Analysis
-
max time kernel
99s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10-03-2024 10:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://qptr.ru/tTzY
Resource
win10v2004-20240226-en
General
-
Target
http://qptr.ru/tTzY
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 1712 msedge.exe 1712 msedge.exe 3828 msedge.exe 3828 msedge.exe 3176 identity_helper.exe 3176 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
Processes:
msedge.exepid process 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3828 wrote to memory of 4052 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 4052 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 5020 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 1712 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 1712 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe PID 3828 wrote to memory of 2688 3828 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://qptr.ru/tTzY1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff980ab46f8,0x7ff980ab4708,0x7ff980ab47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3304 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5672 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12467078870851360494,8799566155894427955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
456B
MD5997bbd32f91ea101c5caeba1b741557b
SHA1a0e4fbe8d4fb923d892b77d6aa60e589a1df58bd
SHA2561402aa9fcd261c6cbd548e93d0074a3c819507fd7d257050bdf146043a18a63d
SHA512081e0543af35dc8e59543b6328c2f648cf8ea67c3ef9ce3dcbc3452c71c60f912a8ab83c40a007d04f48020e18ccc3117da94b4234020e1834dce8118f496b1a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
780B
MD5647ca5a4e517423c76cfa7f5c1ccfb2f
SHA1ea194160e3aca904ea09edc75a0025a76e60fbce
SHA256d44c4d3da216598ec254d68633438e04bbaf35f8722c036dc7605abb7c7d898c
SHA512f6bb358e7843e743995f3de8e7e3f973a7a21dc877eaa7a2fd8baf091bcd1b7351af0f6a5b6dcdb9c3cce5e51d6f14d431cc6dce6a243afec79d21e28c9586cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD570a1648df1155446bb0c570c01c9cc98
SHA1cb4a7c374bd77ddbb8659709c73903f6ad41c1a3
SHA256e0cf816e99d317a8e3a924d94535371bf736044b811f69b478335d4523d476b1
SHA512d6eef3715e66bf687e5f8eb5b88e2d6377954b8fd6cc4f719e55b9e6ec78d51236103510842318517c786900bf66431d4e819b28551de6796a6eff899e9656d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c554defecc63e1971b990fdcdbf6a156
SHA1e55d9ce5319d4d6bb1b39f3d5230d8721757cb51
SHA25680c5940e343332af16b0b78a8d15e4642876bcb16573a0ac5b304ecebfb7ba2c
SHA5129c47c09b05aa1283de68eb8dbad8376f2341f3f7a8fafc3a631ab289d9b55ae7ea4b2592c4c88681f6606bc3f15994ae6e761c0d3db92761e0c5e781cf775abc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f2fa243f89ae381ca7ed02bfe4bbd9a7
SHA1b380e615df21f9b12cdccea6af08f9b6b426c12b
SHA2567bb56c8d787accdefb831e53a3f1baf17e7c36726a8dfa2cad64328203aadc95
SHA51250cf2365940b354cbccaea89e340ed27bfa75b28671b74dd19bec7ee36c9ff037f656c864e24acc18ed95e886378cfdaf9ccde1dffded639a041e641170b3894
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5075fe1864b5cfa012aaee7f521c8867a
SHA1297f3484f415ec2f4b19a6f8a079b0739db0747e
SHA2562e915dbccd024d025372ac03d7de8393c97461eaf793046803444642c0aed21e
SHA512323ce01af3289d643b82545a9be54950244bfba6a9e8ccef2498fdad985a803c88d593481297bfbf715c20043c409fa17805343da804e1f95e59734dfbae4f61
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c9e7507c303d5dbd7902119a751136c6
SHA11498046ed598f539ee8c62ee5c6cb8fd30fa13a6
SHA2560c18148615eab214b36f1578d04f4dc42030c5b60a5f92d5f5d1061332a0d36b
SHA51286ae89ad121b1c796c1182685b732683623e944dc6764d7e13bc2f2c8eb3d1ca4380a4be0f21455a5c0afc3d4bb8c59284882d21d2bdefaaec83054a57b5a64a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD552fe41786dcdb9fe01469d72ad1052b5
SHA1789dd5b69f7a43e11af611ba0358588705381529
SHA256881a7bca4a3a05212e920e78467a4346d67dad59414ddfcd5911fda01c22cf9a
SHA51263f29834334e8214c60a3d732a3efff738c8396d4ba6c969b3791024a8d277e91afe765f9ac3ff355ba09ffe1032a420e939a19a5b28087e1d1c02283b4bb09c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584e88.TMPFilesize
204B
MD5a7dd8ae7658b60cdb81dac6412d26f97
SHA1a84878d07ddd62525bcb37cf8b6993cd73fc458c
SHA256f02b26ff638b8f53c0b5709be46fd367cf731c8109ba6fdaaaa4cdaf879d4de3
SHA512579b49b2a6f10160f5eb75aae1116d7f30c33fe1adfd7d01b92db76bdf03bb4b05f07cc479289c2b1316af92950ae3fc9e769f030a4eef02dfd73ad517d484f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5a029b7791664a379f75ba7e54448b083
SHA1c344655b044b3dd05ce058c6a6f8b37eb31a73e5
SHA256c8b1ddd11bd2176a3f20faf533cb78b25bfe66c285407720a511e2776f038571
SHA51284136cc6ae7cd00a250d289ea55aaf9239e78f6112609f85acf6ab7637fd0da5b9f37a0366fbf162a3becc53b1e3e63dfcb53d433f3752932f1579a9388642c1
-
\??\pipe\LOCAL\crashpad_3828_FSPOOTRJFMLYCVFSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e