9e30b43b4569cd41a

SHA512
3760d8f80a38f0ab4e9890d6ff771de42271ed77329faeddf140661803619e919c31ef4821f19b82abd52505d6943637c3c1c74d98e1b9805db8ffb1a72ce5cc

Download Submit