Analysis
-
max time kernel
184s -
max time network
186s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
24-06-2024 16:49
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 3740 msedge.exe 3740 msedge.exe 2612 msedge.exe 2612 msedge.exe 1064 msedge.exe 1064 msedge.exe 4888 identity_helper.exe 4888 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
Processes:
msedge.exepid process 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1592 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1592 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe 2612 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2612 wrote to memory of 4188 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 4188 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 1340 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3740 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3740 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe PID 2612 wrote to memory of 3360 2612 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://intakeq.com/export/consent/66759da5b825bf5fcd44c7ca1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff95a933cb8,0x7ff95a933cc8,0x7ff95a933cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=4640 /prefetch:62⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5096 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7144 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,6192259875259313969,14475786765171683001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5700 /prefetch:22⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004E81⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f717f56b5d8e2e057c440a5a81043662
SHA10ad6c9bbd28dab5c9664bad04db95fd50db36b3f
SHA2564286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945
SHA51261e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5196eaa9f7a574c29bd419f9d8c2d9349
SHA119982d15d1e2688903b0a3e53a8517ab537b68ed
SHA256df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412
SHA512e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004Filesize
19KB
MD502363e4c20be02f305298c569681427c
SHA1eeef3294f36805907ec217be82022a71350aa7f5
SHA256de0591b9220b931a57f173ce64d7e14f041b979ca5bec6127b4bcec7c373ad1c
SHA5127ad5ab34536709f0aa0c7fedabf6432a6eb2f5d201bc71aa34e236e230d9fdf7c01eae3a1800de9f9af01521b881478f259be1574755c4fc17b8090e237be9da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
144B
MD5595703c46b54b841daf0ce8df305b2f0
SHA195624d217523c4aab0cbdfd1301bbe33e6172ec3
SHA256f1fc266d715136ade2fe7e4a6bc1e5603a92587b2f4c37c027d7b2b5aab63908
SHA512752031417ef3fcbd19f3718d2c9409a14baf45e9bbab3d22c7cde78a7b3ffbc78a9838b01298c73bc704f5cac86c70611f37d4f767e43e8f2fa066d04a062c97
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
240B
MD578fd67c40a9f5892c62b93c187001c0a
SHA191e5d7c46156a787bdb4786ffba5da0f64cb379e
SHA256c1b5c4888d26baf87e4cccee6cba8f90ac2f0ff4b1c057dd0d79b57fdb18d7af
SHA5121d7fab3f28534d66a6d50febaec4ea518162dd898edf82343bae804dccd2552720505e010e17fec16bef0c3e47fb0dfb94b945f98062b72eeb6b9035ee11b61f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
426B
MD5f0e7effd094e7615c6618516ae68b357
SHA1d7af53415ec0fe568943cec1a4e29fbfb1d50b3a
SHA25670126b61df2c0ce680441b380371f1df4fa64c189b806befc7bb4345a94c5e2b
SHA512b98c5f1f085bbe1224edc355d8a32a9d914e05e8dd5a6ceeb3760b626f2a0e38e6b538ba1fc139405a7c0f5c8750614088205389c890794c7b3f8852606442f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
496B
MD529db54c42e6ebea346598deb2d71e85b
SHA10a84142b886e25cfde40ae73e36c57253133e322
SHA2568403a9eab30bc63d715de531dd5e6ce022b1713d337c6c4b209637a4e1ef7e01
SHA5124682aa61e646ffb8f1c6fb8b3f624bd3713776208fb67c872a65cc7da4434a73cd0a3c8c698972871313ac9909642ccaa35aa1ceddb883794e201449d3e8b827
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
426B
MD5916fb3226fb287c0d8e63acc39b376cb
SHA1f2b161162e39a8b28238f0416e55dacb44cee250
SHA2566f313b438d0f1c96a14e1dc9003be49330cf45718aa73b30662ed5ce262fd824
SHA51290a6eb0a19c21a3efed912f88278ce72fe2373f051fb56bcf7ecc5a862569f7a0b975e8b6650acb12ef6f973feb8f971eb50460ce1e0df7a27fbefa9877fb62a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD53eda82dfc88317daed1260f11a1067ff
SHA1da3942c44f56235f4cb1f9ff0a070e0cfd5a5e71
SHA256a521c48fdb14efcdafe1f709dcab6ae686abdd1a1f76e7c21c7392aa9ff754f3
SHA5127086260175791e6f6779bc141dfe3e9870d799ccf27a709066b6ef2e3eca2fc604308113f9d59e392b2559426c50c637af1583461712c1c7a14e90ba14da9670
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5981d01307a3ef4f82555e9c7a30fb8b2
SHA1736d73a05f484178c259201d8426d706b0fc44b5
SHA256f738af9e9c4f9963ce8df7b4d57111283b6b6fc607bbf5e109fcb181f4a3e2a2
SHA51266d61b3d1bb873b39f5f0f158eeddc5ca6f3b1e6c923333e862a0aff81d753d8401bb3154d47d91414580afbba55ac70715a14ca7a8d7be76e615c1f03cce132
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD58d281f4a9c6ce87f79e1032b4f66d275
SHA1042c7fde79bd0a1be1c9b27e37215bee0f5e243b
SHA256bcc15ff83fa09e6c2857d3d23f1799645534f4f0b5462e1f235e389719566a55
SHA512a329ee6e465bdc90b3540b3e4bcad5f3aaa90dd733f8d1a2dd9dd522a9655b58ec95e0e5aa6c4157752627c1fde43006aad8627d700070f574e1d00bd6eb3e41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5dc45b4ef7510782134d6b3c156548285
SHA1fc42125a70ceef4aeeaa95d133b0c9325afcead0
SHA256919d600104b6868447f798912f49cde6a9f76692eea1580b3d226682a673668a
SHA51238b07ea15baf74c8a5d70aac7c070e318a832feaf84fca7ca5f958f1fadf227f1952e7902bec9a6e8d5acb87adb009704b4dd448181dc170e1a283e9a16cef66
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5ca9e808bd30a1477c3f161f86eb587e1
SHA12ce802ac0f05c1cf3544b0de23d27d368d1c4d13
SHA25614bb5d1cb0286a63672595959d168ab672648a4a4bb5fedb6161ee5af499cec0
SHA512f9d64fbe3822c5215e63db546cd34999d238cf94f3827d43779e0cf0b9b441b07e9eaf0f621fd5f5c0f7c9159a93e3dcf390c0f880695cc1f0f5517b9e4e23f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f66fc29a932ee4faa2b62819d6083cb8
SHA154c90fb9dab54a81e70413f3a7764925843be7b7
SHA256432236793bb7858f676fd83d19d2607b9a82d6296c149e7f76b9e42dd4485671
SHA51205dd55a82ece941a7a89867b894d0ee785cb7ae5e974c2f9c327995505de9ae54494089c37743a2cf7504c6c7459ed5143fa719e5b2e7f79cd1e075afbf2d441
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD55798c15a23aa98c71da8c19c2d04d44a
SHA15f90975351b3e0c54abbf0abc578ea26ef7217ca
SHA2567d9ebb9469c317edd2f98293bae78ec3462343cbb951b234f102c3aa1afa2db4
SHA512155520781c728dfecfcbc3fd7ee4c052b40b25f4435f5b9e7d3958eb95198b7023417c7fc76291e175c4c0ac94f33281184e30debc1f59d80fef03f977b31f54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5cd28a6461281312455f154e431325e22
SHA14b8a637897ac6ac92ca10a69c1ceaa89dc8301be
SHA2565ce442bac0484beecb342b128d6c43a119f38fb7bf7c20b34bd1af1d92360480
SHA5123356b5bab391f9bc7f626ca251902ecd583de25258c166e2ec7f21986c2536fd771db8f7426eaba0ed801f82e98ccfa7cf0aef2b1283d80bab75c9d760bf2f38
-
\??\pipe\LOCAL\crashpad_2612_TAWMBJVAWYGARIDGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e