hxxp://a2zqatar[.]net

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-01-2025 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://a2zqatar.net

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
3664	msedge.exe
3664	msedge.exe
1768	msedge.exe
1768	msedge.exe
3676	identity_helper.exe
3676	identity_helper.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 4124	3664	msedge.exe	77
PID 3664 wrote to memory of 4124	3664	msedge.exe	77
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 376	3664	msedge.exe	78
PID 3664 wrote to memory of 2860	3664	msedge.exe	79
PID 3664 wrote to memory of 2860	3664	msedge.exe	79
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80
PID 3664 wrote to memory of 3504	3664	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://a2zqatar.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff82c083cb8,0x7ff82c083cc8,0x7ff82c083cd8
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,7605513565078635887,3970146843236063233,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
48e375fda8c7256cd6cd9c765e0b68d7

SHA1
d745b6746c82236c9d1f651bb03b09144739a3f3

SHA256
d472e717294f4002e9c7d52e141ae65d2dd8261612350e10785687b9c19e9891

SHA512
35d7a3e16d08f07e952e454208e681cbf04d5fc041b16c14e204006b0d10c2d3220ea8028acbf029041dc284b799d0a95a58310fa947d78fd422cb0722bab8f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
32c6a9ec8a6ce136bd238724a126b1ad

SHA1
b5c3382d6816deba353a8abddbd04a42507f1891

SHA256
245cf29ca2b3486e412832ef841cc1398bef3fee0d7119c183a9f935dfcfc93d

SHA512
bd4c469eba99b81f86df89bc823e90da7527f294a6d2d5bd0154936ca2e062f0242873fbcaa01168e560f48b9345f6cb72e569209c687d8a7134ca0762456ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4ce3724bd013bec95629b7d455a87843

SHA1
188390fc0d029f429791889940f019256147459f

SHA256
238ec20d0d96e32dc06fc43301c8d422cbb7a0ff7b0d6af044296bc833e13a36

SHA512
fe8472de6885b87298afc7eeb16293183355f8bc444655bd0c06aa1cd1f21a5f695b52ba3bdb18a7d7f880e335930404b34516b631e0134373c49f2d4ca39fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
96042b96342602f97e5a3d4ecef348c7

SHA1
4371c7dabaf1f69894e3a6014e3f6ae893b7b63c

SHA256
2b5ad1d41e9ebcdb8f8886541035896728633476ab69111614bd0ad94be63bc2

SHA512
0d61781c6dcb23108780636d4743eedd28bbccde09178dafdddf7aca56aca521bc9ade2f19169da46ff095f39d9354e3a0cc144fdc1c83ef2de9386776013757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
710dac59d96bf8c4197b318cb6b233e4

SHA1
17d1d1fe77e19442410aa3c9a55ef290a64e0290

SHA256
acbfff8fcb96c3d6d35d11769a475b35ea3c88bd2d3e663c7a9d6505cda94848

SHA512
66d4227110b44f68c337a23543c6ad7310614f9c1014d17d7201921e7cb5d0eceeeb39128080a490395cbb0bbd33e65adb197d4d25f509cd9cd1c1f89836c9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0d1e1d2bb406adeb6a7cd3d017426250

SHA1
219020898214248123932b6f26d50463bf0e79a3

SHA256
af879476bbea630715bde91aa0f38757db6d4d7ae99011e4f60b1fb40f279033

SHA512
2fc360ada0cf73fd9ed08545c52c71fef904833d8ebc96fdcb6efa804232b263310e0bf68d49dc463c5c71b051e9d6e5f683e455ddcef4f1e731bdd9458b8ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c77ababe49ebd50d846a9c5621f0a7e8

SHA1
d004b3adf7df2b6dc7f3a7de16ecd4a3aa03ef7b

SHA256
59b6ca16b43c8afeffc0e7d31712dcb530862600c272e98eebc9ab00dde63bd7

SHA512
45b7322b0419a6e79cfe05b36f1e50f9e832ccedbbe23dcfd0dae794d849da52229551bb5307bf515361a1bf6a89f6c4f9fa2c636ab4e083332e512c7481bf63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d6f2.TMP

Filesize
48B

MD5
db6e0ac4e1abab613b0b9349010d5142

SHA1
42a31b5f555490ceda6863b34c49188973e95a18

SHA256
4a0abf97ae89dc6720b5f59c4ed2ea3ec8f1fe4de7ab04782e21310de6e18a26

SHA512
ce53606b19f9d26251d3bd52652d66d5c3c973b6bd13aaee81bdd8b96331e7b92ca10674df706ad798d96cc48a30e9e43b16c2a439ff451dc742f16af29aa742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dbb0501fa60a04555d8d8decd317d525

SHA1
60637be0b2833857891e03f5516c5206a5bb4d47

SHA256
486ed23e511ec9645354ba91ceefb8c749d7d14899b3672c9573350d95e82fd0

SHA512
94cb775afd021e2269eab382966ea81114adc70676fb90371ddd664919c523d0e05bcfb3078c67795072f537c26ea592b8b8d9c89d126487efe6986a4f968b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
15b045978c40c5b66c927b887fd86026

SHA1
f3d0aa1834f845afb7405f5b560a25d48a837851

SHA256
114280524c0cacbe2e1448119e3999515cc9710c598da21bbc1259d0ce6d66f7

SHA512
a5bbd40fe5d5971f0a3bab601547f6de8cf438abf8ef04c5b24d09d483bc2c40ff8bf580e11402e8239c2d258aaf58b962ae7c610ff4fe0cf9194f5c698b2c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2dad7266a652140ed3bd8f939c4419eb

SHA1
ce472110f4d15d75020d3ad2021ba9fa1b7b5359

SHA256
cd78c986a2d32fdc792e61ca65ac78d7863fb9048a3c7c629d4480135dbf83ef

SHA512
8f897a97d39e0498e3d57034c1dff4ad70dd33166c3f3e0eef2d33549e1d24bd5a47c8ae2fb03f69f5e51844ab6212612ccec4660c32f8f1a1398b5ee0408f85

Download Submit