hxxps://url2[.]mailanyone[.]net/scanner?m=1s7d43-000AYw-4l&d=4%7Cmail%2F90%2F1715873400%2F1s7d43-000AYw-4l%7Cin2i%7C57e1b682%7C17902772%7C12174482%7C6646269FFDF04F1A20FD74D40B7BD076&o=%2Fphte%3A%2Fitsrl-d-veyeiirchfe[.]nag6yo%2Fy04k5-lmth[.]1-j&s=Hhm-ribNyvFYBXF2LZH8WUoG9dY

Analysis

max time kernel
253s
max time network
245s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
17/05/2024, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url2.mailanyone.net/scanner?m=1s7d43-000AYw-4l&d=4%7Cmail%2F90%2F1715873400%2F1s7d43-000AYw-4l%7Cin2i%7C57e1b682%7C17902772%7C12174482%7C6646269FFDF04F1A20FD74D40B7BD076&o=%2Fphte%3A%2Fitsrl-d-veyeiirchfe.nag6yo%2Fy04k5-lmth.1-j&s=Hhm-ribNyvFYBXF2LZH8WUoG9dY

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
12	cloudflare-ipfs.com
18	cloudflare-ipfs.com
19	cloudflare-ipfs.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1932	msedge.exe
1932	msedge.exe
1136	msedge.exe
1136	msedge.exe
4904	identity_helper.exe
4904	identity_helper.exe
3432	msedge.exe
3432	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 3440	1136	msedge.exe	79
PID 1136 wrote to memory of 3440	1136	msedge.exe	79
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 2252	1136	msedge.exe	81
PID 1136 wrote to memory of 1932	1136	msedge.exe	82
PID 1136 wrote to memory of 1932	1136	msedge.exe	82
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83
PID 1136 wrote to memory of 1112	1136	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url2.mailanyone.net/scanner?m=1s7d43-000AYw-4l&d=4%7Cmail%2F90%2F1715873400%2F1s7d43-000AYw-4l%7Cin2i%7C57e1b682%7C17902772%7C12174482%7C6646269FFDF04F1A20FD74D40B7BD076&o=%2Fphte%3A%2Fitsrl-d-veyeiirchfe.nag6yo%2Fy04k5-lmth.1-j&s=Hhm-ribNyvFYBXF2LZH8WUoG9dY
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb70913cb8,0x7ffb70913cc8,0x7ffb70913cd8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,8002901967695014051,1563520144200913249,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e1dd984856ef51f4512d3bf2c7aef54

SHA1
81cb28f2153ec7ae0cbf79c04c1a445efedd125f

SHA256
34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

SHA512
d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ffa07b9a59daf025c30d00d26391d66f

SHA1
382cb374cf0dda03fa67bd55288eeb588b9353da

SHA256
7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

SHA512
25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d9daea19299070897e01cad85b96782f

SHA1
b57cb9b969f33df46aace85ca02c31a7b2bbc9e7

SHA256
3e794f6ac2760e313d5cd2673f055c1dd80947174e21c7bab685051b01d9be33

SHA512
4b74e66a6895e365920445e6b17b382a67376a8491dca5afe4321835494060558c9eb2d71bcfb4bba49c6a9a60595c452dc92895138b5ba61205e6a47959e9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
35919743afb42170c9ad1da1496af38d

SHA1
ab1ffdf6cd1c9a24bed2fc79be11f11dc270f74a

SHA256
8a068de9a2bbbeac6a63d92af5e19b67c30c871879294f424404e639486461d4

SHA512
0a29c1ea0802333bc72aeff36f9879ae1ae4e5b27e07f8534b176d6f98fc7ed579f93f02b7097d4d095f966edebe43a59264d06ca2a599bb39e2ab81f53ab435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
345B

MD5
7e72a960f4cd0662a150f2c6277e1477

SHA1
9203d7d95431f44ecddac187a74cccfc9ec3abcb

SHA256
5b928c8a818d4221d14df74719a3f10e37024e0ead49424c92579fe788a4a5fe

SHA512
9cb4a097acbc0c2d9f1663c3b2d4df2b4d74eeed3cd17987f28cd58f29bab39cac07f01319a3ffa147e90c974c993939e51ecf6f6491a0ebe43e640e0f430022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
655B

MD5
678856bbbdf43f19e1856edc8d409067

SHA1
6e26016048af656dca0b5f43468509506c5e4183

SHA256
7d5bf6e3453200d7118e897701071fbed3a4e7a8ad4a1e81469b4c070b6d4af0

SHA512
e369ce217a2e4059b17590aa83d4a60d01c9d11deab0716a786e876b3c8d4a7d39367da6675b60c83d73be77caa3e346ad58f6df4fd6a3cb822aa7ce1c37fb81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc5fc746994f7ac92156cb65b242d6b9

SHA1
4db577c0e0e715066ae99e17826c3899fee0e0e6

SHA256
cb2480f687ad60cb7c19032f8712cfc5cfcf6f5c3a3c1defad186668e0ee6a6e

SHA512
6f598add1b1ec54be9267451a2fd950fd101fd82bf916fe49e60e3eef002314dac58303ca9fab0c31e53c0b4db00af67ca47ffba72950e159b8bc37db10b8a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c2172a1b460d5f4631a7cfe1e2beeab

SHA1
e417538d3071a8e12fbbbc3a6aaa1af78963da34

SHA256
21e5f0a7a2853c7536cbd184ad53d112a822d0caa306542f1b59697353d3bd84

SHA512
6f239f5b08865f293f265d1420b430e1b47dbe86f5f2dcbebc9304a3f92db1d2c4a4fd66176db5f246d10d72b21f09b054198452299737c3b82f247b50aab58c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77fc2de6537d10179eb1705af032e62e

SHA1
38661f83da127be5d420724595b3615dc486d7b1

SHA256
5343e37be39e12f61801ca759dc9084e53f390d7e3acab1c9bdd66bb37937d63

SHA512
3af441a52bdbba5c223c2a9a6289cbea4532cad53ae2782aea253b796ef0fcaf877621cf3b025622d549d2b78c620297d765b966660101baa803a15b26077725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa107da38e749a9caec1c0d1a8ca37fa

SHA1
2d94f54b40fd25c1e0109ee8a3de80f27c566806

SHA256
d3b340f51a6373fe4d48bef3ce2475d43c32351ac9cc6722cceba5fea091003f

SHA512
1d8284f6da9d13ca6c4f74125021e2b5fa76614c97da050367a6c7a4c22d73a8a06595aef36b86a5dea0edc12315222b2529044d0f2a509a03322b3d7c48875e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dad67030ba3bc786613fac38a80a5739

SHA1
b1e3e20ba3a96f6c1a404ea5ac3a2e38b988f696

SHA256
476ae9b5c6df416afdb664e6527909aea28737d4d5623a108f3b17899d41dbfc

SHA512
e11695bdb7568c31d6dedbdf3b0cc92aac211405a7d3117bbd836d32684575b34b9c8ad8c1b5e5d68d40f0c5ad0f0e0aa7eb053500c78763388726f9c6bc75ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit