hxxps://yahoo[.]com

Analysis

max time kernel
600s
max time network
634s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 14:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://yahoo.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2132103209-3755304320-2959162027-1000\{87DD1A81-5F78-4815-9D84-343CF0AD2B84}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3604	msedge.exe
3604	msedge.exe
2020	msedge.exe
2020	msedge.exe
1044	identity_helper.exe
1044	identity_helper.exe
4844	msedge.exe
4844	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1264	2020	msedge.exe	40
PID 2020 wrote to memory of 1264	2020	msedge.exe	40
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 1864	2020	msedge.exe	89
PID 2020 wrote to memory of 3604	2020	msedge.exe	90
PID 2020 wrote to memory of 3604	2020	msedge.exe	90
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91
PID 2020 wrote to memory of 392	2020	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yahoo.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c50946f8,0x7ff9c5094708,0x7ff9c5094718
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12712048760146248698,5775774974206169182,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d62cefeb0c8fbab806b3b96c7b215c16

SHA1
dc36684019f7ac8a632f5401cc3bedd482526ed7

SHA256
752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01

SHA512
9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ee1c6757da82ca0a9ae699227f619bc

SHA1
72dcf8262c6400dcbb5228afcb36795ae1b8001f

SHA256
62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31

SHA512
dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
443278e470950f894977789081375fdf

SHA1
bee7f07227bc53bd69149a6fe8d5d576dacbeb7c

SHA256
1f11962158dcbc350decdeb3537284f83241e0c451b641ee6455cc5bb8893f33

SHA512
380bfc768467d62fbfd2d0d225c9077f2208add10e359f726b13c44736a0b1f2d8fa2a4c63c32464a9025e1ef7565e1baec58d0e2022a28a0c7b7ede437bfbd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
01be906a4e50615bfe403adae5f821ec

SHA1
fb707e3b46d578f5c41a9a635c7fb9b070e68257

SHA256
5d130f85d7810ba9569321e4d0b89064e3f4a86cf3481f83aa2b96e03b2db4b1

SHA512
5653048ca7060762eda3b479459dff966953803010a88ef8317c13c5d20038030ae40cf5444de68245842369e7691077a07a1351094854321a97a4b18529971c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ca2202b2ed8eca2f6264af2d2e9af21

SHA1
ff8f25668c49a1a9d028f50632bc527f9495b9b9

SHA256
9cefa1adb55a69ed1203ac326fdf415f439c27e92464c6ab2efbe7c68416643b

SHA512
df5378c6977e200bd242283f56edc8a64a529b54f5fb8c3d201d8641c2afc3af2eea172285e47582665d6c5f25b01bb4b7d6e115253f1ac62cda6b7b502074be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fc0d4c9038895b4874c0589c941b55bf

SHA1
ac617d273ee27ab3852faed098fd0b851adef5f1

SHA256
2f9a9ae074857dba661dafaf9849f9113b56b1e7fe69105d1fa7c940aeaacb5d

SHA512
211055209e655def76ef68465a1fb190192f499c2c3fcff78ff72fe124a88a0cf870bfa40bd0916eb61d4d18b1dc1224fc562c9d48d4fa45b2af1cc8cbeba9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
64bb93a8d28af891514c0cbc9e5e7d82

SHA1
cee817bfe67f72f009aa52f80e47880df020330d

SHA256
dfb58f5b2bc101e3697d49ebf5c9bed55c9e28cf1f6e376d2690f8280dc8619f

SHA512
78c27b2980eef2b0e595979886e05623edc85e5819c048bbc696f2fbf06f21c5d592340c3fce74db20900219450bad357fa037a8430926625a0d3105fde201b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3b8fb1e37b761e97b1f09a82d736a4d2

SHA1
c4054532224b72b13a5ad4e066de0182ab31d648

SHA256
03ca921c0b4c88147abfe78a9a797cc41f90e52fee3dd17415e21dc47119429a

SHA512
87933c1535f8014c96c5b4302c27b46043cf6f678c7cf27be905a9d3f30da30490b03c10a7bb1b4e09b13e9c280338264039b73eb3c6592a978e70f46499c1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c6ea.TMP

Filesize
48B

MD5
2050dd9de9e6aa50319c576585827dcb

SHA1
c72c3e0f5b41c52f00c42391c19d10a6082c1270

SHA256
8a94a5511a0bbf2a70a3ea8430d31e2e40a98e4da52523dce0542a0ede302b83

SHA512
7b87e127d00ad908095611e5f33a9e3b7bba55daa39fa7ebd7138cd4e04ecb5736ba23a5d53f1b9a2796a06d00cffc7307500a0fe934c9ac9780bef0f33c974c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2080374714e1c47714c908902e8ccb60

SHA1
4bf9ccb7c4ec2f56cd06d59be11f8be71c16c138

SHA256
fc96e9b1a27dc52abb607153f886580d6b8469aaf99462548edaeead66ef88ad

SHA512
e79b53a16dd67227ec3dd6baab0823df212c9c64ddb0febb1fcc2619d3dbbbc04f7893efac50fe85f13769bbebc87820898a4a75f353169979792e76b7a10511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5789b2.TMP

Filesize
1KB

MD5
431dcdbcaca9cd27fe28e421af567c17

SHA1
5f53838b635ac320f44d49272243c836e7f8eaeb

SHA256
53b36a2524adf5a0ed797d7621f4665f86b853c92f3b59d51870efcd35cace24

SHA512
5130a823be78642cdc5e1b08c347fa90fd65b0c7aaebbfa4ec40e3e22e3dd0d81edd2b5922a00c7c2ed2db41ab80efca9b27d1954d8a8556e40a11984e71ace7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b597508de9d74da63c3226abbe2461f

SHA1
bee8949591b09c025187c73dab7a4db5db2f3a52

SHA256
05772c465c32c562b0326f21ac11b06c66562d69f47f24ad63e3859ba0ad8441

SHA512
05d2da1024b918ab01666757a38072d3399422ba30c05071a0476042c5b4006508f314eb581ed51d84015b6b91002724981a2289427eb7f689eac6432782650b

Download Submit