Analysis
-
max time kernel
112s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2024 04:19
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gift-catch.com/gift/activation/id=9561943697
Resource
win10v2004-20240226-en
General
-
Target
https://gift-catch.com/gift/activation/id=9561943697
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{6880F988-9222-4535-9CFA-8F8DC29A5169} msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2008 msedge.exe 2008 msedge.exe 2244 msedge.exe 2244 msedge.exe 4296 identity_helper.exe 4296 identity_helper.exe 4000 msedge.exe 4000 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
Processes:
msedge.exepid process 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
Processes:
msedge.exepid process 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
Processes:
msedge.exepid process 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe 2244 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2244 wrote to memory of 2132 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 2132 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 1768 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 2008 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 2008 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe PID 2244 wrote to memory of 4648 2244 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gift-catch.com/gift/activation/id=95619436971⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7d9946f8,0x7fff7d994708,0x7fff7d9947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5788 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3364 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4712 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5572 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1349308716191729796,7403732621363320802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59ffb5f81e8eccd0963c46cbfea1abc20
SHA1a02a610afd3543de215565bc488a4343bb5c1a59
SHA2563a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA5122d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5e1b45169ebca0dceadb0f45697799d62
SHA1803604277318898e6f5c6fb92270ca83b5609cd5
SHA2564c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002Filesize
28KB
MD538a35c7070979fb4c845de40cada43c5
SHA1b0f804f348b746449e6589b92dff685509737dad
SHA256fcff4301dc083af2be2b990bb6485e9e06ce9d2b373a7acf8a74f61ea69d861a
SHA512e7e5b167fa9187ea785be311f43e15f33d51c20e9d07e1e15e3a761a7b6a857b2ad270e3f0e6cb0d85327bc0aa3454646a2b5e040b30edede216e57cc113f089
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018Filesize
37KB
MD5231913fdebabcbe65f4b0052372bde56
SHA1553909d080e4f210b64dc73292f3a111d5a0781f
SHA2569f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA5127b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD5a187c396547c8128e0210dbeea653ebe
SHA1e22f1cadb3c7afa35041e44be1818964a1bca530
SHA2564840c1c4a760e65aa16c69b730c27e63526f3be5ee0e6af7957aa0b37c03365b
SHA512b04240ed3156c3d808cdecd7b240bba8d317b59d9029ba3f7a9755fcf1b4c5748b63353dd8d948e5d0de597483181c7414ef88bcf7afda712e8fe284d1515466
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
969B
MD56ce89c7fe68812d9404ac858a291e949
SHA14761eed4c050bbfcb8df3a7a102538f3c65bd829
SHA2560dceafba58e74204a92fa96aabe7454dbb3d17de87cec5289d495a4e8a00d2d5
SHA512bb3e36e270c1846dcf609c81921c0f19dd39678d6a387b528224d3d8546ea3b8142bd0c45b8ae06b23c2d9131cc71f1ecee99e9b6dae63006e237e12601a9830
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a7ed62b03e9bc51ec051d7a0a13f828a
SHA177b7f3c0366c3e995107161e5d48139ca1a7d9e7
SHA256ac495e7aa1ab74266af250288d0bd0067d99457b11a5f37eeec5bce686be7a95
SHA5120eee5032536538995d92c4b6a8409882f62de029a9bf73038eab0dada036a565d86de6c6866f666d3a6d87d7c38ad89e4a9c472fb3d7c463c4162b96b8aa48a9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD557f78f979cdc9ba56228f4cfd02c3737
SHA11161b52326e9da68089f68070039108ddefa2b24
SHA256eb40bdbe2910de17d9574a482b1c9e93e85b258604d48b61076f57b49438ffac
SHA512247644b7c186f117b2a62aa5d63863f394ab865ceb40969883068e4c30e8d03f7eed06d4f4c1f149e4ab2672899e8495f38e8378c362b3b1bdb1438ae312e3c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5433347577461e38e0188c799d7376665
SHA1d86bed32ac068afb2cb2135fff7e171b66c26d50
SHA256093c10164722dfaacc3cb26d95eadacad44a54453f7683987b127ee5cd5d2527
SHA51285de939b72ea7e719abb3cb3588f99145dad3b921c7785343811983883fde8d6d98fc59ddfe6a99da0de2449a1b877bfc5f8446c4c563255557c7b4873aeec2c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d4f063ff3c11073916e523ffb569dd46
SHA147781503c56e1357cc3c4ce5847881fbf0fdc0ab
SHA2563d498ddc619703b11e76f6b49d6af9ea63534c5f547151c777e6a6867d8db725
SHA512fb7a3ca09df1fc9757c06b8f5ddfc408426c17d54dcdf8ed2cbb6a91409ad781dd762de38e650a6aedf4d5f5048fb56f61164f99f67e79487236c33243f4f6c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD530676683614524f3b4a27024e2228a71
SHA117c92a6dd39e07bb14bd5d05b5e1e49183d394c0
SHA2562ae566ffe0ec2c08261537191e456f3c41f7776a63c57af11a7181ac3b5b0843
SHA512d0a178b43854cfb27e325e0cc27c9de03931d2490ca9633b558cf236bbb2deddfdacd14ee2e8626bb5922c51d841da5eec192f47becdaf727123aa32d2299ab7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD546ff6e47b3123f77d1ba45dd90fe5f61
SHA1598e6f5a00c1921035f76eb99aa0e2109f16a500
SHA2561a0fd5bebe183cccd0235d4bda286618fad41c6f405309d2ba626e45fc84c58d
SHA512ce36b3c038fb6feca6159217c8c4f19a2e7662d19d5e9a8eda3366e46ff03f181f88fe9556fee3c21ad6e0fc26a6434cc547dcaada2cc78e362ddc8b19daca68
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
873B
MD5ed424b14a5eb0f2df578dd0b8e6ea0c3
SHA11cfb43cebd10663819e6c44a46705b6ffe0abcaf
SHA256e220aea47aa5f64be5bd130eb3642be4873126897695493b682661d1665f3c7a
SHA51231b9a4ecca620037916769ec013cfcd44d249af1e713075a3cc37a9983ab7115c0b3c44333f3c46043a6bb8da7720bc188674e4e11ed209cf3608a3e1c85e0e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a5b1.TMPFilesize
371B
MD57613b1c751d3b03f667b9758696679b8
SHA1c32d0b6974450dd6b5b18ac4ef6713b99700f185
SHA25641db85f3246cbcf506d3a0ee5ae3d906feac6101138003ae8b3b97b73bedcd5e
SHA5121b6341a6b1f0539f53e48857efe6e09da642f4391a126b444638ab43d13b562bbc4cffaee923e77aca12a60b1b4e4831ce6aa136d7ed31100b1a2dd2e36ca249
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD554ab7b50be60bedf23884a4e22da17a9
SHA1ee966aeb09112d254ee20e0e8aabf02d270e682d
SHA256887304698fb44ecac59e2ed94ea3bed6c014de9d97b3f7cd35015b3b39848d7f
SHA51214b0c8e674dfdf12bc3fd5a6c99f028cb05ced0494dbdae3c8d266c9756765ba155a016e5402fef0bda20eab75ed618a50cea8ea4657b1c733592e044068d7b6
-
\??\pipe\LOCAL\crashpad_2244_AQBUKOXWDRVGAHAEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e