hxxps://bloxstrap[.]org

Analysis

max time kernel
308s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bloxstrap.org

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1060	msedge.exe
1060	msedge.exe
4516	msedge.exe
4516	msedge.exe
3340	identity_helper.exe
3340	identity_helper.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 452	4516	msedge.exe	82
PID 4516 wrote to memory of 452	4516	msedge.exe	82
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 800	4516	msedge.exe	83
PID 4516 wrote to memory of 1060	4516	msedge.exe	84
PID 4516 wrote to memory of 1060	4516	msedge.exe	84
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85
PID 4516 wrote to memory of 3360	4516	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bloxstrap.org
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ec6f46f8,0x7ff8ec6f4708,0x7ff8ec6f4718
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3330207296924248675,1749617262042588231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
bb30ea3b46964f49ba85f475efd1fb6f

SHA1
1bb4aae7781af8b933e1dd4dee56879a3ef92d38

SHA256
7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6

SHA512
bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
19KB

MD5
f0c0412e4f7e8ebf6e1c8738622abdf4

SHA1
7e5433f4d55ff103426fde504031eea535b3d55d

SHA256
a67bd5961e1d3fba115d8d04644accb4df135aefe880d03d7e66c404c85b47de

SHA512
5d228fe7f147e41b874a167942c017c130cccb61fa05f80cdab0911dd5e0185b8974c93ae9877c5d0beace13fb248bfdf717b29d450b12e08e2230c806232638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\482e8abbef9c0889_0

Filesize
53KB

MD5
5664b193e093fb937c545c696bc6f348

SHA1
449b1093f34c46a8753be0354f164eb225f8c9fa

SHA256
b29715d83ba2ffb1362244a5df10b78131f246f69ed337cb5e66c16c517cc0d1

SHA512
09d2fef056cc2ea3a649a70297c7c27e36d85aa1f6403a2bd61a9dc270d8a94908608af2b4063bc0744ec42b4b598119c7fe6897f7c54040a5ef383030d8009e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
6af33ff07e79b7efdb8bdd9f2ed9a6e1

SHA1
320b2e442858d313d4a997966811a48d954bfa16

SHA256
93c2e603a148d7a5a6325fdcbf3437846d23e721492d4536c304f8d43ad39ddc

SHA512
731a24d08c8d642a1657047db3ec56ef4850c8547c5c671e3d63cb21037103fc7af70d50344a04bf05c847891979e1274126d21326c8b44cbcd2aa64459670f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
9e58e1ab92962167418d900fe6f3f517

SHA1
eb35ee8991ccfb5f41979cb7a7e3359c21607750

SHA256
5c183dc472a454efb9b38bdb3e822c46db910dce88114580c2da73697f181e4d

SHA512
103c84ffb990470adddab6a16d67c4ae0d368bc30e817c8a760827ea138802af508560bbd29e2f176466314f33e416c001ec3161e87e7e6d2a4b31a445be48f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
403dc45f72fed6e3db4722bfd69a21fa

SHA1
ac6b8646860eb7167b4d44a565867ff21c5aaa72

SHA256
47da85c987271e0800000b8b4f911a61ce89e5092a9b409113d1bbfc7e31e780

SHA512
3a39d04f5b179c15e814154aab498bafd0f664d4ffdd0418e0bedf035f83ccd3d64420599c79e2e6b758a8cee9926259ea84ceb4b36c49273bd1bbaed4660d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c67d0793739296c5fa4fc3a0b16509fb

SHA1
ef7e95a8c62673bb049938668ca1e6355a1cdcdb

SHA256
de6ea1881cccf8d9e24031017abbfe10db0be7ac77e4ea5b0a6aaa5ed1665b23

SHA512
d40ede9a303a1a96c0df1ba1eb131d751cf4ffbb7f7d5bb0a7dc9420bdb3211a79b0ad6bdc660c52e4d524e457d49cbbc546e47761548139ab0cb1f35e6bc5b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7b323c8b535394b25a6ffa8ef1ee46db

SHA1
5d98697441e8e6489905112b435c5056818d9fc6

SHA256
d758c5540046616be565360b005d4f17c12f46b7db8585aa72de450a43d59b2a

SHA512
6d46485b53cae06d186292cd94dad3c478c509675c834c11dcca0414868f1724ed94690f4d4ea6c56ef5843ef06a192293f89c475ab9bc09023d72d6ac8c0d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58c2fd55527745fe98eecedef96206c7

SHA1
390325788e50c59595d17ef77f7eedd46657b6d3

SHA256
888b2e29ec1087fc821d757fc7dd33c813d42eff7a25098e69fccc5fef8a3dca

SHA512
67df1416face38b2177408b43cfc3eab319a992b505a3a35835bb7847d9ae8222d5d1fa5ee59c0bdb4dd7f14003cfd5eb1c3363a5a7423ec379a78f0b91125f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fdad68496e59e91ad3f5574bb5ce5e37

SHA1
36d6b5f1f2475525f629f2ee958939e723571423

SHA256
c2ace121a3e7b8882f74ff08943f986e2fe95074a4dee31a4671d8b53a423304

SHA512
f9dced25d6629969804a92511f5a3bfe8092b539378338ef34079f9853d2be8c4c0c142a8e0704add674fac8ba899ff5e5b750d410aa1c673ad560ec531ae1c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fe7eba64ed08a8866921d919ed77dba8

SHA1
4a4248244420c9cb2ac3ed5a4fa9617c531427e1

SHA256
4f347bfb4975ea8b62b1e0eff2465a655a3dbf42fe5a7ab2175fcca84a45ed6c

SHA512
5af046b37f369894726c5a4270ff3c6a82e53190fbed3a326cf1bf54fbb57aa3b329b5b7efbbf3c077529543e14668fda7e6a8661c0c9916a54e4705edcdb3d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c04e3411331d1e86dbf8ae03988eef5d

SHA1
d0bfa9c9b13633b8bea5c3d9b35de9a2f9127bd9

SHA256
6ee6c02117846f0cbc9688df4082115368aa54e96bfec566717e1e28cb6b9a18

SHA512
9bdba4183b4f45c4360e2071c740a4ead2d80a580c74ddc3746d21db312f8b28bd133d0850f8561855e4cb8a167b6ed04b6064e8afa26e1cea36652b12f87549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
09e0b64d4201e63dc0d6581536ded78e

SHA1
d68ab7d2d98f816b924c07ac6cee850b3c80a02f

SHA256
37cffd6856e532ba12b408d8f8c8bf5f6429c5b7c1cc56b0920249e79932e42f

SHA512
81f61a294994735357e17cd10c490f4c9c27c8b3f50f1152c20ab6e065dfc49d5870f1b63b351e28f6a46b7f574e3d940761a4a4d8478686bb592eb7ffe022c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f029f38328e7a0f9c8660e9890356fd4

SHA1
96033ef5c81754d684fe4bd78606b177b571e8a5

SHA256
e22b592b68f83816b260e1d3755bbe570736aafea9bfbb6e198505ccbbf40264

SHA512
52f95538a6f1a55d78c68c42f36a293991da576f5d7bd1fa931169301729c5adf91efa4f5dcf192c1eacaf354c97eb2b278b3e106a5b6c4c7d5160c25473215c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6147ed0d75734ed1e2f4675300118376

SHA1
ac5902104660b720837f87e0aa48a004107381ac

SHA256
1ec4e50b9bc999f1c7e9f8e8869deee93dfe6ee3b0719cdba2a98d8b10bd3dc9

SHA512
06fc324b577156d7f21694ca9172b1a868f6a88800b460e6d528e6008b96c788569203beae82da7caec84c2105684778567a070b963c32155b017892bfacf269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
e5523d7628aa34514d40225c0780fe86

SHA1
60db02a1ae2ec222ad9f207dfe9bf3e7a1d5166b

SHA256
4549112ad656e988360c0d432b6ca61ed58cf64a1337e55a8ed2812aec47aa20

SHA512
6cf1c243a46b1333feef0bec8d86af15086d098c2744fee4e1d8d66c2122b8baac809286223fba0c5c211fb9cf36249ebecdf54c459c7fd9c30d904d9c8b071b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
14a7ead54f6e90d0786a2c67c6038202

SHA1
44134257e3a3054722d4184125b2556575344913

SHA256
14663c66f663f6ae73ba6e9e88185bb3b0525a315b34651ae05fe42634c2421a

SHA512
db752dac58fef23d3ad041ee911a6b2d4ed38491c2150f6c82e703401c2a18231f29327402f9ed22770ea53184568461f59b4e967785ef35b3b57342b912e969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b4e7a.TMP

Filesize
204B

MD5
59c26981c476b3b8e4ed65b6150d7bb7

SHA1
e09b1bb3079a3fead58576947474fb7a6c98d2fe

SHA256
48da0131485cadabc53e511385b878b49be7a37221df06f27eb77274e4f171b2

SHA512
9dedf00c64c2b43ade3bddf19f8ee42ea7fef5e3123828e84f213a082ed7b9913ce7b3a5c7c8c1a8cb6addbade2a2d0034700551c1655449bade1394c10783e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb3b128608bf560fdd5b95c22373893c

SHA1
d4b329445b56d083bcc3de5943308c59fa33a45f

SHA256
b769bd51bdf9817ce9b66f7432a3cb19fc630bc9a63749af9065eb7dcd4b94bd

SHA512
5798a57d8f044482defba8f50013f863412c06d915283061140a2f586dc51659e8b5e84ea972c158199556508fe78ef228e5b36a69bcd10a274e7d98f23da78e

Download Submit