hxxp://mail[.]ru/

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2023, 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mail.ru/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
4720	msedge.exe
4720	msedge.exe
3764	identity_helper.exe
3764	identity_helper.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 4808	4720	msedge.exe	50
PID 4720 wrote to memory of 4808	4720	msedge.exe	50
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 224	4720	msedge.exe	85
PID 4720 wrote to memory of 3436	4720	msedge.exe	86
PID 4720 wrote to memory of 3436	4720	msedge.exe	86
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88
PID 4720 wrote to memory of 4072	4720	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mail.ru/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2d6546f8,0x7ffc2d654708,0x7ffc2d654718
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17829087309357652764,3494710522435030034,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5464 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
2f3191e3b19c48978351fb72c445056a

SHA1
4142e2c0e7df033107507eab4023f394d3e74474

SHA256
2033359151c9b14fb85198950a353c67e2f8115da8b7b044548a536ec74f3c4a

SHA512
138599361a233aaf642b3d3482b6ea5f8139ce30ed4df0dfdb0faee578121e19cd21f927617d76c71f263aa401ed6457f321e17550aa4602ce68cb34196cbf68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
237f7f353fe41c381852d8c9677d35e8

SHA1
3e2098533abf360b7e93b93d13885f15ebeef88a

SHA256
cd24005399ead90664f68e2837805ed697c984f2c49e605e95df8bb6dae9e484

SHA512
63929468971db6384ecb33cd6e499bc243f6a9e8fdd5077a0bc6c1cc57e193b9b2d89f32a8ddd37427810c470883aab980befd6794b2c138006ffb70d18c40aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e38187d7cd12fe4f6aa4706874c0b475

SHA1
d2da38d71e690704b7f77d19c3ac70207b9fba8e

SHA256
d8da8ded2cd4b8b5c654178f095591c89d524b15fad9299fc24bafb3db3dd31e

SHA512
861ddc4119f63fb6955aba3b3f35363176240de793b2442881c3ec6fb9e7cb5fc2ae53d843846858184c4e1596861455638400588c9f3dc0a19645fa0dde658a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
67c51195eb188e029dbcb3b0a2c84627

SHA1
2b379d7e76f25b32c67db6573a1160976216ed0e

SHA256
959ede966106de39f5005c34cc996005f2cc5046990219aebebacc2a42ecceab

SHA512
4db0847e94e3e888e62bd410eac1330a16f1fc20da3c654659071a3eef3a28c80c5d6e9f796cb696afc1f5d5f4152ed561c3045e214854464cb41bbf18af9df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42e4c0e149574b6cd2cfe0c9e84bb46c

SHA1
5029f342f5b6ce9ff68e11d50b5fdaf98ec1317c

SHA256
79ba3de17d7037d615b14bf0bbf0c27d563acdadad45d902ef5744686df9042f

SHA512
7301e887a1c80bf168957d530e034303195956bcc611ac508e77a29b0e23fc7986caf475d03aec271b2ef2d67c15356aab6b61c4188bd201476b927423ba256f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bb1ad1754254bc1304e51ebb4b06bc29

SHA1
f0a2075092d932c273a2fdd7c39468268dc66b65

SHA256
b05e11bc9d3a7fd22938a576cbc6637a46af8bae5abd8ca3cedf9cdc4cd74de8

SHA512
bbc60e82b777733c11778f15dd0e4bda527e6a263bc85aabe54217896481dade32fb10e3b91ff187bfab4ece6aa897ffaea19ed24952f5bdd7bac3c7ab3d8db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e538f47a9bb87969f74482aed9cec4c9

SHA1
492d00f49128eee02cec3e79c5cf425901901caf

SHA256
00c621260a9b3d5fa923da613e7cc67d6cf18031551b2d224c405d994a4e041d

SHA512
3dbf57bf79b22365297f236b69d70176789918474fd30889886435222251af56098a4b817202cb58fad4b3fa3a3ddf16c4d7334424845f14d1044da466212419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a725b5a2907561798ff1295b766319bc

SHA1
846b5e42a141a74d6cf6d86f625b150c0d8487e2

SHA256
8977a859c53f9acad6907d01d9e4951c2108451e7a7675645d9e132bfa613fc6

SHA512
f7a57d274b38d7a8bb9724068115743e07c41fa90ceb73df050d937f5fcddd903d9dcbd097a3c8d8e1e43cbfb8097b4c7a50eb39e3c044a5fe6491ce3bc072ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
795140fc0bd1575de11615c9e1f6b11e

SHA1
70292c5884f042e270a69f13bb81aa8a4de948e7

SHA256
b6d220b1c09eb0d6fc9e64ef7cd6cdd35b32fa60fb8050c81b42884f109e078b

SHA512
163092a4b25201973a7c357e8cc2987e4e9613c9c6b2eaec73d82a555f5787e28125a0e157904fbb52c0015c3c5ab6f50d1e7e63d7270669068de9c11a2059ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55dba2d534028b02b440e20a921e9f30

SHA1
ca31d000201dd9fb83b9063ea83cd18c372c6181

SHA256
417f654092576fe03f2a34bc3f4cad944ce0108de819a80d8aade1d2c13880fe

SHA512
6e99e7a38d1cb605a9f818c3bc3d9da53a7b36a7b03f3e1234603b3f5a1864726715b76b4256f75bf5c3c63bd33f7c2570ea45a1695a38d06a601c767b44ec03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
99a8ee21ce4d0969a143116bc7198731

SHA1
ee2ca77bb3858e9921436943cecf4dea6adb6a13

SHA256
47e383fad099f21902ca0410e2c8c3cf8b3e10ae12edff676e11fc711cb8b523

SHA512
68f0f5418e58bfd78b7a59b8a17f53942aa94bfa838770d88289c2017ca5607e2057844d7d60e2c5b4591a4661da3eabfcd83dc8ce55aa3e3abacdc8ceb83b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
76e8f96760e65b318d0b44f7661dbf1e

SHA1
ac4731c9bd720cb8e41a2e027fea1909e04d5d19

SHA256
cb63b723ab82cb0741daac6c0c491e816a8e140c28599465e074292e67fc697d

SHA512
e28b192fc7609616471a454d9019dbdc1bd0728343259b3c48c6975e79d8de5175ce5c5baae92a9abcf115085fc09ed8e7773411f7a5378fbf9750967cd49ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
879be6c449815ed358d846cacac589c6

SHA1
c2670795e633edf1150d7f8cd9bc4b6c16281a86

SHA256
7bc313a08ec918fb93bc8ec18e4097088a07ff14ab0a7e7b0511527882bd3192

SHA512
4488234b412e6eb136fe0312331bef6667ceb1b74b9e14a096a2a90ec5ee603cff7e3ddc41ac93eee601bc8cc04de2251c81e106a368c5546ec7a1807597b61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b8251cff45a7cbc97e55ecf962dbb9c

SHA1
7e298bf2368bff9820f52e26fe98ac1c3db8e271

SHA256
4947b476f5c8eab452eace8a5bc1b9dbfdf00b29c4bfb6de5e79f36c9654031c

SHA512
d66d0e15874b2c4f6c7bf13938f2dafa1e8d481d81076a3a137aa7ff8da537327402619b14d897a4f841b85b769abe438ea925ad7abcfd3fe5be703b72cfb983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96b9fe53297957262f9bd03bd0f0c450

SHA1
13bfe646cfab9bc631bb4ea889dc5fa85d9220c4

SHA256
750d598659d6fdb6655f970c3b14fa6b183752924fc47e17bacc850edf9139c1

SHA512
ab239cb5d94d7689eea9a4a81f8a252d757f8eba79d43198b2de94c45961e9a6bed24191be20dedb63a9a5ad6cdfac8b14d0c4f4ea529dd1030bf23b7b61b106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4b518a8eec7e45bb05183f52ba7eacb7

SHA1
76d8e55985a067ffd5385b631c428444a8e8c87d

SHA256
d2447e5ead1bb8284c2738122c16185796fa5dd5e6c24a1f4248a3f309dbef72

SHA512
0fb353a04eceba6d55dde78ea618a125f8c979bd6bf6d657f3f6bf75014d9eb526f51ad94e7912913855edb28424bee7fc7dfa01ec75daceabd225750b3edf8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ed7f8254544807282993f5248f2b53ba

SHA1
c5b12e9448d4ba5f297dd5f3c87c62df8bab2d81

SHA256
30711d565a4d32e4273b891ead844b101a15f9d0d027548e22734c0193a41ea6

SHA512
017bb64db5f4cd3d4ab5f004aeaf810e78ef81a088965244043b9c4d63ae994ced250120dbe9decf97adf9477bcc9bfc3b230816231a21a310154164901554a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
14c321f99dd672aa8869857ba4e3e2f4

SHA1
a4f00c68f3e3df785e83384a41b97608d4337390

SHA256
f6a49c93f16d96ec63fd6810131e4c028ace565c41018ae87ef1a19ec34fb68b

SHA512
75d2eee5b4a2e1449df6f25bb0efbdd2c7654b29c5975d09a7501e42ec1a38f0cd99987c5ed20d57259cfb8c9d24cfa8e1d015ac026950adfc35562b0e73ccb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58394b.TMP

Filesize
1KB

MD5
4dd5c07d22998aa9c7859fc04e7b2abf

SHA1
6ce565859344b252dd23a8900709686ddd50a77d

SHA256
0e7f75e02dce39a91deb609842661513d840a35104897ae18b97e36dce7204a6

SHA512
9c9f314d188a9fff8bab3a50a3b9b4e7d402eab5b1b4cab0befbc639f50aba2d868174b785c5c107818c6d282e0b44e88fcd57da85986409f81ba2a8742d0b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000f

Filesize
17KB

MD5
aab2532f8363e63359dbf0c31981f57f

SHA1
a21523eb85636a0455977ffe525260a1a8568043

SHA256
a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13

SHA512
7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bcf102029957e2a10125bce53bc2302a

SHA1
0cb0d84e416d13cbb0ea0a0c8baa234af4de5297

SHA256
681259a485654f9aa08814e7a307a429fd21d19cdacebaf110b0d3da7616d2ef

SHA512
8bd1a8145f853438fdedda60a3732636887d63d3c834ae983a88e21ab573bbc3b4c9f77b89526f5b33a0a6327d16cae41aa8cbdb3f6940a7da3cb69e715670a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
32eba562570788af5e57fa455c264a91

SHA1
573cf6579267303877bda60b513970c0053b2bb5

SHA256
f1792f48cf93f743ee08be1eac1c304c217e760c7afff238621397e17254cbca

SHA512
3aaa81b94e7380919da3e669449e228ad3c67f646b647747f9214b9890bddbdf0e9b1e536d774748003277d988befbbd147550b03ab7d320766f640e2b0dbec1

Download Submit