hxxps://kiwiexploits[.]com/kiwi-x-external-download

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kiwiexploits.com/kiwi-x-external-download

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
980	msedge.exe
980	msedge.exe
2748	msedge.exe
2748	msedge.exe
4016	identity_helper.exe
4016	identity_helper.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 4340	2748	msedge.exe	81
PID 2748 wrote to memory of 4340	2748	msedge.exe	81
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 5084	2748	msedge.exe	82
PID 2748 wrote to memory of 980	2748	msedge.exe	83
PID 2748 wrote to memory of 980	2748	msedge.exe	83
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84
PID 2748 wrote to memory of 772	2748	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kiwiexploits.com/kiwi-x-external-download
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e8a146f8,0x7ff8e8a14708,0x7ff8e8a14718
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13230729133102106215,1262304938697513964,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
64c20f9e51052fdcc622796af4068ea3

SHA1
fe152116430abbc0ae78b670951af726dd6ef92e

SHA256
6400b708f562e415d1a32b6fb5f5c7e252fd27bcef1fdea19aeafc6030391c7f

SHA512
236035b090a7927255c178f4fd47d0abdde2a2d6cf0129814669b7f5a5eb3646b43d9b255ea740ba4bb297a1756ebf01a62391bc62e44bc3c9fd834a3d091c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
fd45f2d60bdc8e2bad031329e8ce79c8

SHA1
814c8e71086221e671b14586ee5e4cce7248ea09

SHA256
9de8c688d35d7b64753fb353e08d6e8597d76ff4a2ee721da8e49ab70956123c

SHA512
b6d409920f65e0189ad56e68f3f7304ba87ab8d9023a8926722753ef04d3b77bdd6709495a35cf4103931d43713bf37537b2bdc37635d5251902afda30c2fa13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b7db2a74ddb42a1595526720aa9d41ca

SHA1
f25fd68205f8e85aa32c52384b86c7eabd2aeea5

SHA256
5be2ab4cea8f00b9e07f2edb066616e6ee4c0c0165bf4356a52c6389afa83d61

SHA512
a147522dd4706b7202cfcfa6bf5ef5b9ac031f69b02955d5a8705508795b1d7ef3ae4d383b199e1586e735489ac91ac2e1422b0adf942bc63614e5dc1c21c91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b0827b384ad405dd5ad0d65009ecdd06

SHA1
d78c54ddf8936eadade583668511cb83d7bf1fe8

SHA256
41ab88fb3e90aa63a81c50ebb706358365f7dc112ba3f6dc1c5875fb28c33715

SHA512
5bc7469bcf2519059b20afc6af8db526c65c97ed616b8ad04236891d41b3c35ea3bd81933175e774e0704cad5ab49b983bb4d13bed692182678a7e275573e901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b04d961ecd8ebf76f9c691c1ab41496

SHA1
1a50fca3aaa59bca411040a3d43b9e28f8a65e2e

SHA256
d096495f5246ec360dbeeff9e47ee590e618065914d35a41c26051611d2cd41c

SHA512
b5fa64aec9e6bd1555efb7590035bd7c482a312a1d15390c5ca9d5d6a12cf223baf45c0c2360034bd6c2b9a7f1c2fb559c4dc6cf696c52b65f4034b8b3bfe4c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ce8f3e26fb009580c2780a8ea90b2f70

SHA1
de5bc3937fdfc559a0450b139e5ca83ee6de8a55

SHA256
a32eefe2f288f87aafd2f26c9e9cc43db6838a9b30376e63ed454636abd8949f

SHA512
a095da67fcf926214de9fd5f8f9210443f94594d251881d22a848b4d41188dd5bf3d7165a42e2db9383cec8cf7c2b5340969b17a39a5f9534f68f44f71a61a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5ef00193dc37cc5043f7c99fcdea30ea

SHA1
95e684205528d727959a4598c8ff2e26dda83c4a

SHA256
8f42294d7b0dc0eb80d47a6670dbbfb4abe2158e3df2a1718dc07582d9fdb3ea

SHA512
e2a6bfedb5733bac7ca65f717aaa5b9dd4861b1fcbdeaff305b93c33c33705cb1b0eccae80ecb77a828395f76f3bfe089444a6bc5a4c132e2de578a1fcf29fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a0ab1803260601f1170364a48e356a07

SHA1
3286308a71d013b8506eaf15da1565541c4d83f7

SHA256
bc21a47655961b6d3149d764c980b46a005d2ff30d27c4d46faf8cd349a9fa8f

SHA512
487b2fbd6beb242f032f6517150efcaf9f550bbf22d1d4fdb6606a1aaed539cd2ce0fa6b8e3a9781ec52cdcf1de8d7cabb3d6f4e97b4cda7cadf68c637fa913b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585fbf.TMP

Filesize
48B

MD5
1c21eefba996f38966c15b5b87d54302

SHA1
9c93de61264e9777427208f035aaa4023e751523

SHA256
2b2dd5055a9c1c39c95475b78e09f004911f5b8e52490c4d93cdf808e68f09a6

SHA512
9965e3d0cf5c66232b270111425b1e86179bc0aeee4d57a2346a9c4cdc0a3e79305b80f6911de25f302e2f18be6736160b672895915518dc63dec6a6120ee0d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2165ab3a022b89cb8292f3c3e3668201

SHA1
395a48e2547e8342432b1ff3cb7e4e74013b2f60

SHA256
0cdbee2cb814f99df5bd5de309b8e17b0c865b906c895d0e07227a1086cf3601

SHA512
a200883343063f87b9fc417813ae6b304165328965ea1565b39d7f1613298860ffd6f5149b3a449b56f625fc911223f8f41087e63eb266f1ea000d76b908a9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1c0a827caffaaaaed94d6d47d9d9b50

SHA1
cdd2d1da1de51f848c3780eb305d1707e18bae4b

SHA256
d72a90b81b718ffaa9b5a89dcbd34674173ab46da5dadf3897e407a812ce6eb4

SHA512
13a428c40abbe6d75ca5f2e7f201dfd6370102095d8b3eb4cad7a00a91529119b046bb769c13acb1c279fe97d0ecafacc83779b14904af244f0aae6e1b703388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583ca6.TMP

Filesize
538B

MD5
f542b3b70ee86406a53de41900552e52

SHA1
e6d99b8a5e728183b3628abe1acdea3549f1c2e5

SHA256
09cfce2a6310f214528e32191281c622b33b844abe89346a8129be06001eaae1

SHA512
293e6e876eefc650bf5e88dfeb40018b777654e5e40be7d962e42f59eeb7e5bacc5a7599b7345e462f0efbd80f5f8d3626a49561c715b29fe26821493d9d0e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e29e6960b967daf707b73480e0c4198f

SHA1
61aa49f099b5ea5ecc3df2162bb48836556bbe6d

SHA256
18d1f7847bf2428d16f42c040611cf735aa86709f268788d2d48b19e1e053aa0

SHA512
f15730c0f0d1810e5703437457b54cbbf2d6e7a18f244bc7f2e1d90a7b17a7293017b669b51e63c3c90033c3d077a157aa2a128686fbb16de330716a60d8c863

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8397e08ba43b79691727a60bddc40ff2

SHA1
06d127bf93dabd0f2d3b27ba49efdbbd1ab3c00f

SHA256
6d272fd02b7ea835a700d3bebac4e7905f3229aa59f48f9bea1cb07505ff8757

SHA512
158d6768269864ea4a6dd742cf564e2918a39246d84e581dda44b87b995dbc3c32d6ef379f722adef82bc7fd3e59fa91c42b03c9e410f5c2e85d1b833a52f0d8

Download Submit