Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250619-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2025, 18:51

General

  • Target

    https://u.wechat.com/MMKbh1wtGuwEGoLr7hG1fXk

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 19 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.wechat.com/MMKbh1wtGuwEGoLr7hG1fXk
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:5852
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f4,0x7fff4d82f208,0x7fff4d82f214,0x7fff4d82f220
      2⤵
        PID:6088
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1856,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=2412 /prefetch:3
        2⤵
          PID:760
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2248,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
          2⤵
            PID:2292
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2480,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=3068 /prefetch:8
            2⤵
              PID:5408
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1
              2⤵
                PID:4488
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3452,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
                2⤵
                  PID:4500
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4768,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:8
                  2⤵
                    PID:220
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5088,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:8
                    2⤵
                      PID:2788
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5100,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
                      2⤵
                        PID:3076
                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
                        2⤵
                          PID:5772
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:8
                          2⤵
                            PID:4948
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:8
                            2⤵
                              PID:1692
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
                              2⤵
                                PID:2360
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6024,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:8
                                2⤵
                                  PID:5404
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2120,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:8
                                  2⤵
                                    PID:2760
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:8
                                    2⤵
                                      PID:2020
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5812,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=2812 /prefetch:8
                                      2⤵
                                        PID:5020
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8
                                        2⤵
                                          PID:2880
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=872,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:1488
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5480,i,11081290944750446315,2762807275857057434,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:8
                                          2⤵
                                            PID:3464
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                          1⤵
                                            PID:1352
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                            1⤵
                                              PID:1636
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                2⤵
                                                  PID:2228

                                              Network

                                                    MITRE ATT&CK Enterprise v16

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping5852_1825637746\manifest.json

                                                      Filesize

                                                      53B

                                                      MD5

                                                      b4d869dd7052d78d29b3e439565f1600

                                                      SHA1

                                                      caa2cfa31729f4348a02514eba0235e72b88ce5a

                                                      SHA256

                                                      0f8ee89c4a420bda691d058cdd96c874c2edeec84145c81c957e98d05e351d3c

                                                      SHA512

                                                      1fda3488df8c43ad413b2e69a5e2292322fe837f7b27b88302b4e591e7e13fdceacb0af9b8bb92ca7c0d2b39abffc776c6cc35d18abb86ce91f55c719b43480e

                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping5852_519558399\LICENSE

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      ee002cb9e51bb8dfa89640a406a1090a

                                                      SHA1

                                                      49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                      SHA256

                                                      3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                      SHA512

                                                      d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping5852_519558399\manifest.json

                                                      Filesize

                                                      84B

                                                      MD5

                                                      e0909520982fc48e47a6451443b11741

                                                      SHA1

                                                      0e46425274933c153ebf5a03f25e693267a8cea2

                                                      SHA256

                                                      2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654

                                                      SHA512

                                                      3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8

                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping5852_834139952\manifest.json

                                                      Filesize

                                                      119B

                                                      MD5

                                                      01cb8b111843d1f1dac11d249c24c8b7

                                                      SHA1

                                                      c4f1f6f219f325caee6363df7f459323109f2f6e

                                                      SHA256

                                                      b13947842a1d3e66e62bd32398a3780c18127a520e7212a4adbf006a9abfd74a

                                                      SHA512

                                                      075d54cdbd80078d4bf66f3c5814a055058f2535629cc7f5d88fa5c69d5c931dfd2c456a0bc634768d796af604ce4d585c7904c1924d35df7855dfd7e275d403

                                                    • C:\Program Files\chrome_Unpacker_BeginUnzipping5852_982050344\manifest.json

                                                      Filesize

                                                      176B

                                                      MD5

                                                      e7314184e67b4501f5048c2e5f181d96

                                                      SHA1

                                                      f741a8a1b8c18c8d4974f937ef589b134dde5419

                                                      SHA256

                                                      7bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a

                                                      SHA512

                                                      773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\autofill_bypass_cache_forms.json

                                                      Filesize

                                                      175B

                                                      MD5

                                                      8060c129d08468ed3f3f3d09f13540ce

                                                      SHA1

                                                      f979419a76d5abfc89007d91f35412420aeae611

                                                      SHA256

                                                      b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

                                                      SHA512

                                                      99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\edge_autofill_global_block_list.json

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      1c865471f98902a3818e8bbf46360342

                                                      SHA1

                                                      932497309e942f67080b84dd37dbd634117135d4

                                                      SHA256

                                                      b3ed570caaa1e88ca7fdeaa6569b5ed172adcb64221766cc73fd7e6b07e0c65d

                                                      SHA512

                                                      d77791b1a55cbb09a6dd88911be0219c712d573238666e09b0c18f7b92573db2a54dc0525d3232851f1bb9c008c2ab542bb4fcefa09b7a4be50fcd8bad4e231e

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\v1FieldTypes.json

                                                      Filesize

                                                      509KB

                                                      MD5

                                                      c1a0d30e5eebef19db1b7e68fc79d2be

                                                      SHA1

                                                      de4ccb9e7ea5850363d0e7124c01da766425039c

                                                      SHA256

                                                      f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

                                                      SHA512

                                                      f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      280B

                                                      MD5

                                                      1a9860d0a63f7df89e69a55c181657ea

                                                      SHA1

                                                      491f18fcf7320563329183e5b7ce72dba250cbe8

                                                      SHA256

                                                      7d6d6b6a3eebee46dfa220c021bb383ff9457706c4d700d4958c8fc71bbca8d3

                                                      SHA512

                                                      2dee55713683f114f393ea12851e14236ecffe2d3e986dc5a57f87d2fa74630042234dc8914e065720ed8a6cc7464b6ea6ca7df14a8842247b3b131b6dc5f946

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      14177794a18ecf6b87bb9a12ec3f36ee

                                                      SHA1

                                                      663184311d1cab52238feef92a8f34767aa8ad3f

                                                      SHA256

                                                      c61bb7d6b423a81c0b306d087f6fd60b70e10a9a0116a96998d7cbf38df570af

                                                      SHA512

                                                      f90b97a34a4b435b26f0883974244f0ce032cc64208f4bb7a7def9dea1ccbb260e539588f72fbed1aa69f163a5342f0854f987e9bbfdbfdbf13037c4c0f20da4

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f29d.TMP

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      2cfbcf4eccdcaf6aa893368130f74a8a

                                                      SHA1

                                                      99ce940d76ac5999205b9c49f497b499ad904c08

                                                      SHA256

                                                      2b37d366558ab310644623c51c2baf673f82f1d6ef0ad5eeee9a5e8b08579003

                                                      SHA512

                                                      72ab8d6ad29a4add7f2e1ddc16097f94ae20ae73865e415eb6e6075785f2246a7b094756439195c1ab72daa787a61f0c4a393be10d9730da11dea8ae2dcab56d

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                      Filesize

                                                      2B

                                                      MD5

                                                      99914b932bd37a50b983c5e7c90ae93b

                                                      SHA1

                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                      SHA256

                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                      SHA512

                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                      Filesize

                                                      108KB

                                                      MD5

                                                      06d55006c2dec078a94558b85ae01aef

                                                      SHA1

                                                      6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                      SHA256

                                                      088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                      SHA512

                                                      ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      ed5edcabb302373cd6f65c06a15b5519

                                                      SHA1

                                                      bff11f856a6e885e030ed42446a6641754f9c915

                                                      SHA256

                                                      b890dcf96e8da8414f6750a275364bde0682acf7ba643af366cc8765a414c2a3

                                                      SHA512

                                                      c5648c164e1d177b3731ddcc439079892a2fbe2ea2cf1a5d3ea1e886c9aa6ddea2d9320e8951278760c9f3b10c1f1631510a46d8922a5bf5f023febb1ee1b60b

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      d0f015815c95fb23303851fd8cffea94

                                                      SHA1

                                                      a8b7c08219465f980fa5bd52365ec6f3ae6e52b7

                                                      SHA256

                                                      678aba1d5575863f0e7a4c99dd4f9d56bc570b1ead44d6e899a7d540c3fcf762

                                                      SHA512

                                                      32f2e78cd061e92ac65b0ae0b5a548e1d6bc7783bcbabd0e722ed2a5b0c861ac5357cedad486e55c305319d87b9a21faf00e2251b11f9a3d1ac4ec3884af45fd

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                      Filesize

                                                      2B

                                                      MD5

                                                      d751713988987e9331980363e24189ce

                                                      SHA1

                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                      SHA256

                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                      SHA512

                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                      Filesize

                                                      40B

                                                      MD5

                                                      20d4b8fa017a12a108c87f540836e250

                                                      SHA1

                                                      1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                      SHA256

                                                      6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                      SHA512

                                                      507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      2d0b7685d27d8c8da9a782bad89d63cf

                                                      SHA1

                                                      504a9dd61e41312113bbfd033fd321b592f294b7

                                                      SHA256

                                                      2e96cc62a977805bdb0b0a376738bb2c9f5739ddbd169dc8616068eec83a7d91

                                                      SHA512

                                                      4823039df4cff46c7f5270fb3e8a5ccc5f1f594de28af9c9b1614dae286459435ddf62ba315776a8c91fccdf9ad5d98bee426ce3274a0e1b9736c316d6c7c203

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      16KB

                                                      MD5

                                                      b7233a5fa740ef617f74f6e2dddd211f

                                                      SHA1

                                                      70c5bef23c224ed4552a0f06791f1449817da8dd

                                                      SHA256

                                                      2767ceb7bd1d1029846f9408419ff8a74a092f5467dfb9d750cc2a8cc0b33b23

                                                      SHA512

                                                      1e254b2f3602365eef514a4b914fd04609ad7e1458f2c197c84fd14943b0898ddfb0fa7d643ebf81d914f79305ec887370f7c34dd1d4c25606b4661485d27eae

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                      Filesize

                                                      36KB

                                                      MD5

                                                      c784359a87085f261555dfbfbc113ac2

                                                      SHA1

                                                      feaab080057a0e2a488eb4d9200af418f0164419

                                                      SHA256

                                                      55d61d9b2cb259155957269807c8ba5d1835ac588fb466c821aa02c171e3fb32

                                                      SHA512

                                                      c554389b9ae19ddcc8828fe93983f0487de42e2c548103193f69f1a8bb17145264e4890857153d87480346035253a946a0bc88c04bf3f11a80a6f637f2f958ec

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                      Filesize

                                                      23KB

                                                      MD5

                                                      024dd07846952baf50e20fe444abf868

                                                      SHA1

                                                      8ad338770d12f9db96cadd15fca55e3cbf8f14d5

                                                      SHA256

                                                      2641f2eed0fa668a8800368c252fe956d3c69704fc6d16c094fe9eab3706ada3

                                                      SHA512

                                                      1a583ede8cacd1c3d849889cad2de3b26759d91914340a5eee0082a3e31299877aea45a655fb41cb4c8c382847f3bc4398609a91301672e9b87d0955f38b79c4

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.11\data.txt

                                                      Filesize

                                                      137KB

                                                      MD5

                                                      1bee2c36cebf096d8a559d5c4eeacff7

                                                      SHA1

                                                      c695eda67f31d729dfc336b8a471ad6346a39031

                                                      SHA256

                                                      5e4014e267eec120e673cfbc407e4340c234a7898319b35a304ed6ea343a7999

                                                      SHA512

                                                      ba520d383be95d8b15140b7e38e4e7ac03077bbbb8ee5326ac4162be9403bc9f0576e53840fc22cd9c4038f19f60bdeb7b4e8e0125da6ed80670238de812b4b5

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                      Filesize

                                                      460B

                                                      MD5

                                                      476847b796db0aa9ff4fe0579d2ec65b

                                                      SHA1

                                                      65f143aae28b844e9063557151bfecd2b130854e

                                                      SHA256

                                                      b52bd36ff441a227da4e32fa9f01678ae8fffbae6261ef10b3165d1cd77785af

                                                      SHA512

                                                      25e40d840a0dd5a649f329cce37c4273adb0b4c147a70f75a8c23e59201e63540b4136ad5c496a7fbbb413942c7a938c7b979d8bfb7da97776f9a768cfd67578

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      38KB

                                                      MD5

                                                      0f9b586a2b197ec0404db8c1b4eb139c

                                                      SHA1

                                                      75314779c5010cd9381ce6ddec0bbb3f769101a1

                                                      SHA256

                                                      9f2e3d60fd8fb52271ca8d2ae914d6cb35f9900d95781053bbcc2116aa9b4f04

                                                      SHA512

                                                      73a64c8f7063d9827d10be0120dcea850a16ae98b39784ee888370dfd5b39419c68b4b866c6d2ce1b426f18c0688cd6e83d8bca40b52243de4939b0e80db0971

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      45KB

                                                      MD5

                                                      26a133b7d8824939f9a8416825280866

                                                      SHA1

                                                      45d016ea066b5091ed0f92144676889394cc1582

                                                      SHA256

                                                      2bee671b40e524da711a0a3644aea7dbb124b73fa05a6a43991d38a63c1d310e

                                                      SHA512

                                                      f5c8b93752a3dfb233cfd823bfb8157e357957b0d71dd92a0b10d11834d84a6f13fa8cfebad1867f3e22e6657f1b83d31d48b3ec636e3c8495237f0d91163bcb

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      38KB

                                                      MD5

                                                      77076da42f6aea261d3f4c466dd9af53

                                                      SHA1

                                                      c263ef32be50f6c9c9842f6a650d282d8f4f2775

                                                      SHA256

                                                      c3804a8645b930b00a66e224ee37a88b936e493b531d56c4d3aa9e8e9a677d0b

                                                      SHA512

                                                      4e4081017ee8a35c5b0571a5423c6ba125576b6e70bc911dd3f1eeb94f02d035b81f5b62fcfcda281e66cbc589503901447b3470c93fc534b8b0cdc14e4d5d97

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f8374127-e8df-490d-89ed-23fb7d0b3f85.tmp

                                                      Filesize

                                                      50KB

                                                      MD5

                                                      2c04c0ec085dccdc57cc3cd9cef7d893

                                                      SHA1

                                                      5b49bec8918b38edbddf546148db806fda133bfc

                                                      SHA256

                                                      5105a0d74b308f60c0f5e3a24cd65c5d23e1bca70775d8db4248eb242abb6018

                                                      SHA512

                                                      438cca1f3377110e69ab617b8d3cf1cb3d69962631e589a27ce5770f9f36ecc29d05badb62d4052cd38e4cca0fdf5b0f1fc8335cb7b2cbc11d867c01d9f64817

                                                    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                      Filesize

                                                      2KB

                                                      MD5

                                                      38c83b1e7aa706dde6e16335a6c62c7f

                                                      SHA1

                                                      992fcb584cd134ef68e73fd7534e13d4e252bdba

                                                      SHA256

                                                      7edff9f1a5608935df0650f0185c335a26f49f7316a7ae6d70f6f7573356c6d7

                                                      SHA512

                                                      5ad337293f95eac7e0838e4a89a176c1980bbffdf8b683592a1aaab4cde5d1729aae6b49122563eadd15b39061b03efff2082a4ca9c90c017ae020584e59e146