hxxps://shop[.]trendmicro[.]com/Official-Site/?utm_source=google&utm_medium=acquisition&utm_campaign=1&utm_locale=&utm_source=google&utm_medium=cpc&utm_campaign=G%20-%20US%20-%20NAM%20-%20Trend%20Micro%20CONS%20-%20PS%20-%20Non%20Brand%20EXACT&utm_term=antivirus&gad_source=1&gclid=CjwKCAjw4_K0BhBsEiwAfVVZ_1B_LbE6pRqOMWckR-oFT9ER5v-iOz_tSUMlI1lSbICRDbSvdx7akBoCJIQQAvD_BwE

Resubmissions

21/07/2024, 19:34

240721-yaasta1dkh 1

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shop.trendmicro.com/Official-Site/?utm_source=google&utm_medium=acquisition&utm_campaign=1&utm_locale=&utm_source=google&utm_medium=cpc&utm_campaign=G%20-%20US%20-%20NAM%20-%20Trend%20Micro%20CONS%20-%20PS%20-%20Non%20Brand%20EXACT&utm_term=antivirus&gad_source=1&gclid=CjwKCAjw4_K0BhBsEiwAfVVZ_1B_LbE6pRqOMWckR-oFT9ER5v-iOz_tSUMlI1lSbICRDbSvdx7akBoCJIQQAvD_BwE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
3608	msedge.exe
3608	msedge.exe
5188	identity_helper.exe
5188	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe
3608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 3488	3608	msedge.exe	85
PID 3608 wrote to memory of 3488	3608	msedge.exe	85
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 2876	3608	msedge.exe	86
PID 3608 wrote to memory of 4980	3608	msedge.exe	87
PID 3608 wrote to memory of 4980	3608	msedge.exe	87
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88
PID 3608 wrote to memory of 1284	3608	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shop.trendmicro.com/Official-Site/?utm_source=google&utm_medium=acquisition&utm_campaign=1&utm_locale=&utm_source=google&utm_medium=cpc&utm_campaign=G%20-%20US%20-%20NAM%20-%20Trend%20Micro%20CONS%20-%20PS%20-%20Non%20Brand%20EXACT&utm_term=antivirus&gad_source=1&gclid=CjwKCAjw4_K0BhBsEiwAfVVZ_1B_LbE6pRqOMWckR-oFT9ER5v-iOz_tSUMlI1lSbICRDbSvdx7akBoCJIQQAvD_BwE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff67ed46f8,0x7fff67ed4708,0x7fff67ed4718
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3692808571732439431,15039119143898831350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:6020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
243885debaa0bc4c56f876c7dd7c3eaa

SHA1
eb3bc24b683840545f8f3966b2350910f7285030

SHA256
1b18ace0d916cf74bc5b4a9e10302c151e248dcb475e0b06f8d1ca9e4bfdd05e

SHA512
03a3516ebb6dca184d6dd4ecbc30a7932776f126943cc014dfff5526471d1829267e2276ef878e60d5083dc0b93bf1fef49df74b9d883e6111de04fb2d10f57d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d406f3135e11b0a0829109c1090a41dc

SHA1
810f00e803c17274f9af074fc6c47849ad6e873e

SHA256
91f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4

SHA512
2b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f37f119665df6beaa925337bbff0e84

SHA1
c2601d11f8aa77e12ab3508479cbf20c27cbd865

SHA256
1073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027

SHA512
8e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
20d0fc5d56c6ad0787d3a4666b68d2f0

SHA1
3c4a4fbd9cd200d597905b42cea9c8a68805875f

SHA256
b1946af36877bb0cbb1b72f30c36b156c444c6d3ccbd3a7dc7b76f5702836d42

SHA512
d7e27a47e8ac4c772f853eafb733a1fdcd7aea714f2f0d97927daf3fbfaa7858057ec090c65810635904cfcbc355ae75b111bd13559c4338f00cc8cbe41a1e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
20080376cb454639844e17f490d0d350

SHA1
bd931e014848d6ad09e5259662dc420f9ce1f77f

SHA256
e91068b629e685d9a0f5912061366058136fe30ad81fe44086951884ed757362

SHA512
5e9b6ee32d3742bddd5a77c84e8082a5eb973ed0368a6aa80067358f0395998284c7e2d7db8b0b729e1cdfa873d42e5abd83a0549da40d9aa0864c4d5ce5dc79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20966746fe262f7edc6ceef2ffe12e60

SHA1
f389268194c9300d1344a192c7a728de5f20357f

SHA256
9bda44a4f442094c0318dd0884f103b84fb1e01756552a58844694dc7854617d

SHA512
4a1672d0f84afaf267b2d9c79c28e9adca7b3fbefa86ae2ea333e60aa091a84e1adc3a45324050857fe4597c0e8061f31b99fd763e071df78b340d816b7d9fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
27d1e5ca6511a08ea2729d7d67f09855

SHA1
701b1a9b0a4e43e0ba46f0ad999e8972adfc5c15

SHA256
a67d16cbd2177f37acdf9da570ae496438292ce16a3cc4176c871d78866e4783

SHA512
daf2d4c35825b8959362de0a8139e20531a833ba17b56cd5b215d60b69eb631b006de5cff92a4bb18c7fa699cf8bdef1da0504f2ee986ecbadb25ac5cbac611a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cb119811fbf5f75080308ad7b5f4e1e4

SHA1
972f4488bd41931b07689ece1596c9a618168ee1

SHA256
1b020b2242d2a2a1951903925a88aa2786611cbe71b48cef7ed5f3e3e83de5f0

SHA512
2cf0961ee343f95ffe9d9fe8a1ee0571c27d16010e4464cf0373b762da799d48190161f7cfddd1c9573b1ad4244bca784876d3328c0859fd567f2dca69e827bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cf295a2ac6243ec9c775288f6fc7ff09

SHA1
9a998b3ae563f35906845536f55edd8f6134850a

SHA256
f9a9994527b819cf621b927bc0911910e59922e4600e3676a569b3e58097f1ef

SHA512
74c4d6250481ef5b2a720c1eab9f882cd5448b317592fe05f132783ac8e2dd332b55777bfa19fd351d628aac0ce3df59069e207af64a03accfcabe0c0fd9d0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cffaf394937ac9a04399692d5c1ca27b

SHA1
802549fa126c9452ffa5c3aacd0518a4f5391ef1

SHA256
a75e62ab3f57f74e05ffed7f6fb102441c566ca2b76b4a5bb2e45b786abbae67

SHA512
6b2c6c58e4ed386f0d09893d801137f3891ca7bcc103db27b97d0be848e313c28cc80dba3a1d29394a8a7e5652f50b682ed3ff9c6a6b0a654934c55eb1b92de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58220a.TMP

Filesize
1KB

MD5
67ca4fb79b0a41ff64342bdc7b1f244f

SHA1
b6011c0bc021c7364ffce4b31732fc9613f198cb

SHA256
7628cbcfafa64c115178f2336251438ee6983891af7c6a492657184e1fd0358c

SHA512
4b9442f49a47d8f4ec56dc0233480b044c55a273e382c7d42b91b5357f7fb73b631987a96e6a182cd1f748c1bd131a3d1b33668773483d83abfd76af2b19dcc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08ee8062bbbc61f14c271d8c595ca265

SHA1
5dacff399ac85e468af41237c10aabf4282fdeed

SHA256
e87c00ef0829690c5fa13cdcad701355c4e97ec44cf25c8a199764ba683d54fd

SHA512
cd339b474b25b0c3793a84e3021280eb4e7bf0be021dfa992871f0f62357ac0a00ef0e2c391045a4df28a3262ef28d34b497ef25f523fab428d5f5d775dc93fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3f8f9258b3b8ba1e86fa43a6215325ee

SHA1
754e34e8cf9dea5109eb9cf3dba4a180822ed693

SHA256
21ec2abb5a99596bb5009df797e2838d052f1b8d787dd2432b0f8924a8ef5732

SHA512
07689c56494d742eb3f6ac53435cb861f662ab1cbcc42fd4f32c0650f0155ee2892b5233a2ec349a5596974da8ea47e7004eb756a54353b95e722f9197c44e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
65428ca90fe7f3d4551525587c99930a

SHA1
39ceeaecf528cd91290c778c6d60451e1b8473da

SHA256
f647184c210008e0e16a12b4cccaf3349960f56b013b30db606364b1126a5ac4

SHA512
360f1c2d301d46987c7bb8530d01d225140df8fb805fdfd5ee7bdee424c3d943de24134c36b7192a55489cf2663300119f2a081082d96fbc39503dbfe4df32ca

Download Submit