hxxps://www[.]amazon[.]es/Estabilizador-Estabilizadorcon-Bluetooth-Youtuber-Compatible/dp/B0BGBNZ35R/ref=sr_1_8?crid=2RCN4LVLE3ZT0&keywords=estabilizador%2Bpara%2Bmovil&qid=1707911099&sprefix=estabilizador%2Bpara%2Bmovil%2Caps%2C150&sr=8-8&th=1

Analysis

max time kernel
146s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
14-02-2024 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.amazon.es/Estabilizador-Estabilizadorcon-Bluetooth-Youtuber-Compatible/dp/B0BGBNZ35R/ref=sr_1_8?crid=2RCN4LVLE3ZT0&keywords=estabilizador%2Bpara%2Bmovil&qid=1707911099&sprefix=estabilizador%2Bpara%2Bmovil%2Caps%2C150&sr=8-8&th=1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3256	msedge.exe
3256	msedge.exe
3848	msedge.exe
3848	msedge.exe
736	msedge.exe
736	msedge.exe
352	identity_helper.exe
352	identity_helper.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe
2132	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3848 wrote to memory of 4932	3848	msedge.exe	72
PID 3848 wrote to memory of 4932	3848	msedge.exe	72
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 4724	3848	msedge.exe	77
PID 3848 wrote to memory of 3256	3848	msedge.exe	78
PID 3848 wrote to memory of 3256	3848	msedge.exe	78
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79
PID 3848 wrote to memory of 812	3848	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.es/Estabilizador-Estabilizadorcon-Bluetooth-Youtuber-Compatible/dp/B0BGBNZ35R/ref=sr_1_8?crid=2RCN4LVLE3ZT0&keywords=estabilizador%2Bpara%2Bmovil&qid=1707911099&sprefix=estabilizador%2Bpara%2Bmovil%2Caps%2C150&sr=8-8&th=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffabf6d3cb8,0x7ffabf6d3cc8,0x7ffabf6d3cd8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,2564639834029830585,685631507844286427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1328 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab16bd4ff2a8053c32cae8e2c4d25a66

SHA1
c1e041f30745a24f337adae3f4561d0f94f9e7cf

SHA256
5bafe572e81800f2a0bcd73872edb58a34972bf6134fac1432bdda1b7c0ebb70

SHA512
e4d7ee26645efa73e97b3453de0a3cf4a2374f758f625fac76e074c90413ad22fe17183e1611d5262cd1012da41a8d80b9718912af6bd5d807f4e972f591e69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
23KB

MD5
ac46317060449e1c0fffa0059c8874bb

SHA1
2284f72a73cdc0f10a099787341fd9a7ff781f08

SHA256
8f30dd7cfd11809f780d77b8ab80ce63fbc1e59bbf1e9110ec5f46ca1ab42645

SHA512
022c8e096a85e9a735b1e8877887f94d77239e8764d848eb90b7b665c77d6882da8b8ec8b11400cc9680dd911d28a222f62ef22d2124c80cfe67094f24ce0204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
23KB

MD5
45a0d587f3cd5fe4226efe4362c390b4

SHA1
4baf81726839c2653d8d9ce6b74d85a7a7c9977c

SHA256
6d3373e2a5a4ee3b4161535a0b451d0e836eefa63890c2e074078116f43ef491

SHA512
aef7a2c39715fa8ae7e8381b5cdf48f1920ae8c83934edc4381f006304c2e45f498bb978272737bfb7e30b9dbabb9ba2ea97e98bcf630ea770d75be566b02a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
21KB

MD5
ea08a38f6c184980490eab3a0c4ca80e

SHA1
7ee6a34ecb3e3bdc36e790b58ce051cf48d0b1ca

SHA256
6318fecb5bdc122850ca3c909a7de8f166b694499ac9558a8bee770da2668e23

SHA512
8e0a567c4eabc77abfc4a98a81b9906f853505c2dadcc696385142e3b051c5b0c96de7ef9bea6a9aeda2fb502899c937a7fe1ec1c32e2496e10d3f23affeddbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
17KB

MD5
76bdfac7382c24892429b36effc508cc

SHA1
662e57433f9ab8356d3e7330984670712a32f727

SHA256
86d2c0e93d047e049a9e12580ebb1dd06ae71b8e39240b0655d15dadb5005896

SHA512
769b87c5df9eacd0cbaf5ca5f7f77ddf014e9458444e4104d6a6c324d9ebdcfef2e680a5fdcf89b560db8c43ea533f4277f6b97f08982369740c55e6d17b35d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
158KB

MD5
17ccd9117081c858b268d939c7f8a9f0

SHA1
296863e9283c8badab9e1934820856110a062032

SHA256
2b58e72f41dd494f31578897835796bbe64a8905fede7870269db0eecd5a30bf

SHA512
4d12fad3d2c403843b7012fc5ba323020441225823d02f5e7e4be0a5a8ffcc3c42e9552815ad54edc568e97b07c4d78093922342bb203a5c7505cafdbf46b8ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
87KB

MD5
6be402b2614cb2e0e8e7f2b55efaefe5

SHA1
81e6991a5ddfbc73cd7bc24e5ff49ada6658a69c

SHA256
9e194e1a60f5fa467a52d52d1be8bbd1c672f5e351a393de226ceabe48ebfa7e

SHA512
33599cefed515be6b00fd5173ccb1c5464482d2c571fa9b9b56dd3139afb9cf39de436fc803f20d941c4b2674a89184dec565b51b69bc37e96d8ce94d50498c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
319ff30dce95ead924cfd06bceb431ca

SHA1
3cb2f013750b149e1e885503ffd41ba243b47da3

SHA256
f036389ad6b0d260fcb1a221b67910a9067ad690a7252bc439f8e9ed9c7032ab

SHA512
6b6767a05a6a501d81008484eefce1afc103f950c9bf2e11d4a21de7ac0ecd436a3abebb89719203ebddf43f1269d32cd762194cf39b88ed32d0a423ec91ce49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
852B

MD5
bc3ea6dc85707ba755c890234fa45230

SHA1
35de94ff1b1fcb09d79a048e3e03923a0651e589

SHA256
1e6ae8b04d0407d11416cab8a1016baab81b1c32a8f05c4040231122be2671e0

SHA512
52226b7235cfb13dcf6033ba98b7c74acc297a8ccb75751fac12cc326e4ddcd19391dc25addbef5b46b7efaa01e09789736220dc438693c9a8670ec6c29d11e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
852B

MD5
7e983f26bf50e0bd5f1524f032f0f11a

SHA1
a2d57338588785efaf9b93561f01796133e009b9

SHA256
95d1f3b33fc2a89ec6d84446f550a21a7f9b0d745ea98f417f185be0966812f2

SHA512
35a11256c88b8d9ec0010f1953f85d213c9e2b4b533ce7b36abe91c564f76560312ac270d9256f773377cf113bd2526f4b8abfa26f21e0e0c146179f6bad723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
699f5eee28530d3d24e8a307d1667a40

SHA1
d1fd9bc67b55e1dc646006acde2566b18801e67e

SHA256
507b4080f96d2c3201db504c34f93ea9c7546098631f6dbdba5b0e96a762af0c

SHA512
be64165d5ab055ae901d92bfaa24ca8a911deb72e95275f33ddc11c6ba5ad5d28f9af159e9ec9f9ce6d4f5fcc54013a426f6a454d4ef7b91bab3521b5060cb38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
496bde199c640a9ff086cded9e02a156

SHA1
9658dc3bd2ace03b01ecdc494b1e43ed67bb2e8c

SHA256
a0b50d1244fe785bd40ad43fdff9efe55a285cf4d91690684d6fe69fb71666d3

SHA512
2c56b6bc54aa5de64cac4a9f8d17066fe20364e587246776d9bc7a5eb92fe9263b179b0c147d82101f72ca379159ec5cfd71994abaabda818e762bd3e58abe6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7522d5cfbac3569cc19e8ea0ccf43d2

SHA1
93bf2e769cf40d2acbff42c73127b5922330261b

SHA256
2beb56cd23cf86a62a7691489aad62515661105a8afdd6c9f45efd7504c5340b

SHA512
88fcc84fb49f1b811d299a83289a6811e53677814e81c074280030615e06ba4bb5d46081925b8c39fcb8110e331c3500fe907a7db6d7ae5cb980276ba699f017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a69385e007f081dc761a981bc7e5d012

SHA1
82e34abc1fcb4c7feb8591e40c47cb71955f5dd4

SHA256
fda93531a8a189eadcdc6f943efd311b5830ebc37c2e19ab2b88db8198cf3f21

SHA512
80cfb17936f7530bf57326394f26f9f57525150fa132e7851cea6c37d3b25a1855eb4663df31f699082e1ba1f234f572664b7b9b8e9388a7f9e93bd7ed6263b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
ac2b1e1028003f95bdb29d2cc74186dc

SHA1
b3d75c41f59e96148e07ba1c10d27f67adfc5d79

SHA256
8b5480e0e913fbfd94380c8b791244d03a71a0d054950836441425e1727ba383

SHA512
2b43d48f809212b459e53284446f0dfb23de64cbd251dd76350115910b11e4605469ddb41f2bd31aa9a98e652790d6928adee38b39d4fc4e9107e6a4f7d20e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cb1341a7c6a4c3e1e35510c1d90778d5

SHA1
4fa27eb155a16e235cc740cd3d7d62da736578a0

SHA256
c5ef7eda23255e784d52d5190700dc5cc767181f9a348a3a9b9173eca9a79851

SHA512
ab7093f15aa0fd1b4312e5160074a4f9e235a21138a0c95c0208a6eb9b8cea2add5f1017fafe88a8dbb54d9145b0befad6b5382baef43c5fc172cf35435b3bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586174.TMP

Filesize
48B

MD5
e876dd660653e230f9ae6f661896b95c

SHA1
60e25f4a87486a222bf73f4bbb06ee70e34870ef

SHA256
5988bac8c74a6046081f79be36c51b26598420f4c707b19c7c6df3a8b48316e6

SHA512
b356828269622421437bc8cdafc1f00e670efa673e3e32bac6b5745dd28ac397f053a20f1ca921779ec319fd0d268d71d2186292912e700e67789c62d445606f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c1c93c1fbed709059c9c00dc0ee1fb9

SHA1
c574a70a7735596cc094b02952b281833f90da8d

SHA256
0e7cf0af9bd56f16cc7e31c412c870ae480dd4bd968d6c811fd64cfc5ba4dfef

SHA512
6451f81ffd1bc54926ee39e82b65f6eaf7944ae504f15721eb54caff86b9dd9a1b1fe1cc5ef09eaa5b6165e0b33659c386bfed3d8c30920e3e33827aeb515b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d78f4b755d94664803051b23e391548b

SHA1
d7db001e99d192ada628c5fc0556f938e8a28271

SHA256
342c181a519ba9f24cc182df4c254711756b8f294fc9a0129387c32c8af82789

SHA512
3bf86cdc7d3695d9dc141bd6e9cc2d2d7424e36a16e7d65a0c7e5bae796c62a61b561f254b4f9516f85b95653f0793083c7f704460e8346f43965d6185536aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b0dc4d9d0a5f9d33d61ad5345798351

SHA1
ef8f38b356d87c25b3ecf9b158b51ee3ae5b54e5

SHA256
7e1ae9df1584ccc4de9e8fb1e371962f328a0e8e0a689136ab161edadf0948b8

SHA512
f26c82cffc2ead91dcffbbf15c4076c65dbb913fdd55e5dcb18ebcf3aee2d98ab05a14b961a3bd0b797f35e049d561113afa6254eb690aa70b97ea957442cee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c49c473cb2486cbd5c05f2e2fde7010

SHA1
59a0625354ff7a9188603f6eab0c441056fa3beb

SHA256
a63d1fffce8b16ce8786255c569aa2daa06c9b9a089795eed494ef5fae4c7554

SHA512
45ae5a892d81ad8d879fafbd0af3481fef4b58f954a08dd71160cc9be6b0abacd7197dd336732b8a53f68c824bf1f5b489fdb8aa33aa7324a1a849e5098818e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20f39403915892ad4536e109b86a2749

SHA1
24e69b261a391bcb857e6cf055b22e6fc06ac16e

SHA256
61e6d0f1cff1b28cc43f8baa6b77b17f511a00018f680256e899f221e2f2b59f

SHA512
a79f63e9b533a795f9c348140d8e8534139d482fd0b5126a7c216bb894118907d14f66ba1d6c21bc269f5ec2aa816eea7af8c3d1b3bac8b37a1eb6823a2587c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2da518758fa076eb8b5ae71581d8b108

SHA1
26cad6b4dfc7040987c7337adb716336e322ea04

SHA256
14e7ce940bb0bd67460d1189228108dd50f352341d9ece9bb30f6284a926b329

SHA512
8271e0addf56188a22497834c848aaadd8530827589f47c980c2a1a768b6e26c9177efbad861f50ea299d6504632d0fcde8df57cfc28c23cda05839b47abb9c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5803c4.TMP

Filesize
203B

MD5
537f3856157abf4c96c905f6854c1a06

SHA1
a996ee436f6c67b52715abea6e85918b0fe784ce

SHA256
16deed02ed952d745b8c0a229b0584b5ddf7d97db78e373adea59dad4b225368

SHA512
692a19c2e62542a445e282fdccc3f788d21b875aba916bd4e5b041a3ea8a7332131d9c677705ec8187fe2b14525e591f942d679df4ebec73b75b241bf5966495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4df65ba121f6456363f34e48ba476ef8

SHA1
dbaad7981e3e1290e69a6efc138a28ff80cd833f

SHA256
8d7934b2e49abb4e476d127b50f082d5a831de24e8a28bf3a0e2dc162ef49f81

SHA512
2c1198cc740d8b77185e5bc6251aee4cf7bae84e17a1cc331adf4047d08d218071fcfa60e1d0aeb0d0da28dbede8d49bf9344839cdbc32356336af0bb6389804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
45ecab676a7921d6c92a781274600335

SHA1
736798ac3e36d435ecf4c2c2d34e523851bfdbb2

SHA256
8edc6a16838656fa94734b3186a6a0bc15a89ba5fc840aa7e47a05eb8e504a58

SHA512
63ba5a35af0445fbf302c7f46b6a7c961200c203c5b3d26026e0a3b6d62b08b4584c78bcd4a996c48dcf66b7ea407a7e73c453ef5d0348fe93b0b044a8103a67

Download Submit