hxxp://www[.]wayfair[.]com/b[.]php?transactionId=ZmJkNWQ2YTItMTEwMi00Ng%3D%3D&eventType=SiteImpression&content=TN_FREESHIPPING&text=Free+Shipping+Over+%2435*&textColor=%23ffffff&pageId=&timestamp=1721389522658

Analysis

max time kernel
600s
max time network
591s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.wayfair.com/b.php?transactionId=ZmJkNWQ2YTItMTEwMi00Ng%3D%3D&eventType=SiteImpression&content=TN_FREESHIPPING&text=Free+Shipping+Over+%2435*&textColor=%23ffffff&pageId=&timestamp=1721389522658

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2650514177-1034912467-4025611726-1000\{29A76DF7-8980-4DB0-8FED-A2097CD94D37}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
3060	msedge.exe
3060	msedge.exe
4844	identity_helper.exe
4844	identity_helper.exe
4936	msedge.exe
4936	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 3636	3060	msedge.exe	84
PID 3060 wrote to memory of 3636	3060	msedge.exe	84
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 3428	3060	msedge.exe	85
PID 3060 wrote to memory of 4440	3060	msedge.exe	86
PID 3060 wrote to memory of 4440	3060	msedge.exe	86
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87
PID 3060 wrote to memory of 2872	3060	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.wayfair.com/b.php?transactionId=ZmJkNWQ2YTItMTEwMi00Ng%3D%3D&eventType=SiteImpression&content=TN_FREESHIPPING&text=Free+Shipping+Over+%2435*&textColor=%23ffffff&pageId=&timestamp=1721389522658
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc43046f8,0x7ffcc4304708,0x7ffcc4304718
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,15291476826514417668,12705688849501891297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
a18c00362f98b1a154714b0c358f19a3

SHA1
dba81ffe2d5e4e5c3edc53bd4b04ed11bc28b339

SHA256
84521cf7b6a0345ec3732dce8c25254334c9a4c409e5673c04210f6640cec925

SHA512
5a7daa980e5efa01058379e9960621518e16aef1188ec373cd6f7debf962ff04864526cb86a9f3e57b3dc524689554b11c3663359ed6da5176efa805f16697ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
318c8760792dc394bc1498a7d5714f4c

SHA1
1c76b0701daebfac4b9b4571a0a61921d0543679

SHA256
178f38160735c562afb747e782abda5347c9ed05633a27a97f2f7a06d41cc9dc

SHA512
d5a339086830fb5681038d335278914ea44c6aaf148697fbf40bc4a6d487bce6037e7e72a1825480aca4f9739e052aee49fa341af51fd06696eb4d5f63aa380f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
3d7ea38dfa2cb7481f34a109822b39fb

SHA1
2464b3747b6f835957052bd26c6733080d4a54f8

SHA256
a69ad897deb014ddf43981f7be38eff0ac0850c28763c57c3b46ad917c03bbea

SHA512
684e751e376bad10534bab500322ba3001623533c7962d822ea7a6461d8c58537f08583da784942ec7b68a4c746607746a054d6a1268e91c4cdc699f2eb2a06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
969f313fd5f8d10665ec66e0f621c396

SHA1
d106eca3a78f17e14e43a31bb1c7033b54922f87

SHA256
8936e670b7b709eaa8655899d4207a1f401f524a6cc0d9fe7f81e1bbfef3b39a

SHA512
11b3eede3392298ade8eb402062e4ff18304d25414871538658de8ce5653dca21a2f05be8ce267d2363555e99d5f4dba211e25e3c15a762db9b42e7e48a5c2e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8b165cffb13abe5ad3bbfd2637265ee8

SHA1
39f297e393a237622bb30108be0fb4208cef66d8

SHA256
321dda9401e09056ed7b51357f1b7f7d8cd97721c6291b095db26238ecd3fa94

SHA512
f197cf1a4cedeeda6834056e5f9d2ea05155ea8e2286cac3a64a2118f18fd94011f4ce7a36a3af74263506464b9b0b17b25055ed1550272e0fee9a4f3be0887a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47e48562a5f17077460c04ce2b104aa9

SHA1
2c45f27753555f47fa23a1f59c3f7ff2c53448eb

SHA256
83e5dfc8f1abf29716303f84025a3ffd2bd29c3da2d659fb8e479eaa7d3161e4

SHA512
c91c57c3d4a965bbb47820ed6e0961b04aa98baf721a9156f14b79d1c19d240706098aa44db5ed1ecdaf3122ce39a7144385f799fda699ebc49aff9406123cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
68840bab6f46ee32decf251f856c96f4

SHA1
d5e7772ddb5b823c553012693f472a2d1c17fa60

SHA256
efd377ad990290507ac61ca50d496cfa718183fcd02e6213e4012a3c005a76a5

SHA512
c880468e231e47731149220d65809cc4e9641f61a59808a6eddc1c39dadabe610eedff595d4b5c70cf155d5eadc68cc22cfc698b6349b38a9aa549acdbb64f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a548012beb4f82cb5bd33ce87e323b1d

SHA1
05c4776cefa5c50b59aaebd00413ad40d5327622

SHA256
1ac80e33d7301e52d639b95965bba1f95bca53d00bcc516f6adee82a9e8c7306

SHA512
ca115277198e34300d97196288eb496b537abf0ea718796c28cc3d955f4d12d72a1b68f41fa2623cb269b44f429a3371ca15577bd043a1db65dadd76a75b6a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6e33f1eddebcad582972c70d6042020d

SHA1
9660485e5f21fb3f83acf338424638285af019a9

SHA256
45619caea2956e4c62edd51196ecc611d0540c7d8de5bdf1cdab12a873a96b50

SHA512
0f59be00e3e54a7abef6b5e18b4d1cbd4fd72b7d0f14661fde13a26fe7eeca6a1b091556393bacaa879d649a890bd09327b8e8d3e6953245b2790a011ce354b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
df8b7ad89036209cea013703dbdef665

SHA1
5f5c73e623961fb62d5736f58f7b461dca5b4fdf

SHA256
d339f0abbe295961ff95670fa1b9b3753a1be0ffde763aa1b59f973b863d50ee

SHA512
9f7e7091f7a6bf251bec587f7200845cbcdfc9d707bc39f13e8bdd7ab0258b5e60491c882b6d6e291c5a525cf28096f60f323c21d02180fca652c17c968a0d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
08026a3307fb6a82745cb679965859cf

SHA1
eaf53f2be3b666bc44550cb4c556d9efc8c0125c

SHA256
b6bb5071b173e34f09b00e48863181ec99fb8c80e2c71651750e2ccb890bcc81

SHA512
8d1f5e7fe21bb2c9eb7f64e4fda551804378adcecbb6eff027d934e8e7059292807e4938dfad3ed201477687dcbeef512351b55814178ecb62ad7b817b98cee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
243b13fbc4a64bfe79c3d5bb3ae8179d

SHA1
1db1b2ada3d8b64e457deb507993c5ef1dc11014

SHA256
da7aac38129984f1d5505c7b6999491593c80881a05da9ddbb97df8cb7317819

SHA512
347c84d8f15e675c4ee30c5d81bbf6c5587fde752395191c992f00f7fc26133294f0eb05684ce838afa6076341c38999420bdc9719ff292b5e38d5fe5df4dcf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1f758b3af6da2f79fa2fb56dc694bc45

SHA1
fe1a2358cc247b4d9fb59a9b9c299a8c079ccc7f

SHA256
4f6ac475c2f31c23b5a0121ae680e7df9892df78acc9972d0030b00e2693b380

SHA512
1b53d4338c62d339f3a2167cc248d8c7ab1143f7170aec05b11bf9a748380a15970af5a65a4d63a4bb67c8c4540379322af30dba70b8c45e5a0ad80bc2c6dfb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3cb634d1748d9182420a8f593a5a3f1a

SHA1
77c4f2bfc0318141427e4da5de83096b9e5b953e

SHA256
b95c75fdd3a010f8997112c19b209277b18cf13b133f5b9005b3207d72e45a01

SHA512
6f52ff2a2a120becbefed7deb95230af078e2eab6de025fa1334601a448150b2ac08e92d20b4928de0c42fece3ccb7836d915487f35930d4b3e471f7637c3b8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582cd7.TMP

Filesize
371B

MD5
4f4a5e3fd27a74865944534958f5744e

SHA1
5a319179facc5dc8e30a71ff23eff3585e1368a0

SHA256
8df105fede2bab5622a22a270a7782e2f9e079054d985fb6b3a34d59f47366c7

SHA512
94d84cac5ec07e930ea7ef17393c9012eda8299e013cff6b892251bda2999de77492464d63d334542de7c82cdcec4fa9b7097f73db58e36ca58f17ad7cc373a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
717c1bfbe6fdb97ff887c60abdb04602

SHA1
cd9cdd485416f53afd897f97ffbc6b42f9c42b80

SHA256
bc2575b5b8f2a6fcdce09fb416cd6521f2258e95a7299a157ba3e27e6d95db14

SHA512
63d492e5994d550ca21c418ddb0ca8a29ea190db7b7caf347e114e48a611f7fc25e522f06725e6aba58ac2266dfb2947f72c13c9a0cfb3215596b68e45fe294e

Download Submit