Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2024 09:08
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://707.su/987z
Resource
win10v2004-20240226-en
General
-
Target
https://707.su/987z
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2972 msedge.exe 2972 msedge.exe 4880 msedge.exe 4880 msedge.exe 2596 identity_helper.exe 2596 identity_helper.exe 3188 msedge.exe 3188 msedge.exe 3188 msedge.exe 3188 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4880 wrote to memory of 1412 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1412 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 1596 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 2972 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 2972 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe PID 4880 wrote to memory of 3664 4880 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://707.su/987z1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9ca746f8,0x7ffe9ca74708,0x7ffe9ca747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4600 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x514 0x5101⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
912B
MD5d5ff92009538c4b0001aca673b2d772d
SHA1c94041afcb83ddc362ee26d90056c5bba46d1824
SHA2566f44d52c492e2daa069571b62b53104340bccb260c6030947282d82c9a04ea6a
SHA512c103b9930067448c87a28729d45fd49d35181baf1098be4794d478280579ce5ee883f542be83df2279fc146023e3531c27a08282944b17cd579452cd50ba4671
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD563a7d1d8971ea3274a5bd9a6b4060e78
SHA1266d2a32cb6eb30222508e05370f2d6316cae59d
SHA2560ea5735030937ae745bc1295e5dfe0e22dbf8364206d938df0c8c0c063836ed5
SHA5120c22c7ef16adaa7ab4ba5668fdf43b089510db5eff13e9aa2da418ce41f23cbd2ac00f6cdf14c60a03ce4d820969f374d3f6e45f6bf3312b30efe6df54ef6af0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52cb01141ea1f2a2c02d706c6ef039c54
SHA17cb8156487b297e9eb55e6624043a92d169462ef
SHA2569deb8493a5bd5eb69033086ce1f9bf674678f1669fed5c1f590babac1466b771
SHA51228dd59bcc32cb18e60c83b11667bd51c35e41a9ee0c2f2a220e3351bafc7801784f0f8f6c9ceb167ee3b3bc87cd6e77a4ec09fdd8c1f0746c681b0989279b1f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5d313450107ac5284b87e08ba887fc291
SHA145e0e74b61d733e00b68c825533a39559fc74f5b
SHA2566b93842f902534395fb479a7581fae3f7e44f520807f815b12082de997ea2c46
SHA512b5a16758fe15ef23c244a2638a1a1391f42c9d64f28fe296c1442811107f61c9d6e3b4ce6bc9e50a4660c1d32b4181404fe553bfcb4638d35f33d3e417326af3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD58612d10cbeb889f3d6d15cc6e8bd38d9
SHA17ad0c7bdcaaf7f17128338a632710bf9c937720a
SHA256f95384f24f8f64aef82044b20ec596e36ca40ba3d310c6dd6bbc6a5ecc9dc6a5
SHA512b77a876475acfcf0f0f9f174f60263779bd72aeb16033591dcbbc2a8c840f5e5cb3db9060e404918e0fb7b28a1e2fcd1c329dc8cf7f40a6bc1d22b3fe550e510
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5fa51ddf8d498abdf2e8b1d20f1b6ee07
SHA1b39b66cda5c76115ea0054f4762d3aee2258dba6
SHA25617c717240154c23ed680c3f9d6cec0871c339f9254323fd017f545db56a52c13
SHA51215c8f440e6bc2f3461659c2dcfc78423fcc0b1f98c5d21d2eb5cb29b713a9cbb9616093e6d0ad41c1fa22f234e5f000a228d4e315dfdd510969c5fcf1eafeda6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5780b9.TMPFilesize
1KB
MD5f3e928b64d3c3e79b0e4b8295b4e45b7
SHA148f76011a453cd062aa2b7b07830d05026795aa4
SHA25698d0c28fcf6006e109557531adb4e5615b02aaeac643210115361e63a8464e5a
SHA512c92a329ec42ba72aaaa24093864da0eb55969cc88b6cde88dbb2ac6a88eb9cd5ba9788ecb51fe9e61d8891ab075ed8529e16f65c126b67af7a024c848b86d348
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD513caa065052a52376089725de4f8eda5
SHA1b8f9cecd136bb7fbd051f7e43eaf750b71bf8dee
SHA256cf9c3698d98b7c05395561a3d376303c5a7ef25c8375ec55c92ecbfa8b010ac9
SHA512709bef898ffdfa314f26f82d9431d4e6ec1eb1ce54594bc34e2bf0cf3a964ebe0525bcffa73694123d49b7a126cc05f613479de438aec373baed84d0da312af0
-
\??\pipe\LOCAL\crashpad_4880_GXTUNGSWHRHOWGEBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e