cbe6df2c0d18c9116d4b5fe33f55470e2e5a2dc66778725ac1ed0c0c37858120

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 10:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a39b2051de279d3f55eab9ecdd6f186e.html
Size

57KB
MD5

a39b2051de279d3f55eab9ecdd6f186e
SHA1

3dd5f612c843bf434734087fb1b19fe3b8cd836a
SHA256

cbe6df2c0d18c9116d4b5fe33f55470e2e5a2dc66778725ac1ed0c0c37858120
SHA512

563d6561e7b50fb42d591dd5cf84f40a5a9533805b6d55e8249bfc855c30e06e04dfa6de8bce320da7c6564df67363f3515c354294674c892c4bd63502a46daf
SSDEEP

1536:/vGSAplnBwMMFiBZMo/p/g68Vsq86bg4nQfa0ubXT791pTjB1RtZQwFQe:2BJwTK9pY1OqHg4n1bXT791pTjB1RtZz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
4476	msedge.exe
4476	msedge.exe
4916	identity_helper.exe
4916	identity_helper.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3280 wrote to memory of 4924	3280	msedge.exe	83
PID 3280 wrote to memory of 4924	3280	msedge.exe	83
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4520	3280	msedge.exe	86
PID 3280 wrote to memory of 4476	3280	msedge.exe	87
PID 3280 wrote to memory of 4476	3280	msedge.exe	87
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88
PID 3280 wrote to memory of 3892	3280	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39b2051de279d3f55eab9ecdd6f186e.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe46e46f8,0x7fffe46e4708,0x7fffe46e4718
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8177093833115056098,17303320654965080627,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
360dd5debf8bf7b89c4d88d29e38446c

SHA1
65afff8c78aeb12c577a523cb77cd58d401b0f82

SHA256
3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

SHA512
0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fbbaffc5a50295d007ab405b0885ab5

SHA1
518e87df81db1dded184c3e4e3f129cca15baba1

SHA256
b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

SHA512
011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
21KB

MD5
d665d41e652d713020dccf0a25a7171a

SHA1
d3a4ac6b1f17825c105958e3590cad5e4e7e3a2c

SHA256
1af1748db5992e49dca425c2a4978e33860ac81a80ca24e08fd9a6556598f8e4

SHA512
5102ad0f2eecfbcba57acf1d51adfc08746785fc68580aefce8e04005faeafecdee4c1460ef7f62d775f8c9fe06afc41c60b768c41b5f7b0315acd45d5995d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
44KB

MD5
15d236690ae6ed6285bc3260340703be

SHA1
3b8475145f5f25c9b6b93a260b30ada4a4279b76

SHA256
bf521348d31946bb4e6d31c338e6efa0961ee907f4f871b1e9781a849dafa792

SHA512
2eca25be9587131ba4e4e4fed86283dbab3f959299d79db056619da072788c6480e5244095de5c84a58c40bf1f5b7bc808ec94c84fd7dca99464eba4f511bbd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
ed894ddb9b972ec04f42d0707b6e8318

SHA1
6be46deb5617889b654bfdeae5313f114d84d083

SHA256
5df24bb1f3c78d404b437291f8448bd29a809eb9bef45f1daf4178a52ec4d8ee

SHA512
4b1492d0b6fcf938adf1cb715990e9c10079f72897675556ad591c7983086ae1c5b99dd319d6478166f1cbda7aba95c986710d0e58b74414fa8e801e0b39640c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c9dbb240380fc5edb0a7ae41f5f0f322

SHA1
fd538e0889da02bc178fdeb58ca8635be3293573

SHA256
b567bbfdffb0d11c71616e493e0b0ac779cd262a527018388b17c9e841a51d4f

SHA512
3bceee361d366a024f5290e9e993e1e3b463208bd4065f40d09fc16111900f87f4c3f8763b7df24247a43874b0a87da1c9095067088259aebfd7ddba81fc9a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04b9fb1fcd9159c5b34f56cf9cda6460

SHA1
59b4a79801aa5b2830ff88e0a0de6f5e1be7207e

SHA256
6daf4fe307c19857a374eac8ca0b02e7332a0e77e6cd81d0f0a993e0754cc3d0

SHA512
af9f19bb02ffd928e3444b83de1a2c80ff08f0a11e1f9acd4be54aa967310188d4b294fb00e8c1631290dd000b67446ef6820783382fe9105a9b288749dab217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ece41a5ae7d599c567f09c3f4689a05

SHA1
766d74ab673d024c284978529ef982cacfbf5e49

SHA256
13800ef77d3ce4002bedef9638a256d1404d315eaa64f82e027844e7df9fb21e

SHA512
301102af1b560d3263f8401910cd50be3fa38bda44b0972d45072878059ff908ec4d9ba564c50e6dc60008e54042135508a1430d0d1a1b59e4e46da480a6928d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
037fb048e2243d9d9794ca13752b585a

SHA1
00ac8a6a8dc65eed1fdc2e1f0097aa20e4c34a16

SHA256
9f80265eac04f4903ad069dc12c76f174eac8e7f7959d114faf487daa7bc5114

SHA512
738bfc3d2a8f69c636d9f7c8ed8b353a1b32009639feba74a5617da0303b89e989e83511fb766acbb15182afcb11f47fc5f881d7514e94d9ebcb9419df0fc873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a25c8d666197ceff5727a105543f1976

SHA1
cbf212c3c18a772685182c0a9bf18d20f66db87e

SHA256
b687dfcbd47e01127fefef42335ee7077b61ef9e476e0cd0540fe3507e4933f6

SHA512
b93b1bf77c88f9481a0d0c104486f2a4c1c1f70c2dc9d4bcfb5756054d82c679b151016e485dba52e34b873ed9d56e913e50df5c4753880cad2848454cfcfac2

Download Submit