Analysis
-
max time kernel
241s -
max time network
289s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
17-08-2023 14:59
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://apo.cuona.io/
Resource
win10v2004-20230703-en
General
-
Target
https://apo.cuona.io/
Malware Config
Signatures
-
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1043950675-1972537973-2972532878-1000\{9EFD04F0-429F-46CC-BB47-F48464F49223} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 524 msedge.exe 524 msedge.exe 3840 msedge.exe 3840 msedge.exe 1760 identity_helper.exe 1760 identity_helper.exe 1504 msedge.exe 1504 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
Processes:
msedge.exepid process 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe 524 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 524 wrote to memory of 3060 524 msedge.exe msedge.exe PID 524 wrote to memory of 3060 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 704 524 msedge.exe msedge.exe PID 524 wrote to memory of 3840 524 msedge.exe msedge.exe PID 524 wrote to memory of 3840 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe PID 524 wrote to memory of 572 524 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apo.cuona.io/1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc65e246f8,0x7ffc65e24708,0x7ffc65e247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3448 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5324 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a7ad9bb1054aa03e39b3554833d0c3ec
SHA1cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9
SHA2560c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189
SHA512d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5e523d374bba411cc5316a366dd287b2a
SHA159e4d09929e6ecd5989c52df9a62072b61685db9
SHA2560820aa877a2a3d22cbb9e4effdd82852711486fe835270e8d0aedc3e28d53678
SHA5122bfcec76b8c124e366eda9018552159914bd593a53b0abf2a9b7b62ee6490bb8b44bdbebf0cfc01988c2766bdd8bfb01539d3fe50f82603abb52f4db56eb8c0f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
626B
MD5f176187c20808a2f8ca1e9145f5f5fe0
SHA1fb9ccc31bc18bf4ea992dd681fa49de8fac7c5e1
SHA25669d68ab212ba3495308b42f599d84e133aa9982350dcbddaf590e255ee70be71
SHA5125eb041d43ea4da8cfd80b31fd6d13536b2e929cd8e41faf70a3ce355ec69a01e74002734df1e0c9bddf2163e2b0a757e4f3cf891c4068fe6f99c36f65be33788
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5560c8a4526809bc96f58f612857d4606
SHA139c7755d0fa03be7b83af501f2adf9a9e96a184a
SHA2565fa452bce2df0ddfe7933f92b526d3f7be9754b2614f274bcbb615c82a0ff38f
SHA512c1812ee09959fdf511a4ecc8c2f3f1401bf51c509cd10a2f0568b0f83ebf50419c37dd467aa7dd251d79eab896f523ccbc26d4402207781d2d614526c32871f7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD561d22d50f11f0a5b54bcbaa4191f96b4
SHA1b175e95e7cd2a7222e2bd4e582d6bd17aab596dd
SHA256a5f8a6a6bd8c6d83ee31721ee4858f826eaab03ec8e4e88d0e61c0f67dd68afe
SHA51228c2478038b1df37133009e54f5022c013532d627befbe50ce0c5f8a941aa20894f8f1827047bac9d1a5b434bcc6946858e5ff55ca2fd9358f21974608a4b567
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD57bfc311fd9f36641b0ec6247d45e3c39
SHA173cf4113f0f0e5f1f006dbd8a0c8e0be48220170
SHA256695d169681af4ec3e2206ae0a99b79c3c1a6cc7211bc25af603d229774d99c41
SHA512e7c8a38f3f4fa535a10f12a4bfe3bf733212d635c7a493bfb9d087e33802c2a63c1591fe5cffffa832b3a20a773fd414e6497893d1d350fee4ed190d2f8bc1d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD58705cf81a3d85da2e1e49e120fc58241
SHA169592408336cebea42159213886ffe254b7ef0fa
SHA256359eed9a40316a5b49285698033a7bf5e84938ea7f92fc9e1d993c51f3469f93
SHA512ce32237182b0d2dc954355abb094e7a9ca19a0ce953b988fa3541feffaa2911383a219a88e5de12dac9d31f6a2bad59c9336f929c86f5d60c7eb0c3db48ceaeb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD5e62cc4051e1f8eaa0abda5d730a2496b
SHA1d15346e40b196bc313cbfe5ac96b3c90b83345be
SHA256ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb
SHA5123e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD56cf2f6268bfe88b6c47b5110af2c525d
SHA1395324e4decf75f907a5c1b6ef492d879a43e025
SHA256f5842730f6a7cc4a1a355988423c2bf933bf5b00d6bed53c008d6832ff3b22cc
SHA51210aebb9a1664bee88e5890d67bec649c33c0a5a72f3eb3e0d2aff3289bdd7b3135033d72cb8de394ae55d7f46bfb8fa5a225c847693e97b9d2bfdf3911893cd7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5d9fe3700a8f1cd263979c31a2da1fa18
SHA11ebb33549a3aad009a1687bc51d4a52e9a991421
SHA2564f35262b35aa3ac89d0525daf1f3a6fde365cd79c15c29d5d4b71350abb0074b
SHA5126f4628757d9c443222df32eddbc865a8296cda584c4a14b5ea5ff5ab9b677e8e87f847b8223cce1c567c243dba8539b81d0a98e9eaedb4c5e53f9cd6de461064
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_524_WIZTWAQEEQHPGZTJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e