hxxps://reader[.]egress[.]com/

Analysis

max time kernel
146s
max time network
144s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21-11-2024 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://reader.egress.com/

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\4df51c44-9523-4caa-9d0e-b853f733c6f5.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241121121647.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
4256	msedge.exe
4256	msedge.exe
2072	identity_helper.exe
2072	identity_helper.exe
5896	msedge.exe
5896	msedge.exe
5896	msedge.exe
5896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 3780	4256	msedge.exe	82
PID 4256 wrote to memory of 3780	4256	msedge.exe	82
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2532	4256	msedge.exe	83
PID 4256 wrote to memory of 2088	4256	msedge.exe	84
PID 4256 wrote to memory of 2088	4256	msedge.exe	84
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85
PID 4256 wrote to memory of 1692	4256	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://reader.egress.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffa09546f8,0x7fffa0954708,0x7fffa0954718
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:848
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7c8e15460,0x7ff7c8e15470,0x7ff7c8e15480
    3⤵
    PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=220 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,213678590482058830,6547842533636415460,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9fc751d5fa08ca574eba851a781b900

SHA1
963c71087bd9360fa4aa1f12e84128cd26597af4

SHA256
360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb

SHA512
ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d9a93ee5221bd6f61ae818935430ccac

SHA1
f35db7fca9a0204cefc2aef07558802de13f9424

SHA256
a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968

SHA512
b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
49f335b4381436b7f924da50c977c3ef

SHA1
e03c4cf5204a183309da6d734d0681f26eb14daa

SHA256
325477173b0e3d0042f912578829e0700cd420085e4e01cf4db21af1f2480b05

SHA512
43d97b5af2a6bc6d0af62f0ceef8b21a97fd4f76dcce79a92ccf6e912666818ae7d9a23933487dd4e9470b3c5de0e2b0354dc99c20fcd445392f8deef2a18bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
effef11d6205b2dfff6fae56920c19dd

SHA1
f8c00616e2ceda301c40a25741a69db1b81391f2

SHA256
87519a5eacab0dba14c172b89579a5c82cb33dc2ee027052cf2e8a2f569e713c

SHA512
f0b235a4828b70c6ded44ac94be142397c3387be3b29adb60b76c37db63e3646fe7c228297fc9f42c136acd0d28aea1d8592a06152be46ae0a9c9fb60f8098ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
363B

MD5
2cf27cf6f8815020049158c6bdbea7fe

SHA1
faf40e424c14f3c7a940a8df4a24fc0ce93d0e6f

SHA256
ba9d2071b032fd9cf011014ede734d7caedfaa26b28dec9c45e6fc35c1b0ab9e

SHA512
628df25a80f77b63bc1b9bb88af788b1651b6f6e6afbb16dc0e6d65bfd80eb803e4a88206e05f07037dd4dc833a0acb0cb0f95ce56b26d3c4c25803fc6574d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58c1a5.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aabcb31a9acb675b31f785c8b7e55612

SHA1
4d3aef0ab2ad71d94f4d9c85fad06f0cfddb4037

SHA256
12ebec9cb74018532515b3dfa235ae3afe2884b2e8e30f0fdee5d556fe94dd89

SHA512
af62882b499049c268adf49c9098a4af4aedb99c77485f82c05c810f477daa5ef255ab8deb63bce6de6f6e7f2ad15d7c4af751a40afb0918645aa695514e3e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b75c18d5adbf674c6662a96db002247

SHA1
c57f6f19fc4f3a561b4c01f226505748a2465804

SHA256
8f09cde2ebbb9e2a83547d8204abbf961fe47f6851120f77e835a8c54916fbe9

SHA512
c11d61945b349d545c4703f385cd094e32117138ce21020ca93df374c2a3a59b8e6d708d896e8d65e1fc00e103460a59aced46d54c01077bcdf9bb842b630bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7dc5b86e24e6b5f5698a34cacc7f5ddf

SHA1
8c33de616b0d4b9230d749b4a40dbe624cbc3fce

SHA256
799d0b8bd563edce817aa256bed914847fc9fa031d4640558f98c361fec90e71

SHA512
0d12e0ffdee844341d650e1404037fa0c89ca0206d83e159d772f1c88f5481a0e61e54735b7cbcf5dc1bb40bb0bb0995cf6d8607b8405165297a331b951847b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d3412a01d4c3df1df43f94ecd14a889a

SHA1
2900a987c87791c4b64d80e9ce8c8bd26b679c2f

SHA256
dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be

SHA512
7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f9055ea0f42cb1609ff65d5be99750dc

SHA1
6f3a884d348e9f58271ddb0cdf4ee0e29becadd4

SHA256
1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348

SHA512
b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
f1b7c14fbd39cc0e2a49b76402aaa7ef

SHA1
85286ed60eb7a944b621c3ff892fd5b9519083bf

SHA256
848e80b529a002b336fc92d0c9c2bf7f87e2e3e1ab34e335e306afd98e6dfefa

SHA512
015c74a76dba7105f3ef72019d6d5b72973af0c7df9aac11447b8e927592ed850a87a815d43c1c86095f212d46f3d2ab8434fefdecdee2eeb24e0c15270be6b5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
8b78080a92490c426f0e251d869484ae

SHA1
2f034590ca86964fa392f92a1f592337c7d56766

SHA256
1b62fa867edbf054f0ef62daab95cb4ad5f5df68a1488ffa1e34a27e75536110

SHA512
843b7132eb414ae8e0cd342b2aaf819728976161ce9d2c4f1c90c081f6038b9e5b01740075cbcf8aa4e923232342a0ccc644aa95d62067d44ccdd1e0d0651627

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0322dc94f8b0d550e3e428efea04d77d

SHA1
934d276d97b17b070a2aaa38c3537a0e1ebe1fb9

SHA256
46927307fba8535af85d439de2cf373288428fe56ef1d82435cb1cc5d0ba35a4

SHA512
18224b425208ea30047d45c796435a96e919e8763cbcfb8b1d90d8f0485f5956e2c2d9edd5abb4ebc0db7377c7496d826db9f2d5d3cfdbaffbe1bf0a7ced60db

Download Submit