hxxps://notifications[.]google[.]com/g/p/ANiao5pSkNFm0RflzJ3vKkewyuUtFpW2AhAKvo20D6xvA76OO6ZsdGpgtSKWNq2fokmb2S3N51pP2UqORqK5yh_l9Xr8qZHxbXq4vOu7sKIWL6pwL5g1aav9QB8HTcp9G4WLzXSMUgwKyrEW4P_aK3Pxwem4nESfYeJutDtVrYytxd7z6KCTRkFnW0IbWmJ8HAWnRgOhLb_Tbe2QONn5ytYasspLrkdVqemI0amohLjk2uPYbALKa0wOADexvePOz-dn7l5jE6I5HFl1gx4JVPTkbuKtG0lNEQiPWz4eVVq3xNokx3pXGWaHZQP67bm5ZT0XlnPmuNJSDTm181brtozCWKHD5BoStG5BHkLfQcSmlC5SbUb-vz6lCP6PdolX-yLharsu8IafEVfUQ7vf_WnqPNwjXPXxL0JvT9VyEulDBjuof8G5GM5vIMnkLEB6hyZ2frk

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
16-11-2023 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://notifications.google.com/g/p/ANiao5pSkNFm0RflzJ3vKkewyuUtFpW2AhAKvo20D6xvA76OO6ZsdGpgtSKWNq2fokmb2S3N51pP2UqORqK5yh_l9Xr8qZHxbXq4vOu7sKIWL6pwL5g1aav9QB8HTcp9G4WLzXSMUgwKyrEW4P_aK3Pxwem4nESfYeJutDtVrYytxd7z6KCTRkFnW0IbWmJ8HAWnRgOhLb_Tbe2QONn5ytYasspLrkdVqemI0amohLjk2uPYbALKa0wOADexvePOz-dn7l5jE6I5HFl1gx4JVPTkbuKtG0lNEQiPWz4eVVq3xNokx3pXGWaHZQP67bm5ZT0XlnPmuNJSDTm181brtozCWKHD5BoStG5BHkLfQcSmlC5SbUb-vz6lCP6PdolX-yLharsu8IafEVfUQ7vf_WnqPNwjXPXxL0JvT9VyEulDBjuof8G5GM5vIMnkLEB6hyZ2frk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3656	msedge.exe
3656	msedge.exe
3944	msedge.exe
3944	msedge.exe
3988	identity_helper.exe
3988	identity_helper.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 1364	3944	msedge.exe	44
PID 3944 wrote to memory of 1364	3944	msedge.exe	44
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3824	3944	msedge.exe	87
PID 3944 wrote to memory of 3656	3944	msedge.exe	88
PID 3944 wrote to memory of 3656	3944	msedge.exe	88
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89
PID 3944 wrote to memory of 4704	3944	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://notifications.google.com/g/p/ANiao5pSkNFm0RflzJ3vKkewyuUtFpW2AhAKvo20D6xvA76OO6ZsdGpgtSKWNq2fokmb2S3N51pP2UqORqK5yh_l9Xr8qZHxbXq4vOu7sKIWL6pwL5g1aav9QB8HTcp9G4WLzXSMUgwKyrEW4P_aK3Pxwem4nESfYeJutDtVrYytxd7z6KCTRkFnW0IbWmJ8HAWnRgOhLb_Tbe2QONn5ytYasspLrkdVqemI0amohLjk2uPYbALKa0wOADexvePOz-dn7l5jE6I5HFl1gx4JVPTkbuKtG0lNEQiPWz4eVVq3xNokx3pXGWaHZQP67bm5ZT0XlnPmuNJSDTm181brtozCWKHD5BoStG5BHkLfQcSmlC5SbUb-vz6lCP6PdolX-yLharsu8IafEVfUQ7vf_WnqPNwjXPXxL0JvT9VyEulDBjuof8G5GM5vIMnkLEB6hyZ2frk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b41e46f8,0x7ff8b41e4708,0x7ff8b41e4718
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13874041532783392808,9390941527565086945,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
8ec0d62e84467511da4f710970b921e6

SHA1
6a2b59ead188bb28d591041f1126dc4508a91d64

SHA256
5e118713d77bdb0048a56b280c6056b88d030adf094127f11a08753075cf29fd

SHA512
fcce6e9e31865b5e22d5170d3a362962b1b298e47f22b670d53fbcf0a006bf1086a821afde9dd8c59f699c2c489d16ec102c00204247ffd781ca1d72a4ef3d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
59559518d560d1b8a55a11a7bf981a7e

SHA1
21d8ef4a0beeae194c75f0acb78aac770902558e

SHA256
a8b4eab2dac24c0007b4a3a4f8e3f9f91517f0129d3a0a94f3e456677885dff5

SHA512
83f684e84f202776dcae0456be923cc502ccd43ad78b43285056876f30f5a22ebb9ce482c561a529c343a68156c0368b642b4582268cce033bb96140c24f8caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4920bbec9c4c457e56b661238891c765

SHA1
3fc4c69a895a5a0355947a83a56f7dcd3e8f8840

SHA256
f5b31131d40d94cc839b5b4fc21178f572055b19fe9cc04ac50fa7180ebafb66

SHA512
3cc60554363edf883855f1a341d5980331aa390b79ed4420e0354fa16ec3d65245e27680e89b105c24408ca1df1a55cd8c19aab445043de67b2bc8a566d350b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69b655b1029831626e6a8f1cdd5167b2

SHA1
4d29890d7141258c3091f98cb2d8a5cf7182611b

SHA256
10048ae480aec81b5aa04ac35ab751f6ced8f15f80c088b16558b960e9b33131

SHA512
7f6463eaf1dea1568ba6e36ce0b4dd12e7327d26027b1e1a69939f9703f58b4b064c966b3ea6eb5a0c25bc2f127d0ed589377ec46b55317ef85fc0b44b8dfde2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ebad6ac84a24f63bf682f8519ceeba13

SHA1
506b790c48a6e1c42b0259a175c29ea957e5503a

SHA256
78cb57b280e50a1f045705fdf97844e14c3678b992f0183b6058dcfe85baaa00

SHA512
623baf00277693caca338c6437eff95e2a491c7db1e7ca1c471fab82328e67b91fb1c406f827e44cfb1db7e32a502676ee4746eb3fbc683d5489b42fcbc58cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a38b7871494099895fc7f08bea1a8894

SHA1
403383715c125dc9283114c186af3d002f8e3b85

SHA256
0ad7187fe7d700fc378ea5d5b2f214dad396eaedbbdd14a412af1c19ec9d6d43

SHA512
66839f05be51a03af02c1106aaa41fe5668ea93733345fa629dd8f4e75e6729f7c56b1b37195dbd89513fca923c11bacc9f2c85460197464eb7a98f3b53173ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
ecd0b546feed62623399f9dee234f84a

SHA1
b6a662ed767ec338346bfcbd8c368eddc62dc621

SHA256
d72f7cd77fde340d5be2eabbe2d05281bf1a4faeef9fac0c4ba804dbdbe8bd15

SHA512
d894bcbed4ecd67756779ff4f56aac22047731d12d1135d67c686532ad8530b44a46acc4ea003588c971fd10741d092898c64c12f3736e1f1c6a930ca9952966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c0ca.TMP

Filesize
203B

MD5
c6fb7e5562c5ca0073056efa89b19113

SHA1
67394f64a58bf5a382df9ac44fdd771c94a4b921

SHA256
7ef8cabae9470a0c715a755b16975c4ae1717e8289eeb3227ebbd4058e5c16fb

SHA512
87847d4b2fe0f08ed71473b5f3a8ef876ae01fba2dbd137ba1acf9fec4813301e21fb2abed1ce210051fdac87dc55c2c424d43c1a6e0b9249cd876f1f1326fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8a14609e339bdbbcd1352ba1d3289f8f

SHA1
e5b3c68df6879ab2f02bdf45dbd2002c7f9d8ab8

SHA256
0e7fc2faed13eef1fd968ee84582960dc01d6ee96684885bb1a2e206077a300f

SHA512
4a3f8abea063d103a821d7607f08dedbb1ef67949ac36f4ebc2cd22fb8fd38f2e01e63126a4d8194acdff6705fd4ae618bb43116ffbdf24f8f6b8d67641a59a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
10dcd704a4422775f6990ce3fe559dfa

SHA1
71dbe5ff5d12fc20f2c9d7b53c84000627d559cb

SHA256
e275f907ab1e5053e20445a074c28eb77738c64cdd98e016b830a39ed9126de2

SHA512
9429e2b32c1d05dbe3afb466e3b05672da6eff327fb3f74d7ab76e5becd90e993fb0d1454dcc890484a9186b036183ba2e07b69ceedbc0593dc4ce8216bba4cd

Download Submit