Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250619-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2025, 05:54

General

  • Target

    https://www.ladn.eu/emailing/newsletter_ladn/youtube_bleu.jpg?v=%5b%5bversion%5d%5d

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 16 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ladn.eu/emailing/newsletter_ladn/youtube_bleu.jpg?v=%5b%5bversion%5d%5d
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2dc,0x7ff947c5f208,0x7ff947c5f214,0x7ff947c5f220
      2⤵
        PID:5408
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1768,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
        2⤵
          PID:3068
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2256,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:2
          2⤵
            PID:3280
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2580,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=2596 /prefetch:8
            2⤵
              PID:208
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3520,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
              2⤵
                PID:4636
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3532,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:1
                2⤵
                  PID:4688
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4836,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:8
                  2⤵
                    PID:4136
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4960,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:8
                    2⤵
                      PID:4544
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
                      2⤵
                        PID:4388
                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:8
                        2⤵
                          PID:1240
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:8
                          2⤵
                            PID:2748
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5980,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
                            2⤵
                              PID:4860
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6056,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
                              2⤵
                                PID:716
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6104,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:8
                                2⤵
                                  PID:2972
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5096,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:8
                                  2⤵
                                    PID:4600
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5920,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8
                                    2⤵
                                      PID:2332
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4364,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
                                      2⤵
                                        PID:3064
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5296,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:8
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3708
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6100,i,12263824388546163290,9446661460401001843,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8
                                        2⤵
                                          PID:4912
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                        1⤵
                                          PID:2228
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                          1⤵
                                            PID:5704
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                              2⤵
                                                PID:2164

                                            Network

                                                  MITRE ATT&CK Enterprise v16

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping1636_1679458381\LICENSE

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    ee002cb9e51bb8dfa89640a406a1090a

                                                    SHA1

                                                    49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                    SHA256

                                                    3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                    SHA512

                                                    d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping1636_1679458381\manifest.json

                                                    Filesize

                                                    84B

                                                    MD5

                                                    e0909520982fc48e47a6451443b11741

                                                    SHA1

                                                    0e46425274933c153ebf5a03f25e693267a8cea2

                                                    SHA256

                                                    2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654

                                                    SHA512

                                                    3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping1636_1900978016\manifest.json

                                                    Filesize

                                                    176B

                                                    MD5

                                                    8177721150435a9b333475e2b8a6e691

                                                    SHA1

                                                    8aa8981617e8f3d8967a0a4a2d20315317eba293

                                                    SHA256

                                                    8a4800ed5f63b9371a024c501ee2b031af94539e32e6753214e6d99c625c018c

                                                    SHA512

                                                    540c4c52030c6a4e1efcfab5eb59760c696bb3e3f1b8f93c97a6368639a911ba3d395190fc0798d99f3c63e25b6dcf2ded482bbda34d36ddd874dd20c2cfdf74

                                                  • C:\Program Files\chrome_Unpacker_BeginUnzipping1636_410948547\manifest.json

                                                    Filesize

                                                    119B

                                                    MD5

                                                    01cb8b111843d1f1dac11d249c24c8b7

                                                    SHA1

                                                    c4f1f6f219f325caee6363df7f459323109f2f6e

                                                    SHA256

                                                    b13947842a1d3e66e62bd32398a3780c18127a520e7212a4adbf006a9abfd74a

                                                    SHA512

                                                    075d54cdbd80078d4bf66f3c5814a055058f2535629cc7f5d88fa5c69d5c931dfd2c456a0bc634768d796af604ce4d585c7904c1924d35df7855dfd7e275d403

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\autofill_bypass_cache_forms.json

                                                    Filesize

                                                    175B

                                                    MD5

                                                    8060c129d08468ed3f3f3d09f13540ce

                                                    SHA1

                                                    f979419a76d5abfc89007d91f35412420aeae611

                                                    SHA256

                                                    b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

                                                    SHA512

                                                    99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\edge_autofill_global_block_list.json

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    1c865471f98902a3818e8bbf46360342

                                                    SHA1

                                                    932497309e942f67080b84dd37dbd634117135d4

                                                    SHA256

                                                    b3ed570caaa1e88ca7fdeaa6569b5ed172adcb64221766cc73fd7e6b07e0c65d

                                                    SHA512

                                                    d77791b1a55cbb09a6dd88911be0219c712d573238666e09b0c18f7b92573db2a54dc0525d3232851f1bb9c008c2ab542bb4fcefa09b7a4be50fcd8bad4e231e

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\v1FieldTypes.json

                                                    Filesize

                                                    509KB

                                                    MD5

                                                    c1a0d30e5eebef19db1b7e68fc79d2be

                                                    SHA1

                                                    de4ccb9e7ea5850363d0e7124c01da766425039c

                                                    SHA256

                                                    f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

                                                    SHA512

                                                    f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    280B

                                                    MD5

                                                    1a9860d0a63f7df89e69a55c181657ea

                                                    SHA1

                                                    491f18fcf7320563329183e5b7ce72dba250cbe8

                                                    SHA256

                                                    7d6d6b6a3eebee46dfa220c021bb383ff9457706c4d700d4958c8fc71bbca8d3

                                                    SHA512

                                                    2dee55713683f114f393ea12851e14236ecffe2d3e986dc5a57f87d2fa74630042234dc8914e065720ed8a6cc7464b6ea6ca7df14a8842247b3b131b6dc5f946

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                    Filesize

                                                    2B

                                                    MD5

                                                    99914b932bd37a50b983c5e7c90ae93b

                                                    SHA1

                                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                    SHA256

                                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                    SHA512

                                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                    Filesize

                                                    108KB

                                                    MD5

                                                    06d55006c2dec078a94558b85ae01aef

                                                    SHA1

                                                    6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                    SHA256

                                                    088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                    SHA512

                                                    ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    c3d83bb46a58191ea4e3bccc0bbe240f

                                                    SHA1

                                                    d960e9af79fbcd7f50ffac16e12f22506bf34a93

                                                    SHA256

                                                    721ac464daf62e0717393c935af9a0a3d5f9d422e03e1f50fc7b60d928084d77

                                                    SHA512

                                                    88412e5301b3d25bdbcf1c28cf40017e9d20c8f0ecd7760cb0e21f1494a6992856c471c3b8f18c588e492be492211a5aefd765358d7a313d6095e6a479a58878

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                    Filesize

                                                    2B

                                                    MD5

                                                    d751713988987e9331980363e24189ce

                                                    SHA1

                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                    SHA256

                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                    SHA512

                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                    Filesize

                                                    40B

                                                    MD5

                                                    20d4b8fa017a12a108c87f540836e250

                                                    SHA1

                                                    1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                    SHA256

                                                    6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                    SHA512

                                                    507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    16KB

                                                    MD5

                                                    a9fad4e5723ee970fd3bf2f8e8aa3df5

                                                    SHA1

                                                    a9aeebfff335285e9df0806d05ed67132d90df0e

                                                    SHA256

                                                    4055118abfd2f090f842c4ef78212e6cb518ece8387961df2ed435519f394803

                                                    SHA512

                                                    d6b61ad056bb0c18f16eb5067cb7b3ea30855865b5b00812721ca206982482d002719ce51a6c22b46a4f520b19db628842d688730d268c5fb0936901670ab5b8

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                    Filesize

                                                    36KB

                                                    MD5

                                                    960dc439b4c09a6bba0720a0997c30d2

                                                    SHA1

                                                    18c12a42f3f95c7b79f801254d4cd2b9fdcc231b

                                                    SHA256

                                                    77162710610a250e16bcd69a1373a0484688a2ce784074719c9a49c161a3c19c

                                                    SHA512

                                                    de96e1bc048d9ecdd0c6da1ac5f9839116a62cfdeeabab6a8330a8df617519d971a8e81e13f65e3e9059fbbd9d6340c653a569253fba197150c8cbf2f8dcf581

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                    Filesize

                                                    22KB

                                                    MD5

                                                    3e75c7efc4fe742d9dd1cb3d30b2c1a3

                                                    SHA1

                                                    c50c0dab3bcad5125fee1f270feb2f8c088e68b2

                                                    SHA256

                                                    37e494fef02847e52b9c65a87f103dda7a489ec4526ef9d6fb84e448713272f9

                                                    SHA512

                                                    508958fd3378cce1d94431ffa5f208c5edd0f9969a89187b5ec4eccaac6c202bb1a3fefefbd3a9ca8c2786c78b01d1483b25f64abec4a3c3da3119ffea6011c1

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fe573bfc-19ec-47ab-8821-aa1e2b9dc8dd.tmp

                                                    Filesize

                                                    15KB

                                                    MD5

                                                    6e237ab55324d6cb8d7e8368be833173

                                                    SHA1

                                                    af413afd5f3494217c198f813e13fbc4a2fb72ba

                                                    SHA256

                                                    072d35c86c6a917e62e7e506c2a8a9b10732db4d84d058bfeada9ebe5f1b9ce2

                                                    SHA512

                                                    c5d8d9a981133b7a812c58188dff9cee7ac91fb1b0c84c5f254346ecde13af32f24d73cfc42251f4f9789c6104b80df55aa13cca382d0ffd70f6e9effd645187

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                    Filesize

                                                    460B

                                                    MD5

                                                    8145170456b63e59097076a1c047f6b2

                                                    SHA1

                                                    8dfbfe899b3fbad1bbbd5e5da333b2f341645c88

                                                    SHA256

                                                    17c494afe08d7097d9a5b310be10d19aa89f64432cbe6c9df689906773cd1f5b

                                                    SHA512

                                                    b555240cc12307130478c94bf63c12a4588ea1e1ca8f537096ac72d45398f0514a50a6b4ab7d78c02a597b755f3a87dd131035d69eac4046390df4773b1c736d

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    37KB

                                                    MD5

                                                    8b209fc0b12f0d66a61f461506f55785

                                                    SHA1

                                                    c69eb10a14c4bbfb2df00d8a752926b91ac2ccf0

                                                    SHA256

                                                    fe854f1f9751d7281fc6cd436a8b465457fe7b663617678a8bb0deaae1017643

                                                    SHA512

                                                    ff8efcfa421bf16a0d9efab3df5bbb18bb5d2c1a63153da9285375afeb03cf0db5c28af5994555e466fc897194823d161242d65c87923eb35b276e135c850202

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    38KB

                                                    MD5

                                                    4891f54c5d8b3f75ba55964e16b7d759

                                                    SHA1

                                                    900cac1b5d2ba2fed7df2d38e66123d6d221f69e

                                                    SHA256

                                                    f0d34c99673ad7638db5a84abfc9a07739f0f33be74c016b1a011e97ecc27e4a

                                                    SHA512

                                                    bcdd2a701ef9c9cb8998aaef70c4342e1d5cfa78613fdd366a2c1de1b17774542ff4ce15bad814dfb92ec0acdf80fe2442f5477f87ba2de44f764979697d2c84

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    50KB

                                                    MD5

                                                    915279735b54f73d611d9107d64e1a80

                                                    SHA1

                                                    97c8c92cfd1cec91269e857b4d291ae954d4a338

                                                    SHA256

                                                    e9b192f8f29abf994737a294a636929bc8fa0c61912ad3b00548596035873704

                                                    SHA512

                                                    c18d053955a7b074de4174a7ceb3a2068d55718825cf438818cedc8e792264efd778bc0fdb7dda900d45bf29c7434b8dbdef5f693f8dde23d390efd518511fce

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    45KB

                                                    MD5

                                                    1806dd946c29b3130eaec17f7e367618

                                                    SHA1

                                                    7d95ee4ca46aa84eb1d6ef293cef6372e69b853d

                                                    SHA256

                                                    ab4581f144b750a3328f6b487d135c689b78b94acfb47e2f30154bd9d2feb512

                                                    SHA512

                                                    b6f5d30601bf45ddcf570be3c6aac7ed4d5615ebcc38790916a45e66cc3eab826d86d0482fbf610aacc0795f6ac1fdc659bbdd02e919790142c757f7c3b09a6e

                                                  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    30442126028a8db0dc41663bfcd8094f

                                                    SHA1

                                                    128e49988407f3d57f01f354ae271812e59edc1b

                                                    SHA256

                                                    33787967b9ce92725cdf71f343b9a301fa572c8aa5cdf9f7adcf7fe2611fb8d8

                                                    SHA512

                                                    a2e77db3abc0e62d808d2ae5123ee388e37d954e2753f72e40715e04228278f869aa5bf675702bcbcd124b36727d557ce6e58f909273fce2069d975596a26615