Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 07:11
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2588 msedge.exe 2588 msedge.exe 2948 msedge.exe 2948 msedge.exe 4528 identity_helper.exe 4528 identity_helper.exe 3376 msedge.exe 3376 msedge.exe 3376 msedge.exe 3376 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2948 wrote to memory of 1536 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1536 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 216 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 2588 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 2588 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe PID 2948 wrote to memory of 1856 2948 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/AAb9ysg1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff810c446f8,0x7ff810c44708,0x7ff810c447182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5769304601913951860,15156318906004424950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6096 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5f5b3591-2a6a-4119-b5e9-bf3228bf6634.tmpFilesize
7KB
MD5841bf5c7c58b09bdbba194b626eadf80
SHA179735b896bc8a9f0c90e78cffd3355580d4d78b2
SHA256024b252ab25b3da4fd3e65974aafa281a9a09e97e675f5ae62a1e63f203bc843
SHA5126b5a0300ba8f5dba61f35d2378fb95a900a74bfadc3657f0a5c0de5f90f13b0d6c35c8c43026a8ac02e0df92145fe2cbfbb76c8772907c2de3a4822d7923734f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001Filesize
22KB
MD5c654a623ad90bb3dcd769dbbac34d863
SHA18719de38f17d8e4d73e2a5e4e867d63dd3965baa
SHA256deec787cca1b9436e080478742a0299e0db1a9712543a72d2cdc8373fc45a432
SHA512b7440cec44b71bcdbefcd878a860ee3cc0163dc0905dc688ebcbcd7c6f5cfdfc187ea0c2b6247a362ad462450c34020933df7825cf6ceaeb3138d65eb944abad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014Filesize
204KB
MD5081c4aa5292d279891a28a6520fdc047
SHA1c3dbb6c15f3555487c7b327f4f62235ddb568b84
SHA25612cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f
SHA5129a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
960B
MD5023000ea5669ef2e32b03d8f5270559e
SHA1e5e9881717b8bd22b46fd9cec578f8036c3036a5
SHA2560573fa47721827c6a8cf6238de384a1de0e13c94f88866c080e7562f20787891
SHA51219c08f3ee457721a522b46b19b20321582269bfe1ed3496a01cbb870375b206f0da57632b799337912ea5423cab54148e1c4d42b12bc05ec94859cbec1e44c10
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD598ff36ac069557c9e0f27ae1dd927ef6
SHA1ed4a6a03e11ce62b56442c5c433f9e16334ac607
SHA2567647ac27bbfd0ea847954a55a011b20a837978dd59407121b8668577d2eb27c5
SHA51254f80fbeb664e8c4a96e2b6235cdf556585fb564f8bdef1b7299b0a11f09f6dd16427435a433f2f07f1a6980e51476e05cee8e8bd805fc053ac7ee8e89cd369c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5b75f6ee347c0785fdbc8c969feaabc03
SHA1e6ee0d32ef7f827778f4eb3a1d350e7f562af834
SHA256a4d0267ee4ca9c79fc67d393740d848a9a8383b97fe0ee7672ee7e1ee34e4ea1
SHA5128ed0a6d2b61efbdbc846d6329ae128b5dd88ae392cb89dfdeb0c8494d2fbadb70f8f450583ed50f35148a279b59e9d6209fabbc4f196e778213102ca0ad4fa8b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c5151c170fa19ed54a48646271d8d65e
SHA1fbfeda261745918e298e7453caeda27e77048a7d
SHA2561f86923db96bfd80db2ded23decc5148f672c39da9194215d777c14baa1ea235
SHA512e3a373a6dd28b8e384f38e9d9cc3982ea88852e0b697bc279cb31a0c41e6f28e8ab696d6cd6b47b5d3cb7f85e4f5a91b829ecb01995d1e0da298bccd8066722e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD56730630ecd90cb97eb358f6823e3cc7f
SHA10b81a75ff5fc88c5bca78d9fbc48bf7da5251026
SHA25609ec89d2a9914e60e145f26d4531515d5b4b68455652ec98cec6f5edc4a78706
SHA5126cb9813f1c4c0189a42bab93964bc410ad06db5c3c203b2f1256ad2b653f9753b0cc97dd6e66b105835f53ab9ce49bdd09acca06eb92ffa80878165333995173
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5ecca0193b40ba3481215bf433ad0c14c
SHA1c8755c0bfdfc855d3dfcf8670f31d52bbd1c2d3a
SHA256c41da73054e6818cba734243e1139ab32f02231053b6898c704a70f2c5be4887
SHA5122c4410f8b719d5d7dbdb5df313feed1e29225a7c04add1ab1cb923f9fa0a0451f944d2a9fab6232d6ade63e5113bfaa0a3ca45efd7d405878cb2d6486091eed3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD51e83f015c59dd4e19576a744e876f53b
SHA1f5346dfe8d9a09efe1c6fa63b7ab857180f7cf9f
SHA256ed703de0244692087a3ee57534270507789446c1e160748f2b4111bcf09f5e4a
SHA512bd1dc9f3f8988c401f606c62d60ad3e7bd11e4442ce671255a9a65834ae8eb2f74b02e360a4e032b03164bb79ab03fc10db0932e70054e3a28feb7a04d852707
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dcf2.TMPFilesize
539B
MD5df7e91be125882d28901becd08b49e61
SHA15a969fc1026ea6eb829f3bea93673cc2e87f2bfd
SHA256d3b81344a53dd2e06958f6812f9bdfded61f5662c9c5d3cac0ff8e0bdc444845
SHA5128ecee83c04a32b67d62f83b3b96c00304caad5aa117d9a6f08fdc77b9083f57ad31b3c4f7ecc96468609f23b5c0d6954752e062befc3ef25d336d9348b255ecf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5b0843364b0b342678828550f1d50b797
SHA1d645f5a2f411fadefe7c4b17aa2b89a0e05b2016
SHA256721e4e6d6bf2b33d50e44f8b38b961daaffa42d8e10bd81c3417b1d6773b9bfe
SHA5122ffd3307b13661ead691f22d4400f4dc30781253c1d2cf6c502dbb53642753b6bc5aac6fdd0913a1c1d69a1cacffe943a088b84e251da69978cd7a42d17633ff
-
\??\pipe\LOCAL\crashpad_2948_NLXFQNNVYNONASXVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e