Resubmissions
19-04-2024 10:07
240419-l5mpmseg83 119-04-2024 09:00
240419-kymkmadc92 619-04-2024 08:28
240419-kc7nnsdg4v 6Analysis
-
max time kernel
451s -
max time network
456s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19-04-2024 09:00
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 89 https://case.stretto.com/voyager/file-a-claim -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 516 msedge.exe 516 msedge.exe 4148 msedge.exe 4148 msedge.exe 1268 identity_helper.exe 1268 identity_helper.exe 2248 msedge.exe 2248 msedge.exe 2248 msedge.exe 2248 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe 4148 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4148 wrote to memory of 2900 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2900 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 2132 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 516 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 516 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe PID 4148 wrote to memory of 4412 4148 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.auctria.com/Message/View/a4a002b4-f802-43db-a327-52d54d726d701⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c92c46f8,0x7ff8c92c4708,0x7ff8c92c47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14604619477495655343,13440766507603554879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5846ce533b9e20979bf1857f1afb61925
SHA14c6726618d10805940dba5e6cf849448b552bf68
SHA256b81574d678f49d36d874dc062a1291092ab94164b92f7e30d42d9c61cc0e77c3
SHA5128fb228fae89f063159dabc93871db205d836bdb4ec8f54a2f642bd0b1ac531eea0c21234a8ca75a0ae9a008d2399a9bf20a481f5d6a6eab53a533cd03aeaaa2c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5104aab1e178489256a1425b28119ec93
SHA10bcf8ad28df672c618cb832ba8de8f85bd858a6c
SHA256b92c19f079ef5948cb58654ce76f582a480a82cddc5083764ed7f1eac27b8d01
SHA512b4f930f87eb86497672f32eb7cc77548d8afb09ad9fdba0508f368d5710e3a75c44b1fd9f96c98c2f0bd08deb4afde28330b11cf23e456c92cc509d28677d2cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
432B
MD5f4403c8d7d10a8342f6aa925c3b49457
SHA11b9d9514829cbbbea9a5f38c38d24a9bb49d67d4
SHA2560d4fb75a9b570f10059afc2fb05950a8aea9a0e967b54168668c5c35e5b657f8
SHA5129e6b3da55c918d343cddea5152f694c59d16f4e5ce4a4f3977b5e6ece56ee8fbd79e815ffd80b0289dd5bd91b485824cd6632c761ff58f885da052baafcd470a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD52269f6df3d863e318e843ecab87fabe8
SHA1ebee55be5fdcf0388bb01b7628c9a9bab7001b30
SHA256be59bcb5338eb0629143bdecb010de79d73376daa8af39c71d491bb9beb0c2ed
SHA51289cc9268ba7e0aab4f1babe8bc63963e9cb665adcaac65034c4528740b232a2ca3cdf984c480f2b4a420b3b280d9e05e5801901817a0b6fc82244435bd59adab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
751B
MD56619892e7ef344a9ee33bab4d6f66845
SHA1c411e1344ceb05aeef9cf9645da9253e61e71058
SHA256f2e8beacd477a38cd8fcece642288dd414d76d41a796f472616bf06ef86a5918
SHA512d566b50942422e53e9d33b0faaad4b98c69184fe73d5ce5db065828fbf56e082ee85f9b2a3a21c672e05a90d5ee32a12887ad1eb0d2d784c5cf8048e83565184
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55386ea73c20c3dacb85f467b05a0dfc5
SHA1447763981b1e6f45283ee1108830a593b0a6b1ab
SHA2562a0c8899ea1f24b11a03d57d81a01edfa78f39ac300cb6cc1ace52ea0a5c0928
SHA512e960b4574d2c677eb0ea4c4e3ae38e85fcafbefd146c3f8c8211527c072f19721db6a4b82334291b4befcee599aab8312fba26d0eeecc9fad6ba6fe26cebc2b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5911b14c83ff73f8e38eaf306628d229c
SHA1c37ff11545f87a23095702ac70c8251f5883338c
SHA25692e75b538b09c5632c1e03c95e1583faa104db7784392eed259844338d82eb7f
SHA5125890b609bdefdb97a069234dc5ab63821804a92166b8ce21a94875fe4ece762b2ec1f7f5fcd1309a9baa7e984b1338af5bf0664b9742bcabf46451a269340dd5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5badbc1ade2c557bad679143c1ce695ed
SHA10bdb5b8a837781c302435f42209220bb8e435341
SHA2566d69a7a818e399fd14eb2f73124545ab3365520e139ad18da846ce2dfce19cb5
SHA51253762ccae1563b5d0bd60188dc4bda471500f5d9cc0bb8650d7f2be2659afbd9baa54a6ec4a10396430f73efc43d7785af6669ead21145c9d0648f9bcaf9188c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5804e8d7be38196b4d9948e1a70af3c54
SHA1e9e7c355decd915b92eaca54bfe807ee5627e198
SHA2564dee5bed01d9326c788cd9df104f2cdc40f1a04d0555dc2689e6d50116ee6347
SHA51223b0c5281dca47565156cfdea0f7f218a929f854bf24cc8a7abd45691f9120b1a7ec9c4628768cecc9db7a94e44337bb3b7b338ce357ec0f7632a5407a63969d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5d4f55ed97fc33d1e68415b9e47eb3c14
SHA14f347f87c7ee68de60ce3ba30b6c016e791a356f
SHA256d6a8f014e6677c5792875d6f6ce032705e851ded25b27a5033de12c3c920cda8
SHA51204c220c69061c440e5835dcd3ed2455e2865e3ea072ddadb82f3625d98669a9ba965a7d2cfc33c2f3372a1aae7078ab451af6a638b3f431da5a1f15db7fed41d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597a56.TMPFilesize
372B
MD56981e42e9eaeaec284c2d824bf5442f7
SHA1e7d915c6dc37de0ae0ed0b6a33d3bc4947f0ec06
SHA2565bf3be7764333d25ffd6a7d68e48fd9f3736ce9019139c8e56640ea16b0d65a4
SHA5122b1fbedb81639b432281ea672444e77045fc1c770a8bf2a5b80ff244be08502ed857fc55a4d66a49f1336f83545e2f571bd3b86969976b61f4783cc5b22d543f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5bfefce4281a16d8c270ba22f1cc4ef6c
SHA14e1b6c9111a30c5f366a01ed2b9693c1a8108c0c
SHA256d264a854930fed9c71dc0f47b23df390ef500b0f80da3229ea5301af71701678
SHA51225aae57dd477a2ef24783cbff4c3b01fe44e43b89f44e6c6c4587f3b65f3b29e0be783e3916e7da03f30fd8a35b13cb0eaf24530fda91ba01c61a3f6d94f9710
-
\??\pipe\LOCAL\crashpad_4148_WIFYXYUEXQILGBQHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e