Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
22-02-2024 11:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://envs.sh/QVQ
Resource
win10v2004-20240221-en
General
-
Target
https://envs.sh/QVQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1414748551-1520717498-2956787782-1000\{63C642FC-7300-4E45-B0CB-E630499A2122} msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 4704 msedge.exe 4704 msedge.exe 112 msedge.exe 112 msedge.exe 2788 msedge.exe 2788 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
Processes:
msedge.exepid process 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe 112 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 112 wrote to memory of 4088 112 msedge.exe msedge.exe PID 112 wrote to memory of 4088 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 3148 112 msedge.exe msedge.exe PID 112 wrote to memory of 4704 112 msedge.exe msedge.exe PID 112 wrote to memory of 4704 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe PID 112 wrote to memory of 1436 112 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://envs.sh/QVQ1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8768f46f8,0x7ff8768f4708,0x7ff8768f47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5816 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5444 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51f6d41bf10dc1ec1ca4e14d350bbc0b1
SHA17a62b23dc3c19e16930b5108d209c4ec937d7dfb
SHA25635947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770
SHA512046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54254f7a8438af12de575e00b22651d6c
SHA1a3c7bde09221129451a7bb42c1707f64b178e573
SHA2567f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b
SHA512e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017Filesize
64KB
MD5b5fe8b81feb1bcf925c614346c2b8823
SHA1cb8d75d266ebe3edead777a6a44ea147f0617e06
SHA25642fdfd4dbf6e5b5c3fc118c0fb0d3cfc378d49dbdffa9ad16bcc29633977a4ed
SHA5121e8de1b176d72fd0091417e7592fd287f3810e1d1d1abec5105be1b6c6021b0834952c6ebaeb2331fe57ba25eed416e506837c9fd45f57188ffc9df7c172f7c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD565775449aa54bfb16d63234c58f4f01c
SHA137307365fd47ec8d46ee4d3db6e71d82bab1eeee
SHA2560734ac0469f11eaa6609507fd057cadf4fd69af7690dce62ed17c795d9d9fc98
SHA512b928c8e6434a5edf984b5e8badbfd138e296eeed65204d6dd9f4e0302886f678d6ac83c329589949d825a147a4fe34bc232a452aa53b648094f73707c06a5eea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e65182a802e1f1de301d2358ea394f44
SHA18e12cd46c1afc7c52e57727f36bf64f951d1b9ca
SHA256dae8b99398f77317c5a3dead666d1b37b6a56232d16bc4461cfcc8b744b79eb8
SHA5126a366b8a819b53fb1b9cadcf099af3d182dc88dac584b0ffc1c7c1e5a6609dfd06c4103897cc93130bd8bc0ad146d5224983ec5b1f21f026e0fa1e53bf5c9273
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5c5e9837e9af2d479ffccdd11305b8c7a
SHA1b15881e3ef4ebb7ca71e666847da6b181560fb31
SHA2567797ed0644df784eba006240cad266b32f7a3d6bac64b2ef41b31c7604132391
SHA51229051247957497fcfebfb0cb85d5f12c209e2e9a9b0c2eeeb5075e89c0f7716ab361e98a9c6b42cbc120d8cd994bcf803e49ed8c1e98a52162a07bf00ec29f75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5afce5ffd05dbb0f6118503c2a64b095c
SHA1d283c54c66f0cb4aa1ca493ef31a6484af396d41
SHA25646418c6a29b213c70f4b741161fd1e6d6cdc09ca9512b89cd1b1eca9b2ce8d63
SHA5124a3402588eee7e7a53399390423664baa674b3b896ea20c9b789295488f31165b617d6787be85852acca01b1cc2c5704e3d81ac0fa46ba55c1a6ba344a2c1b6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5c3a9a4e06b053b384dc397261bcef877
SHA18339596ff065a47a36c61de33329b49814970dd7
SHA256bd16eedb587657322b12ba1a6dc5ad6ef0ffdb97fbf1a0ebc77910cf346247f2
SHA51201381d0593eaa0abb90570b6bad73090bf1e1d000fa9aaeb282d83aaaa6e896a1196f9d44d2760af5f26354b7c1d418cf75f98c0ef940eaf5aaa22f7c2ee68de
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea31.TMPFilesize
539B
MD59f79a1bdbc257c7f5307be6362e4cb28
SHA1081eec12cbce6c6b4dc02e858acd2d9c80eb5d57
SHA256d38c964385de3b66eed6d4bfa9dfc4c02b87be6fe78438bb4b76bc2ef2bf230a
SHA5123351e0937eb776baebfb18e7ec8be62945f914f4e2ab8bd8d55355ef31fd72c2ca06d821d17eaee59161e861e72fc1eb21f9bd7eba3f1862df9c3a5212b7f76c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5723d400a1878ff9c7404f6f759b1726e
SHA17f4a205b79d0777c36de71047da343f37772819d
SHA2567878ba590b5ef6c6f520daf249e329c77f1611b3dfb16c3f4add21f48a1eda50
SHA512d26e3cf718b83087a5326afec4f308165cd5a413374726e01989c1b1538e8b769a23aff8420005b654212a559bf524b65c7d9ef8867cc557f36ab94dff63b7dc
-
\??\pipe\LOCAL\crashpad_112_ACSNOQRCJXLFWCWGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e