Overview
overview
6Static
static
1IGG-REDCON...02.dll
windows7-x64
1IGG-REDCON...02.dll
windows10-2004-x64
1IGG-REDCON...02.exe
windows7-x64
1IGG-REDCON...02.exe
windows10-2004-x64
1IGG-REDCON...CO.url
windows7-x64
6IGG-REDCON...CO.url
windows10-2004-x64
3IGG-REDCON...OM.url
windows7-x64
1IGG-REDCON...OM.url
windows10-2004-x64
4IGG-REDCON...ER.exe
windows7-x64
6IGG-REDCON...ER.exe
windows10-2004-x64
6IGG-REDCON...on.exe
windows7-x64
1IGG-REDCON...on.exe
windows10-2004-x64
1IGG-REDCON...mu.dll
windows7-x64
1IGG-REDCON...mu.dll
windows10-2004-x64
1IGG-REDCON...ll.dll
windows7-x64
3IGG-REDCON...ll.dll
windows10-2004-x64
3IGG-REDCON...64.dll
windows7-x64
3IGG-REDCON...64.dll
windows10-2004-x64
3IGG-REDCON...ay.dll
windows7-x64
1IGG-REDCON...ay.dll
windows10-2004-x64
3IGG-REDCON...ay.dll
windows7-x64
1IGG-REDCON...ay.dll
windows10-2004-x64
3IGG-REDCON...64.dll
windows7-x64
1IGG-REDCON...64.dll
windows10-2004-x64
1IGG-REDCON...lp.dll
windows7-x64
1IGG-REDCON...lp.dll
windows10-2004-x64
1IGG-REDCON...10.dll
windows7-x64
3IGG-REDCON...10.dll
windows10-2004-x64
3IGG-REDCON...10.dll
windows7-x64
3IGG-REDCON...10.dll
windows10-2004-x64
3Analysis
-
max time kernel
57s -
max time network
63s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
31-03-2023 23:09
Static task
static1
Behavioral task
behavioral1
Sample
IGG-REDCON.v1.3.0/CrashRpt1402.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
IGG-REDCON.v1.3.0/CrashRpt1402.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
IGG-REDCON.v1.3.0/CrashSender1402.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
IGG-REDCON.v1.3.0/CrashSender1402.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
IGG-REDCON.v1.3.0/GAMESTORRENT.CO.url
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
IGG-REDCON.v1.3.0/GAMESTORRENT.CO.url
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
IGG-REDCON.v1.3.0/IGG-GAMES.COM.url
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
IGG-REDCON.v1.3.0/IGG-GAMES.COM.url
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
IGG-REDCON.v1.3.0/LAUNCHER.exe
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
IGG-REDCON.v1.3.0/LAUNCHER.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
IGG-REDCON.v1.3.0/Redcon.exe
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
IGG-REDCON.v1.3.0/Redcon.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu.dll
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/SSEFirewall.dll
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/SSEFirewall.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/SSEFirewall64.dll
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/SSEFirewall64.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/x64/SSEOverlay.dll
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/x64/SSEOverlay.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/x86/SSEOverlay.dll
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu/Plugins/x86/SSEOverlay.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu64.dll
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
IGG-REDCON.v1.3.0/SmartSteamEmu64.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
IGG-REDCON.v1.3.0/dbghelp.dll
Resource
win7-20230220-en
Behavioral task
behavioral26
Sample
IGG-REDCON.v1.3.0/dbghelp.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral27
Sample
IGG-REDCON.v1.3.0/msvcp110.dll
Resource
win7-20230220-en
Behavioral task
behavioral28
Sample
IGG-REDCON.v1.3.0/msvcp110.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral29
Sample
IGG-REDCON.v1.3.0/msvcr110.dll
Resource
win7-20230220-en
Behavioral task
behavioral30
Sample
IGG-REDCON.v1.3.0/msvcr110.dll
Resource
win10v2004-20230220-en
General
-
Target
IGG-REDCON.v1.3.0/GAMESTORRENT.CO.url
-
Size
196B
-
MD5
22418db266e93f3d2325a86817a6fc09
-
SHA1
56fad950b78092feccde4d2d8eeed9eca7eaafca
-
SHA256
05658194e8de811116b86d073fbf95d0831f8a05b26e97908a44cad5cd8470af
-
SHA512
9bbe646d3254d769df6e53e884a0a717c8ea68e2b47ff647aa4382f66c597b22f950c1a7d2be9a2a0720506c7964eb4912f22a7c1e02ae6a48bdc13756195a33
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
msedge.exemsedge.exepid process 5076 msedge.exe 5076 msedge.exe 2940 msedge.exe 2940 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 2940 msedge.exe 2940 msedge.exe 2940 msedge.exe 2940 msedge.exe 2940 msedge.exe 2940 msedge.exe 2940 msedge.exe 2940 msedge.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
msedge.exepid process 2940 msedge.exe 2940 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
rundll32.exemsedge.exedescription pid process target process PID 1728 wrote to memory of 2940 1728 rundll32.exe msedge.exe PID 1728 wrote to memory of 2940 1728 rundll32.exe msedge.exe PID 2940 wrote to memory of 2360 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2360 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 4288 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 5076 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 5076 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe PID 2940 wrote to memory of 2272 2940 msedge.exe msedge.exe
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\IGG-REDCON.v1.3.0\GAMESTORRENT.CO.url1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gamestorrent.co/2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffee8e446f8,0x7ffee8e44708,0x7ffee8e447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,13831942824031827504,10377819921012406439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff631735460,0x7ff631735470,0x7ff6317354804⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AFilesize
893B
MD5d4ae187b4574036c2d76b6df8a8c1a30
SHA1b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA5121f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AFilesize
252B
MD5dc693caad4465f053f86566f75c961de
SHA194813438167222c823a4a290b666acc7dd608309
SHA256a7b70bc330b28fd86882eaa68432772cb3d8b863bee9aa491eefcb7635bb71f2
SHA512a7992fa5a5c5e366941871941916e5779abde7ad3879e23e7688e03b1238019d301ed6732e73b665cf101268411f51e68c18ddd329dda9c9d11d74cd71ce4bdc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.icoFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnkFilesize
2KB
MD519c9fcd046f52e646544b5b3105ab8dd
SHA173618e3854db54dced40fc58bec98a3edbe5aa5d
SHA256802e3476a2fed44649e1b835386aba7a4e36da46d7588993ef1ec0d32ef8d359
SHA512c5557f74275dd5f17c4112b2696c4e49b709f74a8172cab8091109fd16800ec662ac990c83e09aff0bdae2d8b9b56fffa885b25d36d0769b0e1246f0f636450f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD523cec2b14f68ea5fa8cfeb2490845120
SHA129116f776c525db312c25b672ed731addcfbff4f
SHA2561ca28f52c535522b881cd7ea3c48d425ce8a41c428a37cbace5d881cbf27582a
SHA5124e3566fd345c2ef9907acaed46e51919d9bc1debe5bc2866c8097e1fd93fb389602e15d74e5724f58dd1e98819d4552b8d351a00f8898a736df9b94f18adb3f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD50c93425900a3e5b0132243459c497127
SHA14a86e49c20054cd9abf2eb2d707302bf17d4f109
SHA2563f3c95073fc63527af56a279f1722215a934d88dada7ecc4e487595191dcdede
SHA512445aaa3453a2863c1189f8bd6b834132e5f2c93da3e44535f0add3e740b0a3170728579c09f35c0fe8830f944fa4c927016472e28f0b5f04ae7abdbedbef0d39
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD547e94a96372e6f095b8a3fd7edc48ec0
SHA1377b68f34e5964ca8be1b1b0c1507dd7f0e5f005
SHA25615c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e
SHA5125bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
3KB
MD5ba55c927d2ec9ec695c791fcd26d7151
SHA1481a9942a2e0c2f6f31147ad9825544901d3a71a
SHA256672dfc83a30569d15d7f920fb7789515d7d27b796f0daadc0f6d902abd99801a
SHA512c6efe7b9dee69edad34df260f164c466d9087177e6aea827323edbc2de3d02887d28da1fb312af7811e6c2b786c47748b684aaf8aa1765653bfa8899501c2811
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD56c2aabe4a5107ba979ef30d9f90609e1
SHA1553043caf8acf388a74acac1f078d68ae251c1e5
SHA256fb23d93d4777097c78525d04444a4406fb17b26fe4f7ac2cf8d60b7d2095c497
SHA512e0d30e3b6b03dde02be3c1311ab28ab4dd161441e53996fece855b1bff0b30fda3d34bfd74432f02f0e09bd1a90b50fd5d5c54d7aeff5bfc17fcfc6fb802461a
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
3KB
MD5bf82d36c3841aaf1976a75579138cf81
SHA1d7b0111d93cd8e0d3dba9e5b5bf3c34bab09f3a6
SHA25611485e85b714f75ffcc94f829caff177d7fd4458b5d729139c1d1946a6a2fd55
SHA5120e0274105443947cd91436feafc6d774200adabc99a8070a5ca601cf89f17cb82e329fe60af9ba69e986ec6191877cd35b2f7b54514bb09ad3656e547196cc8c
-
\??\pipe\LOCAL\crashpad_2940_ZNOQOEPHNZSYHVOQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e