Analysis
-
max time kernel
109s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12-04-2024 13:16
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://steamcommuniqy.com/gift/28914887855
Resource
win10v2004-20240226-en
General
-
Target
https://steamcommuniqy.com/gift/28914887855
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 1844 msedge.exe 1844 msedge.exe 1004 msedge.exe 1004 msedge.exe 3148 identity_helper.exe 3148 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exepid process 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1004 wrote to memory of 2720 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 2720 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1864 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1844 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 1844 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe PID 1004 wrote to memory of 5040 1004 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommuniqy.com/gift/289148878551⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffd205a46f8,0x7ffd205a4708,0x7ffd205a47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6618620798881020239,16519793361757933062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
456B
MD5be1e1d3530d639cadcf440c5a1b05cc0
SHA18a2684be54c4d3da3a3bb69f1c8fa0534402c70a
SHA256ba9c3be6aab5b3c3b89170ebb3cc6435ddcda35cd9ff35a6124d3d41b48de080
SHA512a4be1bc1ab754617fe6e6dabf94f31398c0fb5d795617b5056212d80ad86ac192cfa7a0417eee35b2d650cb83ae6b9d137e871d64fb6a544994c11fd7a347a5f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5ec9ad6157cc04885ae001e406299acf8
SHA11852790f475ff609b78af4b8e0873235ccf1ee78
SHA256be19a9bf6641aa737ec4b41a244eca97e16cb74d598d70011a0294a905e8874e
SHA512403fc2fe9a0812c5da9e6cfa914e2c14fd0bcb927601aed01032a1004490776e7057a9fd09683948c92e40d8d716d8e418b557cec71c57aa0d2d9447fa7e73d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
787B
MD58380e0561fd217ff4b9909d4c78b9b5c
SHA142775483349a2d2d6a5556653e99f358908b37c1
SHA256bcf689243b3f0b6d3b43f6cda157acf3f848d7389d4bf5ece3532021e3d17d0c
SHA5120e2241792914f66b12a35eb34246641c3a73f40aacfc846ffacb7616dbd332da9c6982679bd340ed05fdd1e99b6db67dd6f32597a47ca0e3256d343ca9f91284
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD534ba251088a7b41aaf33fa189a8537eb
SHA1b5d4877e30df0fe551b8a5d5a60253f5b9e153bf
SHA25600f3922d44746d68ff3d59c51def70e83a28f29068efed65997ea29d9e4367fd
SHA5128cc64f63da7d40d6d292e5c057914f2ad304cfb6ee0de055c514847a16218ff0598c25054ac3820cfe81af142253b3cc49c2037ae1c21457035221636c0e9600
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD591a4999ef34da514d2f5cb230e0a32cf
SHA13cb19b593194c431e5d42654044a82263ef3f9b6
SHA2564b328f1d8f49deab3e32562683e204612f401c651fd9855e8ee28cc8dc7122c0
SHA512d9c401cfb6a4057cdc94eac68d5c7b8437856f8eea71edaf54f2f01750c5d15e287a5ddf551aa0c18aaa83a38fd849c65f7e5bd3e6c2a0e18accc6b6a6cef63c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55f0686958730b9295fc7cdde4387fd1c
SHA18f0c8c5749c702ccc7bc18396fb8489efa7ff801
SHA256dbdf0718e6a825f5ddaf421b7be686d8d7e24fe9657b035c3390e4328e6d8ebe
SHA512c6c5d1f065aac487ccfac0b0e1bf3f614ff0b0c0ab2b83da245eeae50689e831fdc21eaf735d45d354426335952e6613a6e28934cab7c890a491902e5c6a7c25
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD53ee2b81a3c7aa50874be323026ba1207
SHA1a34aabf809b3032cc9ccabecd09b08b26e69e1ea
SHA2569d34e5985972b18c37885b35f427727789adfcda01c49a471b943921cc71402a
SHA512b0af47d7daf4b53b797c587e3505cb7028dffeffd472bceb8f3a8f6002e46e2e72ae8606fedf7d729ad5b179b17fb77bc72ad30ec54dcb147bebf5ca8dea2f9d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591255.TMPFilesize
540B
MD5b1e95c49463157a508f5be8f2d391662
SHA1d2ca0e71cdd318e2c23f0c589a2994458de2bf03
SHA2562aecea4e4e1249b5678d9e2942b999bde5834ff42089f2aeb41ecb2f26a97387
SHA5126ff1911f037a87ac1bd58b0c34d90699f91dd9de00421b6d1b9e0e200869348bbe8f43cd84214c0a7f95ba1ae3f190fe7929544b48a6587cb4bd86fa6e0f4382
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a30630b3-fde8-4a0f-aae8-95b5191f4639.tmpFilesize
1KB
MD54974a88caa29056e57f8854abc8e328b
SHA1a379a8d85538dce26d4b5f311990c3dcb68675b3
SHA25608bf624667e27a1d289d3197e6a9460187b71d263cab18f064b1a7d101f9c1ee
SHA512fba187b5cb855010cca71440b989874e0596e3643f959712144e77b130f8ce8ed4325f916b7babf0ede3d2c70ed86a365008664bdef227507dec03125d5232ff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5f384913c11b494fc4d3572830225a463
SHA1ad5f0b23544d279f623cf26b1fecaf921c3f4525
SHA256032bf211e0dfbb3bfe3c78082c73e67c5cdf1f9b9b6b512e20aaa21beec36682
SHA512e78e5f4b29a3a01cf11f814efe85e7c49b417d878bfe6c6b2f20fda491503e850bedc0771263bb3e1ca18d8d44b132b57f0c9338147623bb8d4e21e7524cda7b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5dbadab523af53d7fe83b43b4e352f074
SHA1b745b0a23bacb1bda3ea10e7fede5e1fb989db38
SHA256d886aea6827be24aa1855b6d95d08fd8bfce72814a8682976c63011808990408
SHA51232827938f86f82cf1a4078d1b6ef5efb22429818c0078c665a71958957546630da73e01e8b91cc1852729c16b1dfadf5fc305b6b185248e2df607b3ae40901bb
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_1004_IUPGWEVSDEGQSSWJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e