7fcfb6e8028f4d669c643f7257a6369df81ad131a47fc073c8b456970ffbea2d

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4d42663d252a7e8a80f3cc1563a8a75.html
Size

59KB
MD5

b4d42663d252a7e8a80f3cc1563a8a75
SHA1

fe82e9ae2f2fbe42e5187569eb6639b056712c74
SHA256

7fcfb6e8028f4d669c643f7257a6369df81ad131a47fc073c8b456970ffbea2d
SHA512

e9c6774e87bba3dc768cc7a6ce81c7f9d158875c2a6103f9fe202571936999eabf868d472ab1ab7bc492b05c677573308b7e05716cddc48326d5a1613d6e440d
SSDEEP

1536:SO2+enNSxKItMFXoWyDs4F4FEFdFuFvFkF5FnFPFsFiFyFT/7+:SO28Vi3v4iaPwBaT5t6sQx/C

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
3304	msedge.exe
3304	msedge.exe
5208	identity_helper.exe
5208	identity_helper.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 3896	3304	msedge.exe	88
PID 3304 wrote to memory of 3896	3304	msedge.exe	88
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 1480	3304	msedge.exe	89
PID 3304 wrote to memory of 4876	3304	msedge.exe	90
PID 3304 wrote to memory of 4876	3304	msedge.exe	90
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91
PID 3304 wrote to memory of 1820	3304	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b4d42663d252a7e8a80f3cc1563a8a75.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9845546f8,0x7ff984554708,0x7ff984554718
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:8
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1866266763748756326,2965299199202705750,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
14d68782841e215f9e24d22990276356

SHA1
7dd5f4e034218d4237108818ba80eb5a540c046e

SHA256
d34fe7308786b5c94a6c57afe394bf587f29fe4b61ad48e9951d2ef3f2db1849

SHA512
c1eb8abf3bd3211c14ce52010d01d3c7ab54ba8803fb40968233b1e7bd7c34481e5254f6bed3fa2ae4c978d3d146e9115c2b802ee4d47412b19339976aecd071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0772b5195fb2e9eb1856dfda367abe5d

SHA1
ed23496597317b34b3517c80da61966ecbcb67c1

SHA256
cf6895452ad585d57446e9c13b0b824408feebe7772847510389582808946a50

SHA512
5b269f0754b9dc7382f45e5d5d5c7b46e59b5fed6176eb2f72bff2f2a45317d9bd401f8fac59b475e94c6301ae3a7f3a31db4c6311823ebaa30846a79e069e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c536c8cb55ecd0fc76e54011076d88e2

SHA1
f38052913fb4c1aa32281c702331e95977ada0c0

SHA256
3c6607b89c1e7041f60c911aacd084d0de086ac01dd7dc4eb3cd45d4e6f5f162

SHA512
b59538e40c38711d6589d6e6c4a004b1c34c9781be96303bc637e2d2ba87cfd0e8633903779956267089be1214a85cd5e3b4799cc2e06a4ff709dca852f8728c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e9ccbc0b38bb5537bda8ca636e474cb

SHA1
5ebdead3bb96a3a3dfa2a128c2f377982d872703

SHA256
805a49abed5938b6afe710c0a1ff924cd9b1b50d70dd9c9ebf90364939772637

SHA512
f3ab7de4ce76094103c165c396c8f5c35cfd52d85cd8240cf87c0fdb9b04e6cedc4f844e61fe4b8006a1bc04a26dd52466b94176248dadd6fb006ceee253f1a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
41d012b9ec7a0d1685c1f050b4c648f4

SHA1
da843cf32d0d93aed0e4b3aa75e7200ad0aa96cd

SHA256
88750a34e800a742516a0c3847011dfd777b410692a3e30e2f36bfd997f2921a

SHA512
757dbc8f70411c517ab96cd2721837eda8d4f11920034644f5540aebb1b4bd1db500351aa3850647b19186fa45a28442343c5e76121385d045820638df6cf2f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
864eeb8902ab41bbe3bf55fe21ed706b

SHA1
a7966f0768f9858ebfbfc902d74c55736db0cc00

SHA256
8968fbbdf30919f63dd079c170feaa5ee68b8d235fd0d38a1f41a01a23e628d7

SHA512
ccb4ebe2567c60907d9cede5b4a7abcc80714d09137c3824c6160340b495158c45d5df7bd5ced2f913578a9115b42aae07e87c62e6e8ddc13e463c9bcf027793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
16bbd7510254b556707400de3c2b66b6

SHA1
25d4878090dc5619d6f1d927c12317a538c83897

SHA256
2d0b1fea8df8aa9994828c57a8cff59267cfe4bd67015327525a205771fad80e

SHA512
9c66ad3749c6a6ea5ee7dd98349e609913b802713e799f83bda319d17a5124f7f250922d7008028d63eb68a65de7cfe7ef9ac32e9132a9153ea4823d34425ed2

Download Submit