hxxp://Google[.]com

Resubmissions

02/05/2024, 15:35

240502-s1kstaca4w 1

02/05/2024, 15:32

02/05/2024, 15:29

02/05/2024, 15:27

02/05/2024, 15:23

02/05/2024, 15:19

02/05/2024, 15:16

02/05/2024, 15:13

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2100	msedge.exe
2100	msedge.exe
4760	msedge.exe
4760	msedge.exe
2064	identity_helper.exe
2064	identity_helper.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 3380	4760	msedge.exe	84
PID 4760 wrote to memory of 3380	4760	msedge.exe	84
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2092	4760	msedge.exe	85
PID 4760 wrote to memory of 2100	4760	msedge.exe	86
PID 4760 wrote to memory of 2100	4760	msedge.exe	86
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87
PID 4760 wrote to memory of 4860	4760	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa643846f8,0x7ffa64384708,0x7ffa64384718
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3446991967238997587,5588833976431239488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
04edb096bbd6ee457fc26045d1a3c7b1

SHA1
5163c1bb787833f398f3dce2da794e0a9f123edc

SHA256
9cdea26ab558e722292012dc8c3092a7a3a7b2e57412b692026121f24a8f3e65

SHA512
698dda787e989e52cab37a3649939c5dc66b4bad28194de7a40080666f1952ed31535bb997da66f85f7eb8ec683f0dfa3136e4f38c6745a76eb2c0013ab589d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
af5ba45e227b0b4a5cd67bc7e14070c3

SHA1
d3b1efb3eddc579a9b2b6bbe29a524a6275a9d61

SHA256
1fd8eaf5ef5860cfe52af644a66bd079b323c16043fffe69a7db36023b13730f

SHA512
d76356248360c202097ed3aa864f10579f95a2db9fcd02d37f998e12cda2605b437ec1f3dab4d7d75f2b1d7a18e0221de1ce8ad7617692620db7f6fd34fa2e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
8ed93c734451b58efda5b9fdaabf8c0e

SHA1
a30c95eaba616b53ca1e3d7154bb40c0c631c40a

SHA256
dece1dd5f30515e65ad4f761264338ef6cfbf255d6806cbe1799a8a5ede3cf88

SHA512
444acfe9829f85aac5bd604ecdbdbd468761d114b334c893ae3a969f7d7b38e492b8d6f54d28976f7159ce486726360e7f33977ae8721ad749b92f7b03efeadb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
44510d36a340f69ea579a973d8c5a408

SHA1
814c6bd1669dc0970ff094c2251757f35cf037be

SHA256
c3152046950fbf3cae2701bd15ee0afb95ada9576824aee6d9c15f52140ed0c4

SHA512
4673137fec455ff9fee55b50195b67051a8151950903408271d9507f10c48cfd642e103a908bd5bbd8971ff92651c7f55cb54fed99fc7b5abb4cc9b6d3457997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0103952efe289bdbc036c71bf73b9c70

SHA1
0e9fdd0d7caa214a6cee9c400ed27c0ccf77db7f

SHA256
7204e78526aacb269b1d7c7cc43463119e29c408dfde1d6f774500084b73c11b

SHA512
e954cec3804624e816c0a995d32ee81285a1735528b297d14bf1be6ce1819a8df1f7c6b9132d6758e4860c8f90727c7c05955e3e2d3d4a4720adf97af365e588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
74068c29d46d2102c9d1dbac28d31913

SHA1
5db6f93741fa919c776cd2b037be24df1948d93c

SHA256
b2eece200cf8c21f31882384e6bd53c77b1f42a3f510d4e5a1746964ceceaeb6

SHA512
4fcada19b20d8b6cf948ac0b037ec42d4bf546fc55e5b5cc357c1217b036d24c677f25c4ce60d8e09eadce0c8107d9de46b7c8d065145e213f8a861ae52fcebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38713e41d9d2e0a09f10cba64e746c06

SHA1
d87ba528bb742131b5ec51e73ab0c7a3fff3c3ba

SHA256
56f79e308476759b63216c608f49727a0373f1a819852e46f2dc842fa384dd92

SHA512
72b7f745bdbb72adb1981f7ab4fb64ef48e0b870265f40b51b317da2eff55450e5de9a5efbfcb17383e27d9bfb076c803f4f65e5da1f4e20ac6453db0c9479d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
229f9e5725a1e9bba29d3db9a97519a0

SHA1
9d7d039fa2ea8b5c7e1ffd930621f79156d1ff19

SHA256
7b096cc0d8de668e3848b788099fcab33c3ee6a6b9db483ec30c97d49abf62b6

SHA512
332bebda79200d6295fcb22d39b5cd6a7723b89f86091cf2f972915e3a20d47cc37bbf7ed842bc5c770077184de0501b0f86b1eea1122cdecdf58f755fef07df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
514e684439bc3a881b3cb9dd7419d09b

SHA1
a22ca7d8f16dd10944a88d7a86c18845818c65a1

SHA256
edb73e3f758a02cc6f69739995e78063dd8e9f572b5d170d46b4ad7cf03f5a34

SHA512
f0a77deffac9992aa7a56ce296c7712fe7615937645b5d8736d9088fcd1d232163a7508ad56751784dcfc49416f58c68c4acac9f0881671415e625078c511a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
45ee1d93ed2e8e2590dc753559660695

SHA1
9c94e10e6a4b0e0ac0e01e1c140946e70082a154

SHA256
5a3d4b765cc2c614a8b60eee3e876c1f3c4f93bd15a44c69444c684d5a9f408c

SHA512
a54e032532f32312d3176cc6bb4d84f15c563b6ed41e5c4a79b3c86387f67968c1423aa92ee5e162b9364a3daa7002321bc4211fd6ab8425dd97d3ced6fe25c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
f99ebe5dc6171841d609a4ebcbd607ca

SHA1
4c55c1f5bdef75b4279bf587d14e17401da2b230

SHA256
1e253a162cb9bd72ecf5d98f3c8b52abf3aaa5b571d922c1b0d743b5e05e370f

SHA512
36f89100b450de278d228f0973bedf7eb2f65e32a6e40555763e2d5996e0f24167a5d68774fc546ad3528bcc7cc7cb07252d75c49f36e9554ffe666e2d62a10f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
fc49e4b1a7b55f33150ddc9de6d082e9

SHA1
f1d2cd7ac1fdd4af0480cbc4b3f88d8b18a8b860

SHA256
e50ead323b7e7371adaf5993e3c59bce2c64a4974c612ad5cf5196ef3949c492

SHA512
8c33795a92239da91d6b62231fb4b43e5f659d256f0645f0c20c523d926618f2ed9a788ba3c5af2c108fb8d50ef674019e94a44a711a7bdabc707b8e6d26f460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f145.TMP

Filesize
202B

MD5
f29571b908a7fef6c5ef84120615913c

SHA1
fe0e6fb68274c8af782b49b815488481a973819e

SHA256
d76017990de275b1216b957182da9c6af4cefaadd161cf97c379244fd0c20bba

SHA512
888646ceaa76d91fb60c02561048d3dc99154dafb1b1fd2cd2a2cace579a646d4646cf4c9806ae12a20662f78e3ef946736dc20dbf88b13a3db490d6698c6af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ce6cd689-0adb-4e03-8600-d946ebe3a336.tmp

Filesize
204B

MD5
018e6142915ddbcaa992be3303b8c108

SHA1
4080e4d9453020a2e212ba0214ce79dfef17bc42

SHA256
52ac299b70c954ae1649f9a11d73f581778b19e4d19772e4f88d309ee7efd88e

SHA512
2f8353fcbe1c9ed55348f4887ce61ed9abe6fbf4536b069c8c9fe8f483b6cfd316001c74c4862ff36d9d44bac2e33b44c8b2092621f7d763120609f573578c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f5fd63a3e5352c770e0ecb29580588c

SHA1
8756353c172e36648a227161a1d34cde59c91d4e

SHA256
43c31fea03cf6faf41e8d055f0e4fe3d4e99bd8429d7b18801f7f2898273e73b

SHA512
48461d9e4c026e40fd0a0f898eac92a020ca768aa24d7756dcef23ce3410505869aefbcf75d0cfeb22cbc2ad53b230cfd93387a42164707f2bea7385ba8084cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e7ff1691e0b82b537ba00f694ffbc4cb

SHA1
6a436d6e336e5086dbe9d2b0962e02278654a924

SHA256
e7422823a4eee50f447bf80eb2d4d6134f49b857adbaa030d49b882122fff081

SHA512
087734b474eaea7fbf313a4753ef684e5fac0f3b946f03b19299405ba2d28dae35cdeac41ef4690a56f5d2aefa087fb12b0b00739ae01e50dd99cd45603c89a4

Download Submit