Analysis
-
max time kernel
145s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
28-04-2024 10:16
Static task
static1
General
-
Target
2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe
-
Size
6.8MB
-
MD5
c31297188ec9fbaa60449f769339963e
-
SHA1
8502d9e0cef18137529f0a46ad6e69a1577e6cae
-
SHA256
2e2eff110475dd3dfd732ab514e4692032e67b2d228d0081634a87f45cde5ff9
-
SHA512
9525e3e08b953fe36270c7b4868959e9bded055c5577e5ca94d79606b671e6660d180f763b54a276bf356e82d7073901c373e0b40cfca924cc4b38384c20e22a
-
SSDEEP
98304:R6DR4dluF+W6hP9vBLhuWF5DWLiiyru97:gDR4dlzh1/TWL5yW
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\ca33b3f7-6770-48b0-a459-8928d2a57b7c.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20240428101708.pma setup.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4452 msedge.exe 4452 msedge.exe 1244 msedge.exe 1244 msedge.exe 3604 identity_helper.exe 3604 identity_helper.exe 4280 msedge.exe 4280 msedge.exe 4280 msedge.exe 4280 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe 1244 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exemsedge.exedescription pid process target process PID 728 wrote to memory of 3840 728 2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe 2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe PID 728 wrote to memory of 3840 728 2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe 2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe PID 728 wrote to memory of 1244 728 2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe msedge.exe PID 728 wrote to memory of 1244 728 2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe msedge.exe PID 1244 wrote to memory of 464 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 464 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 3212 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 4452 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 4452 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe PID 1244 wrote to memory of 388 1244 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exeC:\Users\Admin\AppData\Local\Temp\2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.91 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\2024-04-28_c31297188ec9fbaa60449f769339963e_ryuk.exe --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.67 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff7feb388c0,0x7ff7feb388cc,0x7ff7feb388d82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-first-run2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea93746f8,0x7ffea9374708,0x7ffea93747183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff67a535460,0x7ff67a535470,0x7ff67a5354804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,16828025128163140468,11773263617536300229,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54880096880b1f0434582d6222f6d8a85
SHA1d6a05587f3a788f2ed886701219058e59c8703a0
SHA2567c29ff4214c40ae73d6cf1433498806ab3fd0260cb261385ba16d4e1a0bb43ef
SHA51253ade178f5abe25af3976f6c17c4cdead2347e663407c7327e1ccdcb718a4662b1c40c96758f84bdf865fde15ff9b5c24cc4a83199e6035644e57d3318938a5a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
280B
MD51cfd1ca79fd1548818005ba18fdac227
SHA14e59aa18e541c586d7925d3053a4194158960af9
SHA256793340716c117d57f0bfa69817fba2a3ec1cac948e08215d77696268ec37d6f1
SHA5123f2a4413554bcc74a2af7f1dff338d76021241a4af5e49ab83d1eef457c84f15b03b0a721d5cdb008b52e1847255b119c486da444abc29374fb034eb14d33525
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
280B
MD51d5f0f39d2570f66ad817f241f466132
SHA14c1f46009869b82c5c1f0e936b3ce80fecdf0e94
SHA2569874d200a801357910ef4568ab2d11dcface4f37f147770802dd4703da5c61d6
SHA512209b831bad032859a1e7e229398ea6307e6fc712857a1d0a71218fc66462b94554ff1cf8beddd89b0e65a582005e1ee64b051db8e5c7c2d4f50546e57a79781c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55c35d2c264335f4a369c601807785d74
SHA1317feb460bcc70c63a9d72505c6ac6ebcf5e529a
SHA25628096f7703d0f10cfc01000e94eaca4cf537a308a1d340ad49c25b8133b169c2
SHA512684e085629fa6129027a7836f3881b039236d170e4cb549f7e59593928557e0cc3c2d287d6312809fae062dbd1a282c3fb6c2b8c463e34ee927d7a27643d55e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5cfc5eb6ab3acb7ef4a0ce6ce86032fb5
SHA1b1358e94f4820e267dfc4f398904ff5614f49853
SHA256d66c9bfeeab6ba9244f587f1420a52b1909f90271bb5541f31d8fd9af67e740e
SHA51278b81091c52aef93c1cb0bcaaa912e0a731df6e47f93d12c428cfde95d5bb47c2f988f2c20355531ace52a9322809bae27dd976ae63bfb40aaab8d4a65be2406
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58e2a8097697db11c32adbae4e2efb370
SHA150c1a290546e75669196cef45993499595d7ac2b
SHA256a663834cc19f19caa6e9136f80e3422b3c3a02960d61eae099e1228be7ac9cf1
SHA5127d5af42e73fe1180952af6ff8df155a576172efea0dba25e1ea7a67cb073b1c1bdae23e224dada1910cb44b23dc034e3b24e56352d0586cff245487c81fe5f5f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD5736512a8b4c64c305bee9421a2ca1a1c
SHA1386bd60ca7bfe38d8b160e88244b938256615684
SHA2560ff3a6493fa73a6e4b5b0caab5b5ee57d706ce2e8c32b0cc96b9480549549049
SHA512532deca5a0dc69955c6b444ff06a2f22c8b5d83d91cf3a081d4d67e08be483e23c9c714f662b8dc9dbf58edc52f44c987ca398dec1041c58d04506ab9b4cc221
-
C:\Users\Admin\AppData\Local\Temp\msedge_installer.logFilesize
4KB
MD50631c6b55b5cd12be264a74ec8912986
SHA160acceb7c047129dec404c734f96b62a1e935c84
SHA25605b10f9674a9f1bb7eeb4aaf1de8bd6693049b605637d018a6b898006150502d
SHA512cbca5d0467bb837a1941f927ab8ba7d97bfba1f04a7e5a9ab915035ac0ffbc21d8ce42d049b2feb791df7ab9d2dcd137a09f23ec499d45968fcd23f1b4b38f48
-
\??\pipe\LOCAL\crashpad_1244_VFDDPDJTGYJCYEKFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e