Analysis
-
max time kernel
142s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
25-04-2024 14:36
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://qptr.ru/hVVV
Resource
win10v2004-20240412-en
General
-
Target
https://qptr.ru/hVVV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 1380 msedge.exe 1380 msedge.exe 4776 msedge.exe 4776 msedge.exe 4600 identity_helper.exe 4600 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of FindShellTrayWindow 59 IoCs
Processes:
msedge.exepid process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of SendNotifyMessage 56 IoCs
Processes:
msedge.exepid process 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe 4776 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4776 wrote to memory of 2656 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 2656 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 388 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 1380 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 1380 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe PID 4776 wrote to memory of 4088 4776 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/hVVV1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c26046f8,0x7ff8c2604708,0x7ff8c26047182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2212 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57b56675b54840d86d49bde5a1ff8af6a
SHA1fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811
SHA25686af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929
SHA51211fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD548cff1baabb24706967de3b0d6869906
SHA1b0cd54f587cd4c88e60556347930cb76991e6734
SHA256f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775
SHA512fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001Filesize
34KB
MD50dbfe8a3cd651d41cc87ba5ff6036222
SHA1f0d655b6f74700bdd5e7ab110687ca2fd46295a4
SHA25644707f450147135e6bc41f9f48fac14315dcdaf6484b54bd3337ded6867ee486
SHA51220a0b78b73d0ccabb7585aeda32a27047a26cee34fec0527520da37f8c7b95395a3a7c06050242605e8a945f134631003d8efa51c3b5a235e9ded609e7999a2e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
408B
MD5b48c74420cddb55c4eb81d6adddecab0
SHA1fe17b40ec452252e14a983299d48d155e47db1a9
SHA256bd7a75699bc25e84221a7764d569965ad0f5d1945f8f96c08f7a8dcf6b86e3cb
SHA5128ce5a67497373f01c17ae3658810e0e4f6489cede7ee69483ac01e84d43f2be5ec3af8b8912d34e4bd891427a746ab0daa23bb7a6be353d2f821eb2ace45a6ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
384B
MD5bc0abff688a7ab5331bfb4faf39bf449
SHA130fdee877ceba21c9bfe7d21cb89cd57778edfb6
SHA256700e0949f4107d84642280d4f391bf50229a906ff10d1270c25ff6d748f6f28a
SHA51204d06db67a5aef44861a208c2cb5d496de746d35b7e90374c4d32aae643613ed94dd6da5701e0e86071709b72bd7118be755ecf15ada6569c695e4893b32b5a1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1014B
MD514b0e8b0b472e88d98d789d7eab2ab23
SHA1ea9cddbbb736c43bbd5fcdd936b9791bddc0f711
SHA256021f72a2bf7edb7581849f61fb1499afff9992432fd4ff1634f420f50b769023
SHA512a6108aae1b1422cb4991b26b7249325d68857c28f594471f160c8ca3e77f114849dd8c0e43be13ea8278ac0451880244d7587f15b7f4ea38af3a1f364ec443d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5fcddd4047697787b262babe7111b5c7c
SHA172033ac5ee0d685b9e03868b301e873800f84830
SHA25698fe4473cfdbc6e23e40a9dd93f1b6dddddf633655e1e9a3502f984192d7fc19
SHA512f4be24f875709b2d520fccf5d3f735b2f4ecfb251d313d5112241afff4c1252f2616466ad86c266217c68ec412f040b26724d17c7bd08d447ef3d94d493076a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5a370ac5f42cb9dfd130e39648b4a4c40
SHA163476deee36a5d15f61faa802f5adb5ca5170386
SHA256aaeaede6be6cad68dc0a0fe33972c506baeeaad3c96ea0d451af89827ef59c3e
SHA512d15b0b7d74ed766157c3261710b16da25a0befd4913ed6b55a5165e874982224b50dc8613bd2e89101de035f3fa26e6d8ba5e9c5cf9e078c33e461f906a62c08
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d2e46674562d6a200faaac1edaa9e529
SHA10ee508350a46671d5552f83ccddbb7b60a521760
SHA256ffdb5af43b079b48c44610372454b91dc07e89f1fb7a62afb938baf4c1dc12a7
SHA512f2acf34c3c338e8e2033c0663cb70642ca918b9eae49b5db2bfe061b1dfa42fcb323f8751c797d9c96bd207cab86651f5150baaa46f9ef3df53bb644fe3bd361
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD57da4a94f5b17f47e03cf9dff8cc0155c
SHA1698d5c52a3b1e40c53cee77ed1ec7be4956fd1be
SHA256733b92c679fc816f6c9239204550ef186917cbd703fd645a93c777d71f44e750
SHA5122a73bd942712712f8c48028bbd4fc850d51c120f8397caf2e12ca3fe9171877e85c120f82db669d8bc2abf315ee3f084f6adb413a31295d8560617961bad3750
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59aba4e83d9761db7c4f7ad68aea23cf3
SHA19969b39c318c5fcbae3754ac2cf8693b149632ad
SHA2560cb5d84fd5616205bc1289c37fcdba4db7e626c62ff2ca0e2094b17723e3f31c
SHA5123de2ac52da721bab10b84a736d5d174aa0051446816c26b0ad182a116a6f11ff1e97e8a8a4b046d34db602f8b331bf9648d5214b88f5a726e9a247501a58a4e7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5117cac7374cce66f3c55db9b29254c41
SHA1ec32bc2955a2f8a630d76dd186fedc3e496a7732
SHA256157d05d563c2015655086b8bcbda0d150d041cf3feb3a8c6d2b51c78da40bce9
SHA512859c11cc5497777edd8b7db9751ffe0b5225a9dd63dde00d9a2f63defdfced611b8a7cf00b9cb3695e7f9881ad29db58bfb814ceb4cbd4457647aad2a44a6375
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD56c41655ff994f16ef18b86524185e9c4
SHA14f2b46aaf9d372264a84ecb96ddeac06b7b46ce7
SHA256a3db5cc95c468309c281560d70bafe964e1828b3e45e78dbcd152ae05e685065
SHA512626d6b4a893cd4fb5f5b69243c1d98ee80262472ac6b213661b1c853d8e12ca0990ed63e9d51bf040af59beb1a4a06bd6a3aa11e4510bb46ac364ddc8f97c4b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50023c032ad60defb68ddb4c37837ff7d
SHA1346dcb1853a0f07f010ae409dc9e1f3fe568034a
SHA256aeeff7588e2d1c9c8a6bd56d7dcc07908d357636d9b99fd1320fa81f848ca2ae
SHA512ad8e111262cac8591c314e5271cd03ba3dad7eba3ad6a1d371c1bc69ab0e815878bb8988246fccbddc1ee40cf992c11fa33f20231492f5b5c768e26711ba981e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD592898f220f9d71697606d2f0cac3f860
SHA1d85e5be215a0c366a55cfdc3a8f237bc59f58a44
SHA256ead2c2724e235da4f5ae4a189ced6b9ebb673b67880dfe1a38dd55ea56590ae5
SHA512836112e3c158d6ca226954ebe14688015cfe1958a41caad50cbd1c68905854042dab253b6c3fc0772052203c5b391af6c9d30f8c6fd10adbbe25e42e49cbad3d
-
\??\pipe\LOCAL\crashpad_4776_NIQPOYQVMNOJIDKKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e