hxxps://pulseward[.]com/

Analysis

max time kernel
89s
max time network
93s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
08/05/2024, 17:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://pulseward.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
3468	msedge.exe
3468	msedge.exe
684	msedge.exe
684	msedge.exe
2360	identity_helper.exe
2360	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 5004	3468	msedge.exe	79
PID 3468 wrote to memory of 5004	3468	msedge.exe	79
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2184	3468	msedge.exe	80
PID 3468 wrote to memory of 2188	3468	msedge.exe	81
PID 3468 wrote to memory of 2188	3468	msedge.exe	81
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82
PID 3468 wrote to memory of 1824	3468	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pulseward.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa636e3cb8,0x7ffa636e3cc8,0x7ffa636e3cd8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,8208772890702254761,16998847841858599077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\09eba55e-f0a9-456a-b3b1-67ffa4f6325b.tmp

Filesize
11KB

MD5
2edefce631808d3511dd1fa6349990ed

SHA1
cea56530849f82982365bf85c5f8e02ec0865a16

SHA256
b385b601049bdea6c8fd1761f22df122f01d985627ca2c8a1e0ac5c454cb7e1e

SHA512
5f9f6baed4f093cd142835f0320a43d1e75a615612289992644e33cb691037d380764b7f19719cefc4f7b1a083e366352dd7213b5a6cc8a13a355fb184c4caa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
390187670cb1e0eb022f4f7735263e82

SHA1
ea1401ccf6bf54e688a0dc9e6946eae7353b26f1

SHA256
3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947

SHA512
602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8294f1821fd3419c0a42b389d19ecfc6

SHA1
cd4982751377c2904a1d3c58e801fa013ea27533

SHA256
92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a

SHA512
372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
42532bd50a192e31d67b63c157d56465

SHA1
7b5f342856989ceb5fecf552025dbfa3924fe0ba

SHA256
7e6e8b166d4da2035d16f734d2ad6898808311cbcd09ca37a958c6d3ba6215f6

SHA512
50bf8baeaa2f381ba7f0a52e0a4e3579e22e29322dc8c940c35c09984bb6921b8c57c988a5e445a185ae491b477c3a6bb8e7e6325831f0b3ff2f6158dd6172b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
244fd736686ebdbe780a86f65d98ac3b

SHA1
c2d171420bae9fe93a53df26022ad7213f6021e3

SHA256
976870039e17ed7b661229057486eacf54611dc559c2ebaa4a3a7557089fe55c

SHA512
d2331ce96c14e6b87ab76c187353b0a4b7e2ec4017147fe00237651dfae1a0dfc0d655771ff57021292902ce889d1731cc6158a279a403317f971b4ec8e38ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
63ad5a8c6aff7c78b68428cf7cc5fa08

SHA1
d5608d47adef2f1e5fc47010942382a3720f7294

SHA256
83817e2bc480ac00260893fe3c99ef1e56686b1485add540f1fc0a44cd24d798

SHA512
972181e875e98ae65ac5e94e1c6d5f4a6b371f9c93e19a6592ca5027a0ef3fa3d44347912f15c9cd3751b09455a62bc96354587e990cc10b36d16fa08321f306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2f3d3296d2a600a58b7af2832c838ba7

SHA1
e9812a21ae2f4c6a61ec0ef3c10b6356f8557068

SHA256
72590b33526f296eda0e0bc2f840fcec99ceee45dee93d43813f14eab645f8bd

SHA512
46ee0877428bf5c2d2422a200c0888ae04854d64f02fe7e22b8d1d895b6b927339b6e9612b1e3f02f9dc5d5a44b0e6374e7856d9d48762025b91c80e0d2cf913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
592806efe94cebb21b200dab6fd42ed9

SHA1
646a5c19379a66607242e5935b1ab16bdd080bcf

SHA256
45d72915edda2a38bb40f597607dd1f6d60a2309d7694a466aacf09f7e16504d

SHA512
cea1424f014e9677d3bb288bcc4cb2f30be43c28a1a82881dcc7f53f9b95ad61be79e691bf5e37edf9a43cd8b2946c19779053a7d103cfa3ba7d3f1594c82559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c0b2780fb4123de584b442a03664d554

SHA1
e38c0563bf63e6a0d9c87544bc7a38f739820476

SHA256
4fffe8fd4eca21d72167df323e59b4d24dbcd12511ccb951d91506ebea2058e5

SHA512
b8e577980c1729c21c3f52778934876166c6ae2e035120b8242f6b36c34e981aeab5584e4438344233c3e1815f0479006745f2133f0c4fd5aae555558fb49de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7ef966445f10da4325b74442635a525

SHA1
7e1afa89ca95ac362a69229ac217a02990c6dc49

SHA256
35df3112294c6ef2e2904a41b4a7dca55ab6b38033d98105acf97f2fcaa6cad3

SHA512
c603f496237ecd88669f2e6943f2fea550a87e263ef3b7719a9c2aa72b0b5cfe0166f0c970d3e931543d177f0ecda0a660c5069d133058d7356d515f3cc4c4d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e76797a4327d4c18334d07156009cae1

SHA1
e4edeb34dd12a689c52e4e6052382a59bdf85f9a

SHA256
ffa51350fbb482e02e4f9081763da1267857c4f501f2ca653007788e09a822c2

SHA512
8f1fd495712928f90a563589ab6c446d0bb5d80f69ce32f6e29ce1f520d088c30bbef1fcb0e6f500356365ebda90fbb2a0b5a5f4bf3f9074e16607101745f434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8abee301cdbfb8385b81177b7e4f7971

SHA1
848993b0210b7bf5b1b9eb54d2e5dc2c081de8a4

SHA256
146c0a94e9491d188acdb3b278551244dfe8fe04299c3eca450a15136df298fb

SHA512
2a2603e0b6d954ec45334331bf1f20706aab820a7760ff5ba35e90bd12ac4f94f77abeea0f7686d2723a028d4f7f3c605befce5a55ba37ceef19448dabd03adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d5bc91cd703d809f119ca4c0d35e0111

SHA1
2b162b06605a51b4a39d0e9b091f875e5040bd49

SHA256
18e481d66b93917fdeb9a224616e7353573b4c4aa5489a1371723b8104634444

SHA512
a1c3b7de3b398fa24a76d8018b31ba1e73fe1dffa8bcfd3ec505581cb55ae4a4f2fa1af8f64563ec2a4581737249ea54c2ddce4dd02cc139ad962d1936e1b141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c2ecab167210f7c63554e4fccdacf06d

SHA1
8611202d3e78a77fa4847520e601225babea8fb1

SHA256
388193041e6b36c061777078317d7903165e278bb75215a99fb81dd93d92ef35

SHA512
7b584d6aabf7b328c807af802c43ecd7f1cc829dc75becae7bb0ce3de333e662a4b160b0e182452eec54ed643445174588d03271bd5c9d49358025e64fe7183b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2e3fc0e97041aa1cc9f7bb45c0a31848

SHA1
e76bafa8436674644b7aea04fdc5be6226cb4686

SHA256
ed31665b0f6b9295659973f75cfc5e05c73416804c26f57e24256520f232ea7e

SHA512
1c6afa51dbbacb52ce40f448789e97657c9c9a6978188591bb0381dd8f7fff0b6c73632ff62d98b60114e5f4fa6352a84ed6c0cfcd8dbf9c4ed5f4f25311f856

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit