Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
25-06-2024 02:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://docs.google.com/presentation/d/e/2PACX-1vTDhNl-OZ6aUKBCTR_itPCf5fmabXjqRY06mz6kdu8d-WQnHPNGxJkGVGDqJb7vnBXCWliiI09edc9F/pub?start=false&loop=false&delayms=3000&data=05
Resource
win10v2004-20240611-en
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5028 msedge.exe 5028 msedge.exe 1384 msedge.exe 1384 msedge.exe 4884 identity_helper.exe 4884 identity_helper.exe 1052 msedge.exe 1052 msedge.exe 1052 msedge.exe 1052 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe 1384 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1384 wrote to memory of 1280 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 1280 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3512 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 5028 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 5028 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 3128 1384 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/presentation/d/e/2PACX-1vTDhNl-OZ6aUKBCTR_itPCf5fmabXjqRY06mz6kdu8d-WQnHPNGxJkGVGDqJb7vnBXCWliiI09edc9F/pub?start=false&loop=false&delayms=3000&data=051⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe197b46f8,0x7ffe197b4708,0x7ffe197b47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17473644314173953071,15128784964897616276,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
336B
MD58fa0f12061683161d1ee84e889b9afa5
SHA11f938ee03296271cb082c9d490f33477473f127c
SHA256704811bc593369a6c2f91bb5fcd969f45ff6207bdf47479ba5869268485e0d06
SHA51236f45226c8469411ded09251dd11a61d9035219287dddb3dc8f7ff5050333a97f827508112baf975f3f51475f37463f425c1d59d121c9c310f25973cbf0acd21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
192B
MD51ab06f8250640289b1e2f5b59155f6ae
SHA1c23cbbf368f3e10cb51bc9fcfb0cd4badbf6bf10
SHA25661f6def2d107960598c7ae27660b8118247892c4427edfffdd60d761f3f827d7
SHA5121e27f17a9ab86538691561fc1c919b7e969de94ee6ceb73034cc69db97c7e6ee5a6ef3b7d6a890fea0b35fa4b1e5406724232ff8666fa053889f7d36445dadce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD543d8a2e1e006eb6770227412f38f2178
SHA1ab3765805b1df42bbc7399f359864b3cd8690ec2
SHA256e5742e5ee1624fab54f44d1ea5fa38cf80a00a455e3f9f0dc0f3cb178f8e8a3f
SHA512077a41eb89569233443680f53276b33e6732c6dbb99d762bb9e7bd6ae953111236d1d4a35bbcbbde3ea25acd7422097de7f821d3ed1870f6e4d978c00395c59c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD55de6b9f3f1690d4b5eb21bc8c828981b
SHA19568da44ffc55c34df3d41860b1c3d22760a9daa
SHA256ecf441ab5f429eec2ada57e0494f335ddc4a0f44039e2657e17f811cc4acb271
SHA512a15bb5ac8bcbf996675a76e07a2ab03d76a66e3250ebf2ffc9dfcb11b5111c69162526c05d3bd38fb383515b47d384c6718b0160323eeb98ead9bd99a67801af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ab8ecf0a163b632e6afe797c0e26b8e9
SHA1df442608d5a540d8937c86d0c6c73faae8e61a47
SHA2567591e1f4d5f0739ce4481a68a98e94d162cadc3eb4686908ac33a7c713b7f7be
SHA5129b5c791341141b4425174701d3da77771a206a69155dddcca0f3990c45194f91d6429bb8d6417294e7452ca14aa11c0d8136c8669487daa80c16bf1bcc3cbfdc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
874B
MD50aad57b2982676df8e425be7d99cfb9d
SHA1615a6efd70b665edf5648728cd9f298c77e4f09a
SHA2562e14f74393a13ad4d7b15ea200f491663bc1b388f25587ccd423a871d8b8c2ea
SHA51283cb3629591ffec98b155e42cfa7b3be27329428747c8742c804c8145b451abea8002011b53383dfc6c88f26b55f8cb1a42fde9dbe6ddd881378c35690c3293e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f4ac.TMPFilesize
371B
MD5b9f8c785c2dd05ad67e32f6117690d69
SHA1ce928b43918e6a618da04383b1176cd2da7aa084
SHA25632a6f4cff4e9ca3a14fa8eb867cca2d0d9ac0928f1584e6618a282c00dcb5fab
SHA5121afc6d769e6f17cc20b6f8dc9d91503dd2424b26f5b44e6d072b6fe56f8095c5e955bcdf8df4328fce8010f6c3f4e19d6f1c0858a7598c3e42988e5224a4256f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD590a725dc39a55123ade88f9a2d034b00
SHA1ebce9b014f9e771ceb2ffa6838c30d2888e2ac65
SHA2568cb7afe0d1a64e6fde0c7fddd487560a2673fa7222b7eed0aa800e61cd2451bf
SHA512c7144b2065ced1f069cc6a4d4013a649bd294a9e87834daaca51fcac5a40057924b9131ee2c68d962bda719cd8edd473a59f958beb646555c30a725a3ea9b4a9
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84