Analysis
-
max time kernel
147s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-02-2024 20:31
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2376 msedge.exe 2376 msedge.exe 2748 msedge.exe 2748 msedge.exe 2204 identity_helper.exe 2204 identity_helper.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe 2748 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2748 wrote to memory of 1684 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 1684 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 4576 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 2376 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 2376 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe PID 2748 wrote to memory of 3152 2748 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:8944751c-2c54-433d-b511-5edfcd52b01a1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85af846f8,0x7ff85af84708,0x7ff85af847182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,9897513197510759222,3193549949639426921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1008B
MD530de57b7ac5e468187d0e858cd52abaf
SHA14f4e599c4e3ee6709fa9ccd95e9e6063639eae48
SHA256de262fba686f198b7e60728789c2eb4af7bd2712f37f54102be6a700134551ba
SHA512779fcd781651f33018923c3327fab677269c2b7221665c86c44c9d8daac31f8eaee6111ac23d7920b4dfc2886e8d4924d53c3e86741203cf7966addedbfad6e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5e5d4b3c102b6c946f0e5d4aa39234bfe
SHA1032e87f540e86bec3c85d22bfe6678278e67fdeb
SHA2566f5b557f11948d75d757691d9d34d68b762675e0f9e5034b7e7de69ccfae3f97
SHA5125da595fc76d9557c76031c9c7890e324f8de461fead3d5078c116aff49ad54f72e816f6012a88d4c66a12d5b224c8edd5ae0aa480096c6f93c3421208f9313a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD57e232893da8fdc7aebe176494fa4fcdf
SHA1af9487d76ddca97dd1aaef625f32328b3a369f15
SHA256a3eeb4bc0d2c24f181ad3a115463e12b8afd2418766451931e827cf2ba6e3cce
SHA512f031f906daaefe368f5e92c4ebbd3803426957b5bd7af27d81ddeb1e0ee4bdbc9f4297f3a4b8b11fc0ba0397740a0ed2d8b7f08983e9027902b1954a94f32f32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ffd5b875cbbe45e237f39dacd9044a9c
SHA1bff962193a06d058e21d5de9a1ab21cb3e33d326
SHA256f6e6d69232ee3f7c67fd1cde7dc820fd911203679649f2b40cbe23a91cd118f9
SHA5127140872c53d275f85e736cbeee4fe5a97e81c673e7428dce52c81bda7c6011349eacffeaf8b60eb8f696f01c4f780310132f81451f07223281559e7035cbeb38
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD51666feeb7a23352aa50cf8aa8c6243e1
SHA1fb6bb5f9186e26106aad129ad13e12b86c335af4
SHA2563bf0b0b98b99084f4d217e26baa908e11c6f86418d46ae2853281c515ecd1249
SHA512c6f836927586ac9494d1e7b035e7f99e55e79ba81104501b55ae8602383199d5a1b5c7a043116cbb492f1d58a2e1d751f2f1424e79b91872d2f56090eb030017
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD596f5fff5fb3405c311a0636df38bc0fd
SHA1bef8c6e35fb3e435b0569e955ce36fc1c02827a6
SHA2566ad8584c7e0431504d9dad90335468420a47a57da1bbc2c2a52ecb1834a3080a
SHA51210120c64c9531257ca13205f1e91f0079b7a48441b4c6bf08e766a8079f2095741da7eee45a38d1e8482ba0749d2b947dae742c77a9150eeacd5cf93466a9174
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD57067f1ba3456e4aa8f06516eb8f71ebb
SHA1c963b085135661fd27c344e3ccae00d8880db78b
SHA25685b20afcfdf527f0418f1cb8bfa8eac82e29a195ec62a436861f29ecd665c0b5
SHA512e3affa641818fc59a774144ed7298f734e7c671231aaefb8e09c079d42e34379678a40cc2fd65bbba51354851f2cc9b840323a45121e4769edccc2c037f70074
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD55adcf2da6a5119877d52a17916e89533
SHA19743b7785f9bcd6502c686639efb023877795bd1
SHA256d36b7873dfa0e8cebda5d66a766580f8a18fe82649c3d0bf5de9bd69ac58f344
SHA512c9f57b07df33272188de1d10c87e562b248606df158888ec99ba07dbb0ca8f0aaafc73ab66f77655eeda58391330e96808d5b9bb833e954643262a60d873f353
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d486.TMPFilesize
1KB
MD55493d4b2402899225090c6bb90c019c4
SHA13003af94f5643f588079436a3b7527b3aa13e549
SHA2569150f142a124a6787df0d86252837ae9b24e02d9ba051ca51b27f340b9a06971
SHA5127edc1ddd3e084c6b9c3bbb18fa151e71330f64e949cabe4a70fc305329ece1a37bc7f95202964420db2cb6897d081585579b0d604f992ef57461ea71d42dea8c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5802445e6c9880296dec4ef0593bfcbbc
SHA187cfc33b0b44a53749f2db54d0f6e312c356daf1
SHA256fbdc997fe64df798ef3220093aaf9bdb0e61449611466ee80435ebad4cdb3ab4
SHA512869fa122da9965cf7bde2832bd53765ba91d5e6b5364560a50b4ed62e1f757d0c6441ff52636b5002c3815f9530a6a2a7e7ffdf1c3901cb6e33490507bc75222
-
\??\pipe\LOCAL\crashpad_2748_SNTOZKXYNJEEITCSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e