Analysis
-
max time kernel
600s -
max time network
616s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
25-04-2024 21:54
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://qptr.ru/In7t
Resource
win10v2004-20240412-en
General
-
Target
https://qptr.ru/In7t
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3300 msedge.exe 3300 msedge.exe 4004 msedge.exe 4004 msedge.exe 2672 identity_helper.exe 2672 identity_helper.exe 6120 msedge.exe 6120 msedge.exe 6120 msedge.exe 6120 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe -
Suspicious use of FindShellTrayWindow 31 IoCs
Processes:
msedge.exepid process 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4004 wrote to memory of 3684 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 3684 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 1232 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 3300 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 3300 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe PID 4004 wrote to memory of 680 4004 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/In7t1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95f8746f8,0x7ff95f874708,0x7ff95f8747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7593073031322875797,9447497685997907532,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1564 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a9519bc058003dbea34765176083739e
SHA1ef49b8790219eaddbdacb7fc97d3d05433b8575c
SHA256e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b
SHA512a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cb138796dbfb37877fcae3430bb1e2a7
SHA182bb82178c07530e42eca6caf3178d66527558bc
SHA25650c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd
SHA512287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\08758320-d514-4007-8f7c-f77335f70b84.tmpFilesize
540B
MD5978ace41cd805f9b0b53d2544c59736a
SHA13f1c1115e325a44479a0da3641104f5b17fdae16
SHA2564444897fe3195756f99e82fb267bc7aac328a7f68e570df9eeed01b6e846eaa0
SHA512c5b2d1d0b150d23bf2ee911392cf3bb5f1c5184a4cb71c3369c042f9ac3a47f2fdc6ed14acd9815bb91f9ed1dae2fba2dc00b5dc1441a311f8414f60e9f721a1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
192B
MD5dd92a0fdf758ace5514a7360d824275c
SHA1d413e559e230ca2bb232b53c879e9503970d265b
SHA256f2852941664930de9061b1c8d21ac232f791002a9f33189e2e262436693d38f9
SHA512a5503ed54f5248937a17b8a3a0e71616eb693ad57dcc817104e6b9147be9874a0351909fa83d5a9790e925cac3ebb6752ef35dd4534e63e9a5d257309a90b87b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
216B
MD5547467a8c6b0abcf367dc31a1e87415e
SHA125e4f2b6a08c2ded60a43f4048ab8e8414623ec3
SHA2562a758bc9359d6ab2cff6bf1ea33e8142d1b9ce385892cb9f4bb9070d1acbba01
SHA5121865afe338997d07e67a520c1f355901bd37d654b21c46761ff2eda1574709eeef22abfafd6b55cc34b3520565299c9fef4390fbf2cf61525a85cf9858c013eb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD56d5c3aa3375db3255bbe9b57f7206715
SHA169a41b790f7ff7eb20700f6d4a0b139af7d19c4a
SHA25663ad63a6fb66a7a13e738b1b4dc857d5e80cd9237a365962c098552b07ff3f3a
SHA512a8063fa4e806491f5544285fd00a9d2e71783efb10b9e30b8b0680da18924569064622a05c6175bd083d3e4dcaf22135ea7cef93167ed2e134f73fdafefac1ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
947B
MD5dd24c803799f169a69b29cce44ab0bd4
SHA15d57ed48f8f33a01e379dce611a77438db8aee32
SHA2566680ea74cbef7a4edf72383cd0907e51877a8ca59a87c66200c05c41327aad21
SHA512fb208aadc253aa3c3f27c91dba0fd1ff2e20933186b7f7ecbbbb6d94736bf5d140e3ee49b43f6d767e23ed9019af16b49a109cfb2c6f8a98cceb2bca42bd2187
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
947B
MD5f8bd5023efe420d4d8b0760ff24870fd
SHA114389b20c5b9ebb19abe01d9e32ffb7d9fe125ea
SHA256a29b51ef4372059015cf177af7e5211be68de7d26e8fb2a9e065c531b0fc9bd3
SHA5124e7bc59fceb90d2f9546c48ff8b297a193c1554f803ecebf65abfd096aa62bfe448a0c9b8091a41479d3f2b0042aa649b0a36aed1699f0b2a90fb7d1bf8b3390
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5fb2bb200826c2a1f99034b38b18268fa
SHA139de5f55b6b4ea4cd205b4681a52ec9334361361
SHA25621238ed387b2fd592781555d0deb4c1d2bd0f33306c2786de557fd9d05bded8d
SHA512b1d2f2a32dba59b30231cd2e3a5ed7eb32c75f226b6aba1a40ea1745f61baa0c7fcfb2239ecf331db171ddac8237f56fa47abfbf836b89465bbf41bf2682636e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59ec31ed330bef29d2b5a5fc02c6c8d02
SHA1b059de9b0b1161d058eb50043ae238669e8e660b
SHA256874b2bb0d0f37477ebcf25f2568308fc8dac35639d38a136182b2538ce88a93e
SHA5125ad559b63b58ace0058990cc1213240525adb772ec918b3c330eb5ad5805b9389173401f9730eca60907ece5744f570554d605a8de442e3c8369eb8b3ff4f4a2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5d5e0afeb89bb3c4d8f6583cb86232a19
SHA15e5f9bc3290165cc26d0ac1f49d381879c01a84f
SHA256b163f637cdb50c9c02f0015040c473874be186b90147b29de94609dae3a17fdf
SHA51294737ec6f8e27b79543fe0350d253c9c9ffde4a3996e526cde011f43ba8b3aa2e68d794a4c89b6ce8ac5741d5e39aee11016af989564a416bb7c56a1fd5e4ee1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5deaa8616ef82f410f15a7759def6d6b8
SHA1cfaea64e3701555fdf5eb1814b49b8707f9ac3ae
SHA256426ea7354ee7e4962632272cbafafae8769fc3f98bbc9822b0d9b396d8f945a7
SHA512139a971f7bab6a82038ee4e9b082e19c6340434e69848654e28bc403363f91d57929a64b0f14e5fdbdd42b34a04e042252ee95f42735a4871100a3c63efaab74
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD53115f3748e67d45fc1a2bdd5acbbe8a3
SHA11e4337ade1142487c9b9c5ea6c0dc39223b63f88
SHA2566adc413e2d586ce1b2923c6b0fb03cb9b3aae2eaef1e81380ebbb9c5f420f4f5
SHA512bfdb72b4a3522468fe8c759c463d148b1ad51150269aca5fbf98605b95180f571c3eadfbd20f1684c0efed57a89f8d90fd198c9ea0c7dec9d36c5b58f6657a39
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582f77.TMPFilesize
372B
MD53ae7152e061a98110a95a584b5b3870c
SHA1482d6390aead2706d1384d19e499e22f8ec71193
SHA2568ede7e98e123fa867a2df00d59d8952deb89ed1265d2c34fbdeeb646c73ef0e2
SHA5122309b7e15872bb1ffe115d98de8d3f4cb4410607b325a3fcf0a3f1f1ac3eb17d01b082706d0de29f4239477de826c3c4fe3094d6e8f4fb8af9774e56ed632c8b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51fdb6bd84a531ba8eea5cd6fa63865c6
SHA16cca125583d2318a9a1ba04c02e642e1d23c4d78
SHA256f2ba578d62af63dff84e5154ad8cbf2ef92a6af0ad2c50ea60d3e59152ecaea2
SHA5128d975da56a441a3f3fad3ddeb5da13d75e203f7db57a34838fd168d6ae3af8e6b4e08a4cc5784066ef4a150d9ad95871a3b4f66eda67f7a4b67e497266ef170d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_4004_JRHLLCVHCDNWSKSDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e