Analysis
-
max time kernel
968s -
max time network
972s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
13-05-2023 22:23
Static task
static1
Behavioral task
behavioral1
Sample
Full version 2.0.rar
Resource
win10v2004-20230220-en
General
-
Target
Full version 2.0.rar
-
Size
33.4MB
-
MD5
d27309da2d9955e35ed8857c4e1c3811
-
SHA1
c401881293f9f490a015a6abe5fa241f3b24bfd9
-
SHA256
2361f90ff27aa1f3eda6031ab6aa2860bae6bceab468d6ff222d0f1e8bd6c5ab
-
SHA512
d77871306ff7226234e9dc83156730705e8c0f733fe3262ca0b762b81af7981fea1639e893feb88ae407967d57c1b850951b11bc94f3aaa20bf7670d5a61c709
-
SSDEEP
786432:hVBJyDMIzgBxGFgVbn0cgzZ1qas1SH3mBL4cW9XP5voU6+h8C:h3JyAbBxsgFn0cgzZ1XHN9hDh8C
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
Processes:
mmc.exedescription ioc process File opened for modification C:\Windows\system32\devmgmt.msc mmc.exe File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF mmc.exe -
Drops file in Windows directory 58 IoCs
Processes:
mmc.exedescription ioc process File created C:\Windows\INF\wsdprint.PNF mmc.exe File created C:\Windows\INF\xusb22.PNF mmc.exe File created C:\Windows\INF\c_ucm.PNF mmc.exe File created C:\Windows\INF\c_fssystemrecovery.PNF mmc.exe File created C:\Windows\INF\c_smrdisk.PNF mmc.exe File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF mmc.exe File created C:\Windows\INF\c_fsencryption.PNF mmc.exe File created C:\Windows\INF\c_fsactivitymonitor.PNF mmc.exe File created C:\Windows\INF\oposdrv.PNF mmc.exe File created C:\Windows\INF\c_fssecurityenhancer.PNF mmc.exe File created C:\Windows\INF\c_fsvirtualization.PNF mmc.exe File created C:\Windows\INF\c_fsundelete.PNF mmc.exe File opened for modification C:\Windows\INF\setupapi.dev.log mmc.exe File created C:\Windows\INF\c_linedisplay.PNF mmc.exe File created C:\Windows\INF\rdcameradriver.PNF mmc.exe File created C:\Windows\INF\c_scmvolume.PNF mmc.exe File created C:\Windows\INF\c_volume.PNF mmc.exe File created C:\Windows\INF\rawsilo.PNF mmc.exe File created C:\Windows\INF\c_sslaccel.PNF mmc.exe File created C:\Windows\INF\c_apo.PNF mmc.exe File created C:\Windows\INF\c_mcx.PNF mmc.exe File created C:\Windows\INF\c_diskdrive.PNF mmc.exe File created C:\Windows\INF\c_fssystem.PNF mmc.exe File created C:\Windows\INF\digitalmediadevice.PNF mmc.exe File created C:\Windows\INF\c_media.PNF mmc.exe File created C:\Windows\INF\c_netdriver.PNF mmc.exe File created C:\Windows\INF\c_fscopyprotection.PNF mmc.exe File created C:\Windows\INF\c_barcodescanner.PNF mmc.exe File created C:\Windows\INF\c_fscfsmetadataserver.PNF mmc.exe File created C:\Windows\INF\c_fscontentscreener.PNF mmc.exe File created C:\Windows\INF\c_fsreplication.PNF mmc.exe File created C:\Windows\INF\c_fsquotamgmt.PNF mmc.exe File created C:\Windows\INF\c_fsantivirus.PNF mmc.exe File created C:\Windows\INF\c_receiptprinter.PNF mmc.exe File created C:\Windows\INF\c_extension.PNF mmc.exe File created C:\Windows\INF\c_fsopenfilebackup.PNF mmc.exe File created C:\Windows\INF\dc1-controller.PNF mmc.exe File created C:\Windows\INF\remoteposdrv.PNF mmc.exe File created C:\Windows\INF\c_monitor.PNF mmc.exe File created C:\Windows\INF\c_processor.PNF mmc.exe File created C:\Windows\INF\ts_generic.PNF mmc.exe File created C:\Windows\INF\PerceptionSimulationSixDof.PNF mmc.exe File created C:\Windows\INF\miradisp.PNF mmc.exe File created C:\Windows\INF\c_fsinfrastructure.PNF mmc.exe File created C:\Windows\INF\c_fscontinuousbackup.PNF mmc.exe File created C:\Windows\INF\c_cashdrawer.PNF mmc.exe File created C:\Windows\INF\c_fshsm.PNF mmc.exe File created C:\Windows\INF\c_fscompression.PNF mmc.exe File created C:\Windows\INF\c_holographic.PNF mmc.exe File created C:\Windows\INF\c_camera.PNF mmc.exe File created C:\Windows\INF\c_computeaccelerator.PNF mmc.exe File created C:\Windows\INF\c_display.PNF mmc.exe File created C:\Windows\INF\c_scmdisk.PNF mmc.exe File created C:\Windows\INF\c_smrvolume.PNF mmc.exe File created C:\Windows\INF\c_proximity.PNF mmc.exe File created C:\Windows\INF\c_swcomponent.PNF mmc.exe File created C:\Windows\INF\c_magneticstripereader.PNF mmc.exe File created C:\Windows\INF\c_firmware.PNF mmc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 20 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
mmc.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName mmc.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 3 IoCs
Processes:
cmd.exeOpenWith.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
msedge.exepid process 952 msedge.exe 952 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
mmc.exepid process 708 mmc.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
mmc.exedescription pid process Token: 33 708 mmc.exe Token: SeIncBasePriorityPrivilege 708 mmc.exe Token: 33 708 mmc.exe Token: SeIncBasePriorityPrivilege 708 mmc.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
msedge.exepid process 4736 msedge.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
OpenWith.exemmc.exepid process 1228 OpenWith.exe 708 mmc.exe 708 mmc.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4736 wrote to memory of 1936 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 1936 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 3300 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 952 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 952 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe PID 4736 wrote to memory of 4540 4736 msedge.exe msedge.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Full version 2.0.rar"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1d21a508hc82fh4089habache33d154b025c1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9af8946f8,0x7ff9af894708,0x7ff9af8947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2161296131763939843,16106599361043892722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2161296131763939843,16106599361043892722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2161296131763939843,16106599361043892722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" display.dll,ShowAdapterSettings 01⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD50820611471c1bb55fa7be7430c7c6329
SHA15ce7a9712722684223aced2522764c1e3a43fbb9
SHA256f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75
SHA51277ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.icoFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnkFilesize
2KB
MD5fea5d470d11a210e1fbb9a25aa38265e
SHA1b96f8777b305d9ef56f08fa31e7451b852cbb579
SHA256672f8fbed7e6547d4e9531904a4347b934eede50f3ef41705f45750164c7477c
SHA512e0dcf7aefd74ebdad9a1de345f7c81fbc94398b8a95de60830cc13f9e3dc746af85af383deb2d75fb77dfdcc5cd926c374d42a2b1d2d383e730cc6427cd20f52
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
3KB
MD52f97ee3de9fd02642ce964911aff6b78
SHA12da24871223ae7ab9e03889a9790bf163c92eb5b
SHA256dd5df9d845951e918e014e65bf509bf54bae625c1e9f4c932d832fed77d5d693
SHA512606dd6fb364cad7fe101dd07dfd1c67a757a8d1b61d1e50c2840e1cf58a56f3ecf281adc0c33eec9fc0ea70daad02c9f740dcf4b4a27b77de25450e7d42e6e2f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
3KB
MD5f7df0835c6b25cd8495b83d7a001db6e
SHA1e1150468669eac29d1913df087f2ad3d1644dce6
SHA2564da8184ee49cc2ea2bfdccd24d25535b7d219c834b5f93b3a80515aa681f5631
SHA51269ee9d65e233a763473041bb782d14621e1850076d7f67154f2f5b5c3890ace5efe29ac0ea89dfa795adeeddf2b9cf00986c10a370fb1f47b98ba15d4a27a85b
-
\??\pipe\LOCAL\crashpad_4736_RYIPIKMOYUAIIJSMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e