hxxps://mibjga[.]top/482w

Analysis

max time kernel
64s
max time network
65s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
28-03-2024 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mibjga.top/482w

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

5068 msedge.exe
5068 msedge.exe
4968 msedge.exe
4968 msedge.exe
1428 identity_helper.exe
1428 identity_helper.exe
964 msedge.exe
964 msedge.exe

pid	process
5068	msedge.exe
5068	msedge.exe
4968	msedge.exe
4968	msedge.exe
1428	identity_helper.exe
1428	identity_helper.exe
964	msedge.exe
964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of FindShellTrayWindow 58 IoCs

Processes:

msedge.exe

pid	process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

msedge.exe

pid	process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4968 wrote to memory of 5028	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 5028	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 3092	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 5068	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 5068	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe
PID 4968 wrote to memory of 1796	4968	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mibjga.top/482w
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6b783cb8,0x7ffb6b783cc8,0x7ffb6b783cd8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15482240585388620962,1286751254565152765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
  2⤵
  PID:5092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec7568123e3bee98a389e115698dffeb

SHA1
1542627dbcbaf7d93fcadb771191f18c2248238c

SHA256
5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

SHA512
4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\96d7ab13-ffa1-46a2-8b90-3356f22d706e.tmp

Filesize
6KB

MD5
964fcd5d45c55a110b78b3505ca165f6

SHA1
f6697fd36172fac138a349ad2fbcbccaa31b3846

SHA256
0ac7a919a1e836fc865954993cf9faa7d591b4f3a1d53fe8468b1ee6a3dd6f34

SHA512
56dedbbad20b5738fe8e7e673f4eb91c6ee0281256d62d8af9c03ec3ee80a27623dc4082f630df5cd54b668bc781923682498aaa07cfcffa19d1274a83b937c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
548e7aff9be225469dded2751f470307

SHA1
f935abcdf17de8b3ab48dbbbf0b80ab5f881401b

SHA256
0077e0224364353e68e70eed62d2598797575379ec725dbf23e5047bf62c275a

SHA512
72a85839ae81bc97494802d6045984bcc8f2986034042597b42a9d2e59eafc278e1cba6ce24a4929cd92596b9ee2e2d71c0f57bebb22b089ca1bb8f7d5c0ad1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
d8e5dfcf96d099e2dd736b339bf4f6fd

SHA1
8f17e9338fa6fb085242f8f795476e4857131609

SHA256
5d5f2ac122210ca4a1094c8c41bc59b836c846feeb7e3d42f3ca9023c5ddd6fd

SHA512
ebaca1352c7db7a1ff7d7e67b6c5c31fda8020cd16a4795a49f75e97beff0a8871d8612952e2ca0fa2a5547b2fdded2fe8be3485fb190eb19b1e1ba3f0878e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d81b38b1a099705878ca1b20ab170737

SHA1
4dc00f9e76ff7a65c2572b56765e0161c9ddee54

SHA256
6b313470a143ec2754b95810156db9496243241e7403f2820e3e66d856ec09c1

SHA512
8aa3c9c1f6045928ebd35798e501b8ea6e8c7bfcdf1b80fa3b44bc11836f9f82da951b8e39cbf1e975a5e2420134642cfff2feb953dd48401aad3a7f1e6b5a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ba15f72ffb0a37243558588d3e78221

SHA1
814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

SHA256
3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

SHA512
02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
9c585a6154222520fc2225f3bd77a2da

SHA1
bca40d8e84a14463ea77171f2a2881773565d4fd

SHA256
888c884b9104fd4d151de60aadd5f10c29e084404c08f1c9019f383dfbb08c12

SHA512
1a5d32c3020a8f9788ea6b5a60e3c816ffa0718607c2e2c42eb4e4bc55eb463ca785f1f086b2c35d30f17b8de460b6c16df90dc59422ba43cd7319f4ec915dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
cb67c23a5df746b7280d6da92ebdbc65

SHA1
28487a7e98ee3eaf8f1a5ae6d690b80f19bff69f

SHA256
3af4c8efaa4c55f1564abf6072588efab7979be761528cf062e6d068427c3a31

SHA512
2f67c84c6fed2616e31ef7d7fa797643dcc8dfef61596b662a4fc9ab4c79f2fd3aeeef467010e812b26e8ed3fd12962a454760b9ef3dd7a569b3eec1f26b11f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582277.TMP

Filesize
540B

MD5
6703be7da3c3cc13962df99d7c16f5a6

SHA1
1dad8de6047472366906fdfbfdac25956eb94028

SHA256
730a432041c14d16e2e34d40474cd0f5247a14f1d5a21e7a9ebddbf536a2b0f5

SHA512
66eee0020b075768382598f413cb9ac16ad467fc7299f780857aed40b18e0cd44b0aa05933435059aa5570b6252636d3dcc6cd58efa4ac0a75873825312940a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a3e97987ac657827ad47eb19a9ab2fd7

SHA1
0be5bf3bddc7ee725cc1a8081d033bd7389ff12e

SHA256
31ec9e804de285d0836b90ff06d9cdccdbbdf6cdc94ae03eb723898a1927642a

SHA512
2af55912b025a2e93a8f44339ffffdc5b9fdc7fb148aaac3c7fd41f2185671334e6afa0e4f42d4b4201ede7e47d546d670b943b8c508200fde038e056cc643c5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_4968_UDDYHBXIQJHFWPFE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit