hxxps://grow[.]lvgea[.]org/e3t/Ctc/2J+113/cv1Kj04/VW99QZ48dgkmW1l2zQw6pfZr-W5QKV2t5cvK5_N4313H25nR32W50kH_H6lZ3nRW3qv52j32SbMbW3WG2jv784D--M4pCqZTRw5YW75L58d4jqmKYW78pZt_6y7CxtN58vSYK1kW_VW3hNz-B5vp2LxW2N6wpP1y-RVqW8kckcl5bSrR0W6p3tTh1ZxRprW9l0ZH85p9XV2W1dJc3W46fPGQN86nvl4QXX13W175kpw3xQ3yZW30Zjs137WGkqW5hBCLP2SKnk9W2wHB5n2STJ5FW97BH6j2zLRbpW2Vt6jt7NG2lhW2lhqST5SNfb4W4mv0yK5GXPjwW1Vy29-3Q71TZW1_YX5Z2NwGJFW4P8hRr1R7XXQW4hgl_Z21sKcVW96Drsh36vtMjW20nsKr4NZ3cRW4Fyklq4GMRmkW7G2wp264jbkXW2qc-kR8xgswpW3vC5s02Rv1mPW84zWd65MGX6Qf2q3QZb04

Analysis

max time kernel
383s
max time network
385s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://grow.lvgea.org/e3t/Ctc/2J+113/cv1Kj04/VW99QZ48dgkmW1l2zQw6pfZr-W5QKV2t5cvK5_N4313H25nR32W50kH_H6lZ3nRW3qv52j32SbMbW3WG2jv784D--M4pCqZTRw5YW75L58d4jqmKYW78pZt_6y7CxtN58vSYK1kW_VW3hNz-B5vp2LxW2N6wpP1y-RVqW8kckcl5bSrR0W6p3tTh1ZxRprW9l0ZH85p9XV2W1dJc3W46fPGQN86nvl4QXX13W175kpw3xQ3yZW30Zjs137WGkqW5hBCLP2SKnk9W2wHB5n2STJ5FW97BH6j2zLRbpW2Vt6jt7NG2lhW2lhqST5SNfb4W4mv0yK5GXPjwW1Vy29-3Q71TZW1_YX5Z2NwGJFW4P8hRr1R7XXQW4hgl_Z21sKcVW96Drsh36vtMjW20nsKr4NZ3cRW4Fyklq4GMRmkW7G2wp264jbkXW2qc-kR8xgswpW3vC5s02Rv1mPW84zWd65MGX6Qf2q3QZb04

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
2104	msedge.exe
2104	msedge.exe
4724	identity_helper.exe
4724	identity_helper.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe
5988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 668	2104	msedge.exe	85
PID 2104 wrote to memory of 668	2104	msedge.exe	85
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 3560	2104	msedge.exe	86
PID 2104 wrote to memory of 1604	2104	msedge.exe	87
PID 2104 wrote to memory of 1604	2104	msedge.exe	87
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88
PID 2104 wrote to memory of 732	2104	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://grow.lvgea.org/e3t/Ctc/2J+113/cv1Kj04/VW99QZ48dgkmW1l2zQw6pfZr-W5QKV2t5cvK5_N4313H25nR32W50kH_H6lZ3nRW3qv52j32SbMbW3WG2jv784D--M4pCqZTRw5YW75L58d4jqmKYW78pZt_6y7CxtN58vSYK1kW_VW3hNz-B5vp2LxW2N6wpP1y-RVqW8kckcl5bSrR0W6p3tTh1ZxRprW9l0ZH85p9XV2W1dJc3W46fPGQN86nvl4QXX13W175kpw3xQ3yZW30Zjs137WGkqW5hBCLP2SKnk9W2wHB5n2STJ5FW97BH6j2zLRbpW2Vt6jt7NG2lhW2lhqST5SNfb4W4mv0yK5GXPjwW1Vy29-3Q71TZW1_YX5Z2NwGJFW4P8hRr1R7XXQW4hgl_Z21sKcVW96Drsh36vtMjW20nsKr4NZ3cRW4Fyklq4GMRmkW7G2wp264jbkXW2qc-kR8xgswpW3vC5s02Rv1mPW84zWd65MGX6Qf2q3QZb04
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa35a146f8,0x7ffa35a14708,0x7ffa35a14718
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7296 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,12873495621913384245,1749872718397693123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a67cf0aa222f535fb321410c8c3747d4

SHA1
3932bb37ae006b35ae12f2b7fe916175256c1457

SHA256
03e80fcd96e89ce47a777645041d28f814a565f9eea117840e85fa0c42bcdbfd

SHA512
92ac21eb0f24ed4fd37c2f77fd08ffcac85297bd350fb45289f4e60d76a8af39b2f8332dfab6385a2c151966637af3b9380dc8367db7bc09d35cc1df63257dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
9ad5f05daebbeaa25b5e045811c5569f

SHA1
de5f47a186cb491d490eaf74225daa01f774deb9

SHA256
a0819c686dd40a2e9970f82ef86d8981ae6103f54595709c88296f2d46f7ff2b

SHA512
1f9473a5b8f84dd909da7d4af15fa9aa09cd2cd50ef4621a6bc522e2296be1b985b7ca7ce88f8bc1dd2659a324449a2eb0b1c76c03cce2d9c9595b11be7e7918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1fbcd789018b830f9a1e8de55546f3b

SHA1
fb2a171df0149361ebbed62ebd481babf057a5be

SHA256
60981f86244946f094ff836e71a5bee5a256900231bf3ec30a704e4f780d124a

SHA512
122abd10511b3e5b32869bd407e3e3bfac60dc5a9216b4a4fadd6d3cc120347bfdca88a4e6e3b4e40d594a64d4c6d9690853d01935723e495fbf1140d7c17222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
4bb2cb3e270b8af7745f295429987c33

SHA1
13bfe142cf5194fa4737da1de51a11630d200d10

SHA256
4e48d647facf484c0a40dc8b736367bc00a625ad0b1655d255ecbff0d9bb900f

SHA512
1616d4b2544b8047d9e6d154fd4f53e2de91d60b0acd0228e88d87ef287836e5c3e91f5085e2412d2002a888500fcd4f3a5d4695ff52250bdf22d3694d465988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
17d78006a0922b264c7c966bc07d348d

SHA1
67c0160138973fef432fe631515aab6731ec60ce

SHA256
037b906336f54e7e566f67b3ba54f6356fafb8cd6fb0bf76644ea1756036381c

SHA512
4fb8b42d03f82bc26ade722ddaefef7b35de0ad2c1a1ba5bf9399cea823fa8290b011fecbd72a5da37b1fd3cf58b29b1bcd3618baef74c7d71991c579ab53824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c1e74d7fb016ec9fb39f2851d4e3a9a0

SHA1
55e5ce9e03ce7e8d3b4c00219e78968ba25cf3f7

SHA256
d94729925ef79c07e249ecb0c26253befc8da3dde518719423c8ffb2067a0fc4

SHA512
deae3fa942601bb75d264e8897435afb4eaeb6df5dfd9f6ab6a5ddbbc97add6acfc78ce85eb3eeeea10889201d8dc1838c9b5f9baaf15ec8f5031074fc16b5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e6577fcbebf6079a519a0f99b4f46ecf

SHA1
cceb4b37b5e8a2e4d13d994cd3530e9f86b620c2

SHA256
2a9c2e329a19e476ba2db131acdcd1c65b1f1f62727590686c842e3b0c753e53

SHA512
7661cfda0a23ee88334e8c7a313767c24544e822c78c2247601aefc64c7071817d4b602e56166f89dba08985e2827619da77cab2e85f3e8ad15cd0d7de00af03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5783b7.TMP

Filesize
3KB

MD5
17f7d142e99eee6e722ea1d1c63ac883

SHA1
07187172cc23e2ae9f0fd0c261ce63229afcc4c4

SHA256
4dc8f3ae01720f32de672b7c39d7dd0dbed4edb7b49f6d9d30e5e6430165dc43

SHA512
0eb9a67c3448de1f99e6a9a48ffa82244b772c9e237fd5ba21de2ffc87863fc4f4514487c40f72af9c6e9b68881ece47d6603a162edda5b0ddd6b46be67c6f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a1efd0e69b03aed917dccd3fd3ef79c

SHA1
2125636a9db080c380c41800874590c972094eee

SHA256
d1dea5adeed14016acd04a0ce43b8f1035d46c6d3a0c8f16467b02a8b6c2c6a3

SHA512
239530b833dad1e5e5764cd142aa61ad912b2ce656300aba87d59635e2d0045f3a6298d15822c15b39c79e1cfb3a9a04e0c29ed3a2adf9fcb2a57af548607b0b

Download Submit