Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11-03-2024 16:43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://japediu.bio/csDkT
Resource
win10v2004-20240226-en
General
-
Target
https://japediu.bio/csDkT
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exeWINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 5804 WINWORD.EXE 5804 WINWORD.EXE -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 524 msedge.exe 524 msedge.exe 2316 msedge.exe 2316 msedge.exe 3400 identity_helper.exe 3400 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
Processes:
msedge.exepid process 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exepid process 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe 2316 msedge.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
WINWORD.EXEpid process 5804 WINWORD.EXE 5804 WINWORD.EXE 5804 WINWORD.EXE 5804 WINWORD.EXE 5804 WINWORD.EXE 5804 WINWORD.EXE 5804 WINWORD.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2316 wrote to memory of 4652 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4652 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 4200 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 524 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 524 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe PID 2316 wrote to memory of 3708 2316 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://japediu.bio/csDkT1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffe778c46f8,0x7ffe778c4708,0x7ffe778c47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1460 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,4438123811608327596,11747324593943160308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\MountTrace.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
192B
MD5ee594570dd39bf9615f28ee22bba15af
SHA11b12739b1276d03e50346821270a59579fd0f57d
SHA25653014dc922704f4541c08e4ed1caa1b0382ee4886ff72424fe036caefc524f63
SHA512f820bb3aa581f1aa9724d33474369e78385bbe76b2603ae8d17858f8c293a796dc303a619797b8c0332c230c008d373cdd577a6a9c5a70b1f357ae8ae50355f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
944B
MD524fd16dd4bb43b47fdcea604d4282e08
SHA19b3d3a52eb9a1bc85f49f8f3d3aed5110533aad0
SHA25636f9250f6d01b3165a7d3757562575c68329a0110fc9af49f4b4eaf87d19abac
SHA512dc0278f41944924684e7377440b09df71c06c0fd57645c9bed4056217e49d83975cc00b38dc9650d6ffa0d04d7c16a80b62a7214727ce1522a0d42d8fde38660
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55845b16c044040db9a6f8b3c3c7a4a37
SHA1a80c11f426cec57d2dfbf8a4200158c314e7fcff
SHA256e121ca78bd459d0dd1c9a70697603ce6ca7584a9b7e859fda98787a5a11ca6ff
SHA5120ac1f0f69182027479f67e750b7e403ad8ed574b5eade57a65bda74fdc4ba7c5eff220c68d800cc84215de917e2c6e776d3c8c7431878c5e6fb5c0cb55ced3bf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD51dc17a1cdcbe95ec36ec42f0df0210fe
SHA10433a5c348a1263ccb0f3b95bb33a9acda8e4a57
SHA256f9126950435ee0230affbd944cdea3711cc4300eb9e7efa1b67b6feaebc885a0
SHA51220c43f71e117165d2092e1ec38822635c7aac69128b2c98d5bf67435a2391416805f74297d6b9b47ab49624a25c9d6a15b7b5150be6d307f1d4acd899bc9dc47
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5817efc7aca83ccf219d9b4969bec6e9e
SHA1b268da9de0488c443029e30460a3ec3c367f4c83
SHA25619d7526e1f156b8471cb4c2ae5c9955c93b23e5201b079b81b888df304469dd1
SHA5125bfa092450e4a5235045be2a3b656fd030613845fb98eacc366aeb0cfd9767c9bbb267a834671d0155ecc1522ea45037f044ae7a18111b722b93f2b8a53c3eec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5a6b6da5fcbe615b7c30e0dbb53f32324
SHA18beb86edc3ea3aa380ab2ddc657267fc13a9ecb5
SHA25632cee179843de179dc901b8274f890fcc159eb68c4b59bcc0cf0d05fb2f3c303
SHA51244ec5fc51629c6178b4de2b08d16ee4c310bd2bbde155e7e64b82c0576427ae082273a6134d3f29b4695cc03c1dc3511e6f47818492bd6668c48de5a791bf5bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD586bbc7e26fd29e0680c0728ac26b5aa9
SHA153060f77d941da4d9b0bf76b830dc703f93bafcf
SHA256d3171ddc05200d72d7b7cb676046bca6b130876b3690e472e7021669af81e49b
SHA5120aea02c88f09d50c4cef64980a7238a54290719b8b10e995aa6f2f4704eb5f6f20e5f57d9380b49800666edfc9cda8302ab1a3cb5e007e0eb6c5d27500799260
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD59b0c14a5de0014b00dd0b15436ac4ade
SHA155aac728d45ab1b9bab02095549c02f4d2063e3b
SHA25683bec74227e0279d8f57bd6533fa2b1dc665c3ba8a58f3e8e0d90a75099fe001
SHA512d0d9a00c242547122c79cc610e78579d2b01a0f37ede89fe837fcc4d6d2ea60553ad7778f99128c45056ecc1b5f21a68f1a1c88af434b5b60161ed09a26a2d23
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbresFilesize
4KB
MD5ce64c877da2b7e16a6899c201f609dfc
SHA105b1ca12c8ccecafec0471340cc42efe3d8cebca
SHA256cff7934254db354c407d209972f7d7e0a85a33c50dafea14fa8333223b5684f6
SHA5128b01ef9f1ac45c9bfff73c73e126f831a32ca45f1161048dbd49dd2b400b7c2337dce76d731e84b77fa014e5b91e8950afb5b14ac1c57c663909399ff40350ed
-
\??\pipe\LOCAL\crashpad_2316_LTBLPNJTPXAKSEALMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/5804-231-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmpFilesize
64KB
-
memory/5804-237-0x00007FFE44440000-0x00007FFE44450000-memory.dmpFilesize
64KB
-
memory/5804-228-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmpFilesize
64KB
-
memory/5804-230-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmpFilesize
2.0MB
-
memory/5804-232-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmpFilesize
2.0MB
-
memory/5804-233-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmpFilesize
64KB
-
memory/5804-234-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmpFilesize
2.0MB
-
memory/5804-236-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmpFilesize
2.0MB
-
memory/5804-235-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmpFilesize
64KB
-
memory/5804-229-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmpFilesize
2.0MB
-
memory/5804-238-0x00007FFE44440000-0x00007FFE44450000-memory.dmpFilesize
64KB
-
memory/5804-227-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmpFilesize
64KB
-
memory/5804-265-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmpFilesize
64KB
-
memory/5804-266-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmpFilesize
64KB
-
memory/5804-267-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmpFilesize
64KB
-
memory/5804-268-0x00007FFE46BF0000-0x00007FFE46C00000-memory.dmpFilesize
64KB
-
memory/5804-270-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmpFilesize
2.0MB
-
memory/5804-269-0x00007FFE86B70000-0x00007FFE86D65000-memory.dmpFilesize
2.0MB