hxxps://trk-mkt[.]tason[.]com/CheckNew[.]html?TV9JRD0xNDk4OTAyMjM5OQ==&U1RZUEU9TUFTUw==&RU1BSUxfSUQ9c2toOTk5QGtvbmt1ay5hYy5rcg==&TElTVF9UQUJMRT1FQkFEMTI2MA==&UE9TVF9JRD0yMDIzMTIwODEwMDAxNTg4OTIzOQ==&VEM9MjAyMzEyMjQ=&S0lORD1D&Q0lEPTAyNg==&URL=hxxps://r20[.]rs6[.]net/tn[.]jsp?f=001c3--srKJWr0bzGZGGMGPKzIAruoRZinCoKXZht9K9kEWTmkHiOjr0-4a1u0kkeQ1fi6ZmaLM05clewDZZG8aZbQ2HKv8FNaqoE2SnOARfSADnzLJaMl9jdSAypvOq3hCoL6sBYO6WZKAFSI0QcoA1QCvJgig3e8gqFHGOnEokhE=&c=&ch===&__=/qwer/ZGVucmlja2xld2lzQGRjY2NkLmVkdQ==

Analysis

max time kernel
164s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2023 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://trk-mkt.tason.com/CheckNew.html?TV9JRD0xNDk4OTAyMjM5OQ==&U1RZUEU9TUFTUw==&RU1BSUxfSUQ9c2toOTk5QGtvbmt1ay5hYy5rcg==&TElTVF9UQUJMRT1FQkFEMTI2MA==&UE9TVF9JRD0yMDIzMTIwODEwMDAxNTg4OTIzOQ==&VEM9MjAyMzEyMjQ=&S0lORD1D&Q0lEPTAyNg==&URL=https://r20.rs6.net/tn.jsp?f=001c3--srKJWr0bzGZGGMGPKzIAruoRZinCoKXZht9K9kEWTmkHiOjr0-4a1u0kkeQ1fi6ZmaLM05clewDZZG8aZbQ2HKv8FNaqoE2SnOARfSADnzLJaMl9jdSAypvOq3hCoL6sBYO6WZKAFSI0QcoA1QCvJgig3e8gqFHGOnEokhE=&c=&ch===&__=/qwer/ZGVucmlja2xld2lzQGRjY2NkLmVkdQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
5048	msedge.exe
5048	msedge.exe
5036	msedge.exe
5036	msedge.exe
3708	identity_helper.exe
3708	identity_helper.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

5036 msedge.exe
5036 msedge.exe
5036 msedge.exe
5036 msedge.exe
5036 msedge.exe
5036 msedge.exe
5036 msedge.exe
5036 msedge.exe
5036 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5036 wrote to memory of 4796	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4796	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 4952	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 5048	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 5048	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe
PID 5036 wrote to memory of 976	5036	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://trk-mkt.tason.com/CheckNew.html?TV9JRD0xNDk4OTAyMjM5OQ==&U1RZUEU9TUFTUw==&RU1BSUxfSUQ9c2toOTk5QGtvbmt1ay5hYy5rcg==&TElTVF9UQUJMRT1FQkFEMTI2MA==&UE9TVF9JRD0yMDIzMTIwODEwMDAxNTg4OTIzOQ==&VEM9MjAyMzEyMjQ=&S0lORD1D&Q0lEPTAyNg==&URL=https://r20.rs6.net/tn.jsp?f=001c3--srKJWr0bzGZGGMGPKzIAruoRZinCoKXZht9K9kEWTmkHiOjr0-4a1u0kkeQ1fi6ZmaLM05clewDZZG8aZbQ2HKv8FNaqoE2SnOARfSADnzLJaMl9jdSAypvOq3hCoL6sBYO6WZKAFSI0QcoA1QCvJgig3e8gqFHGOnEokhE=&c=&ch===&__=/qwer/ZGVucmlja2xld2lzQGRjY2NkLmVkdQ==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb82146f8,0x7ffbb8214708,0x7ffbb8214718
2⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
2⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
2⤵
PID:976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
2⤵
PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
2⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:3012

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
2⤵
PID:508

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
2⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
2⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
2⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
2⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6532071687236320920,6812139203269072949,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3724

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
e812934d16a282f762adc9c2d511c74a

SHA1
bf502350ff6e01a3e4e707ffcf0460c6aa151a94

SHA256
586a66992f419767ad4cbea0bd395c4300a5caa982432c48d10ef9ee7da60b0c

SHA512
81c0052d04830ee4898696f8b9070bebdb67bf29b866f1de9f5c36c239873879943d074a03e2d476d66b9978d51e45a313d3213b862654d850b2e652b093c2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
8d8775ae270efcc08d0b2b9d5338be44

SHA1
d49802390a08cfec85933df7591b885f041777ca

SHA256
9291ac40a4059103bea9d2e27a07565373ababc7374f2167f74e478a9c052e84

SHA512
910aa89606bf135bfc60de3a55209c7bde66497f012426a83540bde0fa95a5ca01915795ccbdbb8adf387f8f80da3e98f751e6711e20867f2de86644973c0991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
dfcd09bb160fb39ca69b6f0b14d9c80e

SHA1
5a5d26c5b1f9385a23043bbf61fcb4cf770d859e

SHA256
0941e2cc9e3a6bc71ea6ad2ede960a092584ee15fa36aaa3764708b8938d0d81

SHA512
a40b8b5ef1a03de1c93a983bdccd80579eeba6bc33b0986cdf750ce41cbf462e4f810e7d48a0e49080e75e7f0746ab0d8d5732ca1f49ecdeb8f8025e64c2b69f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
5c73caa638073b58a7ed9f7cf157685c

SHA1
d2b144b4bb32e15cb24f082ab3b521a950540faa

SHA256
89850a1820c968ba1f831f833c9d35904b7c4d3f28a1d4da61d56362839d18d9

SHA512
6fa2d4ccd251613609bc673d6541ea672b0c7020d17edb759d35edeecf38c79ca32848b99e0623456944ff4fd131c98e2f1aa0c66854d5f447dbfe74917da6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
05b65c52b4899f5a3e56370ba9082c90

SHA1
a1c735354202138c3fb67f02e18353a5bdcdc402

SHA256
b57e837c6ddd9c6cd18bd5f3eee8615f7d1c1176822f1996f44c813705ab4c85

SHA512
db5a8b759821e468ee627ecb8923aab511f53a35aab1c1d68ada8ec4c13b5820b654f08a08b4f383562c96c2f0f4a461ef84be338f0a976b3439fa6abab4a7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
8babc0573ff9ac2cd911d0d394242576

SHA1
0f037b16048070f37ac8cdbeaec957b772694751

SHA256
2a1ae875cf0dcd35bedc00a4085f695faeaecd4bf3dc0bf87da8da8a574061dc

SHA512
eeae78edce12f6db5d6c6b0996eacb69ef535c38131bb4c2750ebdbcdf1f8f74f9ffd602bd834efe101280c2133569f3eaac1193eb44e45401a11d8e970f9997

Download Submit