hxxps://gathering[.]asknice[.]ly/tickle/e53d69ade5894afb

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gathering.asknice.ly/tickle/e53d69ade5894afb

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{E936D695-1AD6-4DE2-B72A-0BCE23AC31D8}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4024	msedge.exe
4024	msedge.exe
3168	msedge.exe
3168	msedge.exe
4236	msedge.exe
4236	msedge.exe
3936	identity_helper.exe
3936	identity_helper.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 2788	3168	msedge.exe	82
PID 3168 wrote to memory of 2788	3168	msedge.exe	82
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 2472	3168	msedge.exe	83
PID 3168 wrote to memory of 4024	3168	msedge.exe	84
PID 3168 wrote to memory of 4024	3168	msedge.exe	84
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85
PID 3168 wrote to memory of 4216	3168	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gathering.asknice.ly/tickle/e53d69ade5894afb
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5f9846f8,0x7ffe5f984708,0x7ffe5f984718
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10484436743825793111,11278197580849749642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ea181183d1cd0d18a3473cc0bac24959

SHA1
5380a3889553f0d50d3a0bf1ff376849dbf8db39

SHA256
72ae3a61b3814d84cbfe6dad898494120020dacc682d957c7468675a9c17e025

SHA512
e7c83941ae2eefeb07327af163702a0e46cf2b3643bf01e9d53409ca6aa1ca1bf8f576da3dcf7b462b02adf75faf4c153f6bf052e664d7499179db3e3cb31e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
01b1764c6367b6c5a13b511bd2762999

SHA1
dbccfecae0ddfb320f2c6d4b6d874c118bd8bd17

SHA256
faee60477ffd7f1cafb1767b38cf758ad144a5ec557ab79d7e25b6e9ec8fa834

SHA512
ba815e4b2db9f9fb6237b5c6d8b3287c39891702b9e4efcf000f0a8b66a7682782ab52ac7e5f9e6d7dddf7386bca47cd3f9dd5b545d8eb78fd462aa5fb051d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1dc8ef3a4c45ef9c3f49e0e799ad9918

SHA1
7f4f4c043bd3d75a2b2c8180b85b96626716663f

SHA256
22252948461db069bb8b68d0ce26819ef855dfc855c619ef35eccc6a349bc265

SHA512
4915836091e678b6bbd94c7c4c8fcee77b511e0c507638906317bf81263da9c4d0c2ea391fe757fc4e1c6c83615852d135f969145abc2fc6eb76cb8ca0d085c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
23bcb3142fe1f21599064ea99ec74a85

SHA1
359b33554fc28da9c77fd49b6691d2f495e9228c

SHA256
9cb2c0d62f9f31daea6983aaeb70d4ea754c27ae698e5d3731904b8f53bc829c

SHA512
4ae94a42d7bff6134b6df37a74bca91d2f3e93b8fe496092a219c42f01108112e90a5a0756f6eed0f3757569f6b969aaee10ae2c3c96067bad3aad7090226e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c41d2a8f6db796df3d7f988c1d778a21

SHA1
264f9ff02f0d43280ef2be2ca250be9a612b590a

SHA256
2ec0cda053f06177638b95bde50daf0bd879b260e4958ba0a004458738d602c6

SHA512
28d7e34f0cc27b55333fdb3e489333ef055a489094f9a73a29090d29632de36f00062de872bdcb1b3391e118ba044f818f1786b43768917866a2d70086144513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bac74b9c0fbb18651ca8202da4abc31c

SHA1
d935ebc68369d686b3dfcfe951759cd94737b40d

SHA256
87e3fc25747cd0531308c050b801f29b4c6e31930634f753223b23aa1d177ad7

SHA512
9f5bc06816b9f59f82aa27c9a4526fd739a61ade671c3cb01f71985a071935ee2d4c3b44853ffd055dfcd392eb213b5c480afeaedf41a39baf5965eb65ec85e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
11393a8079929a8681c1ca0ee92a1731

SHA1
caf0acfa18f4e554d9e055c6dd03430040410800

SHA256
e8bd51c98bc7a9cbd2e65911ecde8c79b184661721d3325f4aa247ca330941cf

SHA512
45feb20d2dbe058b3b96f9e24874c599461a34aaf7d5ec397047796040d2416980cf9804ed1d3507dacb775113fa20671de4604872817147a27f89cc9682bc39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f97be6f034691df10a8a2b0c3f106afa

SHA1
62383f799fce0c263854b8626da4b7f5a70ab04c

SHA256
b5145850fe4b693c053a245bc67549d4ba639a9407ddff79a9c7e1d288a77566

SHA512
470fc60283dcfb1fa42079a2720ca36c2a1e8390170f96010aad11192482d1315d4416c918125345d12850ceacaa2575b6fa8575baadaebded169c6341fd1291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bf363c63430fa2b803d7ebf0b56cd4cc

SHA1
89b0652597c5a0835110a5eaa449a917554a1d68

SHA256
9cc09c4f005edab80d35b7eae42c30061ef39e8c8b9bb0540c6e7be410244c08

SHA512
9a09784a47ecdb6db35cb127958117afcd6b81e5cc8a468f3790ffaf3f3a9277d3133ef57295d92aca9f2296aaa5c0a59385bb378f64f68fb81f20613a093e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d5fe56ddcdc76111dfd0e9d2a5723191

SHA1
0d3b8931704f09b35078dc6bdfb15eb54e26aa14

SHA256
918476956c8db1a2daaa548ac9f5bc48d993db13209cbafe891aca684075380e

SHA512
4c4fe984b1d6aafb2c52351adf41feb407dc72d5f710e9b446eac4aad67cf9e20c6cfcc140ea4ac529dab3b6251e94b36ee8b268458c6f1a30fe6399d57b5829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
08891cc51a7420dd2b4b36c41152b6b4

SHA1
194a7195456fb2de16fb02248610d03dbe248585

SHA256
f29b33ed178db64311c41cb85dcae34a3bcc2794f9fabc8f8f22f7c0ba120e52

SHA512
408678001031a8a1583e97317153cc76b526cbc5ee978ace5d0738b6b69461a0b9ab8ef19a39987608b344aec2fd79e54a267dbd15763c5faf1742db12e06ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580dd6.TMP

Filesize
538B

MD5
bfc200e910c3fc718ab6c447124ccda6

SHA1
bcd0243e738e29b0ecce2a8454db7d342a1bd703

SHA256
d41e1deb764f8309e428fc7bfcb20704adbbe4259d79852ac977bd7f1bc0dd39

SHA512
66d31af0752356957045ffecd7d388a6d2499d7d050550872a01cb4bc4f4381ad133e4bc1226568b1fd20d5ed402287878561b333295b1a39840fbf91ea7290c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
917a01e8d07514f766e395e4b7d211b0

SHA1
ed4da8caa44ce41b2a9b42417da3581a68fd9031

SHA256
374d0bd04ca7e31f7678f959543718b3f471dcd17dffb8f51f1fa5cfc594027e

SHA512
a7abcc3c753c4b9061b32ea351e78d4815f04e5d0fdaa724e809b8c766daa067ec73630e86064cce94b36ee810722c10a28de7b7e2b4e68e5b7089deee92e9a9

Download Submit