hxxps://www[.]opsera[.]io/ecosystem/jenkins

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.opsera.io/ecosystem/jenkins

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2056	msedge.exe
2056	msedge.exe
372	msedge.exe
372	msedge.exe
384	identity_helper.exe
384	identity_helper.exe
5136	msedge.exe
5136	msedge.exe
5136	msedge.exe
5136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4540	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4540	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 4712	372	msedge.exe	84
PID 372 wrote to memory of 4712	372	msedge.exe	84
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2472	372	msedge.exe	85
PID 372 wrote to memory of 2056	372	msedge.exe	86
PID 372 wrote to memory of 2056	372	msedge.exe	86
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87
PID 372 wrote to memory of 4316	372	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.opsera.io/ecosystem/jenkins
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4a7346f8,0x7fff4a734708,0x7fff4a734718
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15778498331500974593,12493799649760395106,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4368

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
0a319ad3f297723bd94f91aaaa508802

SHA1
35075ce34ab521672a3f70b92930d628a394f826

SHA256
af05e97ed0ccd0cc225494f87c1cee754c1f1a4dd310be78e07adacfa4db8422

SHA512
3423b9da58faebb88c097f06eb13290dcff4c562a710175dc5e077c68d9dc0ee6033520abc6795f7539acee1ab5f3dc68d043fb8d0d769d9609b6cc9f1c7672c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
e1e4847bc4a0fecd7797a969eae9065e

SHA1
3d99756697b16519ed1ee444fb2ac85bdbc0607e

SHA256
aacc9fda0ce8cd02513a0548ad293645e6b2f15336f4733f67698fb266543e3a

SHA512
b5d43c5ea92257006f73ebff4e32f009f33982a7615ae6e118923f038e966d94359c414457fb43ca7e2f0b17810ccffe4dcfba15d8c0cd8510092aaae44a4f5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
d48fc900f1c48eeabe4a4fa43191def0

SHA1
7cc513bf3757526dcf9978f676603f2375015417

SHA256
2e51a004f5e53426cf7b609a86d3bd724882313f3517d5ad9a35360605340674

SHA512
ef0ad8582486d40eec357912c976b56b5a0dff20a8a79f474a8fc7a564fd7e5a94602907a1e5b7ae09f21ddba57016bc1988a28221c09349479ed666224ce3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
8dfc5fd599b55dfb653d9d371b337711

SHA1
0d78bd5edc3d39a65c93c3ea766250bda56852dc

SHA256
1563181ada7f8b1dd2e2822820a8ed74f1889812338332c9b98f8c9049122e75

SHA512
bda4d36156f7cf5ee78f6710951d24467ab0670a88d5c93a9318e244c4f8b0a625bf97a9059d002dddbb8048160d1e6ccda5fcd477a0bc26acda94e93687153a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2a59d28b85ef0744b60b004e0506bfb1

SHA1
b99ed45c364f8f240e27ab579bbb8d7531fcfbd7

SHA256
b22c24fc6c95887e0bd6f91f2d88858e8a6c2cefd8345f557b78e3cdb18f8c35

SHA512
42e866906737b4c8f1a6ac4d855013c007c52c9ebf00d6c50a596ca41f6a03c529e63afa3f3e2f5c48f5d7398d3a2335374a2cdb32d191472b507c202a0554cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59f01f5ff939c4a211e7f54b4605d086

SHA1
25fe5b1571a4c657fbc61b8aa6e8ab247956bc6a

SHA256
95288fcde11f66439f3dab013f80ad4a2bccf21f4c6b9646890445940a939d1c

SHA512
29d58b1a82e7fe7ee5015ee229cae7b2eacd93e178b9c617d93e96e5fce421a6a9fd701e4ce798c91c4443db0a8377e837c3f246b531ae86984705d803e4ae18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e6b9b4cad817f6b38d76e5afc53904d4

SHA1
19e0d75474a894bc6575f684c1c010fd65c1d9d2

SHA256
43d5cd37a9c1815f2dd03edc49b17584860bd2c55b1fa5bc345a2fb01c1f324d

SHA512
097590e39bb353ca1d59b5995b3da397a89540c9cc6c19072a96c3dd70c6d573a89951bc344f22dc3de4d1c7dd242ac60036853deda27d4cc051f04dbdf63099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
78730be393fc62b9ab3db5e8b47ceb50

SHA1
1732685640d2d2c6e0d5e196cd5727153bb4e592

SHA256
e4dea11dcbe87dffd5bad25b8eb4edd2550add77b463e7f6e12a0f9cb08b1cea

SHA512
cfc9dd77780d46625969870ff3df5171cd17d10db5b211536a4ff0be27aaf3730d7a7724c8f14c9ac43863cfcbd235d1ceccbd262650eff4049c3428d045a556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0a41aea342022d966a47f82076c8c5c

SHA1
32c8efe8fd541279d252befbe31c28e1b3b49dde

SHA256
1bba1daf8c7211adbaf8ff198d54f76381ab5112e71b8f62a287b73c40424771

SHA512
3929beff03fd170698c9772040ee73129ef63b3e6a9c77614f18ec63997dc4c88bd86e220e78032309dc4d5d9a22697578b6c7a8ed5117967457c763c126ae79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
853cca552d080a9f95d6679e43037d73

SHA1
1f5cc9eb0c6bdf6e967911141ac5c1a2471dd3fe

SHA256
92bc90d68e39ea5c3ffad3fde77b3241de327a81f20149af55c0a2f92656f3a4

SHA512
393d0741ec05e05962243b36758d7e1221530c017b5d5017945db70e145f5c45f5b357aaf1c6479593fdb16e854a8bc1752c654827d4a8aeac305fefb8ad21f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4cddcb045f2d179aeeb810489136b67d

SHA1
061db3cc6ac99a9f36da8afef7199e590eeab317

SHA256
31bc6455660751b6402a7602a82eb04bd258934d26c8afe83ff98fa50fc9ba85

SHA512
2109f3bc4dbc56b19a04922303c1605fa08ac43e07c1ee87ce80c4d587fd04e78bf8cb665c0741395ad6557a3d65b3122530fcb206f11189a339ddfaedeb0cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
37068a68e1a94bd503237e9043910fa1

SHA1
0e5d60643eb04282d9a07f46d709f59c93f21b17

SHA256
d4df4f97384d9805aca9e97667bfa512f3f6112fbdc53cf56f8ba1ead15bab3e

SHA512
21dd97b0722419b4e3df3121dd7789101004971e0e3a67d79203264378c64ca22df5de94c8242286971911b7cfdc7b2b134c7c107fe4f2a220fe8e279e5f6a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef42.TMP

Filesize
1KB

MD5
104538d5d4da20d530587036c6514e58

SHA1
d25e777c5a3aa09482b86c96ee5dd23d5b8332da

SHA256
c235c53e7f4a97d430fa309017fe4264b0675ab4930ceef13f1b709fb31bd75e

SHA512
9cc16e31271dd4d9ef7b81e4e3b5ccdfb3829245db8922cda3d4d6a51e920537396d0b094016bc7b787a50243b85959d836afbdd6934ee4c2b2b01ba21dbaa06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
165cecd0557aa16455c1aa91d0338320

SHA1
d7bdad779e234bd5bcfa28bccd4798a1ca6470c9

SHA256
72243d2186b03df7f2d7c21839dda60a7ba203864b96798e2aa6586993833da3

SHA512
7141b25250b342f51b7325cd5f2f3855a50c2d3c1ed703281c8d9506b06f7c9025672f59f8c30be3664aa6745ed788db56e509bf0d2205a8fc108515aef11ab0

Download Submit