hxxps://www[.]ggmania[.]com/gimmecheat[.]php?cheat=sleeping-dogs-definitive-edition-v1-00-20306

Analysis

max time kernel
1681s
max time network
1690s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19/11/2024, 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.ggmania.com/gimmecheat.php?cheat=sleeping-dogs-definitive-edition-v1-00-20306

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241119131938.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0d3551f0-6cf6-46dc-8ddc-36d50c4e8d21.tmp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1136	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
1136	msedge.exe
1136	msedge.exe
1940	identity_helper.exe
1940	identity_helper.exe
6020	msedge.exe
6020	msedge.exe
6020	msedge.exe
6020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 4612	1136	msedge.exe	82
PID 1136 wrote to memory of 4612	1136	msedge.exe	82
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2880	1136	msedge.exe	83
PID 1136 wrote to memory of 2356	1136	msedge.exe	84
PID 1136 wrote to memory of 2356	1136	msedge.exe	84
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85
PID 1136 wrote to memory of 4632	1136	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.ggmania.com/gimmecheat.php?cheat=sleeping-dogs-definitive-edition-v1-00-20306
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe77b946f8,0x7ffe77b94708,0x7ffe77b94718
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4148
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff733495460,0x7ff733495470,0x7ff733495480
    3⤵
    PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7734354712393472810,3146465796539848534,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9fc751d5fa08ca574eba851a781b900

SHA1
963c71087bd9360fa4aa1f12e84128cd26597af4

SHA256
360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb

SHA512
ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d9a93ee5221bd6f61ae818935430ccac

SHA1
f35db7fca9a0204cefc2aef07558802de13f9424

SHA256
a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968

SHA512
b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
06758b107a202bfcfe1b39756c350370

SHA1
93f844179c04faf160fb19b4d3bf2567fea6a262

SHA256
0bf93e647cd1cffdccf3be529934c366ba1f07aab42b9e012907633b4cccba53

SHA512
661f7953bf33fbb8905ca05033d69edfca2506230ac4117740158f26e31ae9bbc7e846a1449d3db2da650855213981227e6e3623a02d17f127b7ce0b12d8c1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
c78f2672e81cd3a4e90f50551ea88fa5

SHA1
cff946f2b9b5b5aac870c712f00e0074217f0940

SHA256
435632c66d261200eb5b0c5083b2752d7b47380dbaf86e707ce26ee435b8306a

SHA512
873633c34f7713fd4f0f8f7907be5f8e3d6fba72aab96e9726a3bebca36df07654ff92a157cfee92f74b015def8d2a296c96dfa37900ceb68c95155d959d8e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b805712bd5f595f034e8795ead0d925b

SHA1
caa3124b79854d9a19712ef867db6bad2713f87d

SHA256
5e206fdf329c96b47ced04a9d65cb300aaee635bcb404918395b487e543ad5cb

SHA512
bc8450aec70f63914053e72e6ba03ac6ca9e752344a02b4aa0376d65718fc65a2addb53a7bc4fb2334454ef272eebbc759c335304dc03930d368c34667404b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cedc0778add6c29a3117645c9c059de2

SHA1
d83c9e7f5d3bf26ceb9e7abf48fabb1443d340ea

SHA256
515057abca8e060ed9d73c462004c9a09225d881e71087ec57deab7731b7a5ed

SHA512
5a63b7eb32cbfaa5d36dcbb84f0f758571bc1951400284013ffcecc8016a2015cce69571cb685226c5a81c869ed45d443e4496a27b12553d74d765663e644e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6c36e50d758c5a4ee783a9f2e31fe719

SHA1
62bc6db6807cfee7f73565572dd045e488c9f64a

SHA256
0237e1f6668f5f1e4dea9d742da98ae2cef0c137fab2d0f991a72de6c87d62b8

SHA512
22124408bd1c19cf799142151f4aa701ec60ce285466abca8e784db51210ba96908e79af3b92a8d536b8fbd9ccd941b65f7930bc7627a0bcf0d726f0b70c43d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b167cd45a2d03f5b27322c5571bc9d05

SHA1
f3107a89efceceb54dd3d1f1877556b71cd91a0b

SHA256
3960230c1dc6570f63c9119d1a515804321d451ce78924d1032596541c09a6ca

SHA512
beb8b157be7ed3320e45a4aafb48eda51cae6b31ce333c8523aec18d7c11fe17f985ca64b77a4864ee9cc18caf76a8acbf149a0474c7c2ba19e9477ec9234be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58bf92.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42f288316923d18d94fcb6acf19d4293

SHA1
809e033e979ccb8191d468a84959f95f1ba49b9b

SHA256
8596c6acd30a541eeda40ec5fb80fd3dacca0030d866ce34c5149a1caffd92bd

SHA512
b4f140c384c7dc7d277bb83690f187c3b02495924e593dfa59e4d11a29b4ec440f24165acd7fc3c9044d824722defcf2e38c93477346ed9cdad9f73c583d1067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ed88082ebe82a5fb1b7dc6c2a9d013a

SHA1
76f4b78543a93dfdeb1395ba137825a227ec7840

SHA256
16aa0557267e0c50749efcdeb2a76922bc6d2f026dc6a10478efe48d4afb3816

SHA512
b7d9203cb77a35de7af060d2abb6fae2cdc26393d304b4ef4c16c198561b6cce7fef427d29b983ed39e4d1ee9008c718474dfa364232651a4947dcc99816322c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7266db7649dee6970daa7f49eb370190

SHA1
afbcde2050b73bca044cc7b5582c4d80024e93ae

SHA256
64e195f4b6c6d0157e03b714e2c9595c0385efb8cd701cbc07d2cdbd7ef1f1b2

SHA512
8bd621cc22f8f3dda04cf7f5c44130bd3ffc58eb727241d2edff64a29c8200ada04bd68a16e6e0bf2052e56373521c37285b72f73cb2fbdf637ec63b1e3f9b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d3412a01d4c3df1df43f94ecd14a889a

SHA1
2900a987c87791c4b64d80e9ce8c8bd26b679c2f

SHA256
dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be

SHA512
7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f9055ea0f42cb1609ff65d5be99750dc

SHA1
6f3a884d348e9f58271ddb0cdf4ee0e29becadd4

SHA256
1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348

SHA512
b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
af1d6e975698afa8b66602dee901a4c4

SHA1
3b3bae585e8e3a108e5a38aae93917da535a226f

SHA256
d0436393fe4213f81d0c1ce24440f7f902ab7c77fcdab412339faa41b4da4bb4

SHA512
f91c468267422f0d54533e6de35045fb16e67ab42cfdd3a8436d24f1649c90579efa39f831983af8d01cbb7c07ff00d124bb365a066e96ae5c0f0b1f1b231540

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0d23c41a2c98236e9a43cde99db58780

SHA1
0dabe529e816d062e8b2e3cdeffa68731e16238b

SHA256
ddac7cfcf60e14b6731260d7868debb5603c675a64e494e0f7afbb948f82c349

SHA512
59b6af7e7740e96c60e2e5f6ba08cb0dcd106fd3a778d75158231e01d3c13c112c20d0fdf06f74ce31c51658a2486f01c9cbb46c05e2725a1028a2e6ed671bf1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
429cd4c092c53d2532ca9b2a88db7865

SHA1
3ddc14bec3a7e1566403ed34e51c852db8278506

SHA256
595b5b8605df50f57eb5606183a7a55f8e4a0c4543fdb8e9c0ebf54102ffd559

SHA512
cc4804fd75e6f2a2fe12b1b65a5162f94e348670c3f51e2a48bcbfab46906cebf29bc23ed832844caa1f7f4b522d6b86076c54050524fbb96ccff152f6fc992a

Download Submit