Analysis Overview
SHA256
2686676de2878920710d925c2a94afbd2bc9430f8f946190a5fb92425f797f72
Threat Level: Likely benign
The file 1_R-bNQuTbgcQda15zyXeMpg.png was found to be: Likely benign.
Malicious Activity Summary
Enumerates physical storage devices
One or more HTTP URLs in qr code identified
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: LoadsDriver
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-30 16:06
Signatures
One or more HTTP URLs in qr code identified
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-30 16:06
Reported
2024-04-30 16:54
Platform
win11-20240419-en
Max time kernel
2640s
Max time network
2649s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1_R-bNQuTbgcQda15zyXeMpg.png
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb19fc3cb8,0x7ffb19fc3cc8,0x7ffb19fc3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6112830464837840674,17189536859492570812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb19fc3cb8,0x7ffb19fc3cc8,0x7ffb19fc3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,15437265635570873374,14363355648871198428,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,15437265635570873374,14363355648871198428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,15437265635570873374,14363355648871198428,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15437265635570873374,14363355648871198428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15437265635570873374,14363355648871198428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15437265635570873374,14363355648871198428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,15437265635570873374,14363355648871198428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,15437265635570873374,14363355648871198428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,15437265635570873374,14363355648871198428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,15437265635570873374,14363355648871198428,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4824 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8b53ef336be1e3589ad68ef93bbe3a7 |
| SHA1 | dec5c310225cab7d871fe036a6ed0e7fc323cf56 |
| SHA256 | fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1 |
| SHA512 | a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537 |
\??\pipe\LOCAL\crashpad_1040_TFQMPEPJIDXMAREP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3173f7820f77c9a9a4288fc9752cbb70 |
| SHA1 | ade4a391444cd8b499d5b6446cd200fcf5a56b5d |
| SHA256 | 02c5f9692c5194f9b52a876c760ae818b36720a821cc581cdd40376a7ebb724c |
| SHA512 | dd47572e0c3971113b06a463dac7c4ee0b083943d32aa4151c9f803b9d6a0c9c908efb10b846488365b981df99401a1f0bb8c6edea12fd6d1cb1616569cef1c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6e498afe43878690d3c18fab2dd375a5 |
| SHA1 | b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd |
| SHA256 | beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78 |
| SHA512 | 3bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3c9545122e562b4363a5cbc2cc95d244 |
| SHA1 | b850a5dc3b74a3c098968d68fec208fb6aa6cbba |
| SHA256 | 0e954c7ea2375da8a09ef3237360f0296f9cb517c6faa3c34266204f2cf55e43 |
| SHA512 | 262c587670ecbfe66a140af91e4f5bb84f22418d2b157600692202cc462b6e74c38c3dd917ac5388b60afab5850553586c78d722e186b9eef800157c6aa29244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d02abcb3adcc52a14f31d6e8def7cdc |
| SHA1 | c0bebd5af18506a7d195af966c92e55fa8c3c431 |
| SHA256 | 61e039bcd809167ae7901231f0311d64830aaeed4658f2951df03ffb19f4485d |
| SHA512 | c608308ca84e64c9623ba8cefe4dd98a3e4d0901814dfa856acd3f4f4438404761f36a19f95ee76d937d241f0298d57a057b95a581a268dc306b80c937b24d6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e99693162340593720878448733f0fec |
| SHA1 | 1ca3efd115dd1a0fcc176188ccc3a0f0f566c85c |
| SHA256 | f6f8de145010e406a5812c0ff0ad197f1b3e4e06c4745ea1e59504352a3f4aaa |
| SHA512 | 3f1f50f0f8381d243c2c9190c59c0b4ef5bba29f7c9b4da7381db50fe07bccd4c334771da5be2c8aebc4a2830cbfc3cf7c52d632a53f92cbd5ccf504c5ff1357 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 0407b455f23e3655661ba46a574cfca4 |
| SHA1 | 855cb7cc8eac30458b4207614d046cb09ee3a591 |
| SHA256 | ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7 |
| SHA512 | 3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | ee5dd1be09361375f32d9ac4187e62ef |
| SHA1 | 2765d717baf9e30debe4ac87f7667c95fcc9a2ff |
| SHA256 | 2f269766482a59e5d882b4be4a2499624a737993bed63c7411e885c4c96146c4 |
| SHA512 | 19c1632ed7d7f1968fcc52866f21ce388ddbd98b860820ea7cd7d2f7e70a4811e8266e8a217ce49081e246a7f957e0dff456350cda62c9f73b3dea00f4c6d26f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | bc8fc692d4217e5cc3f4d19ffa387b25 |
| SHA1 | 9926d1bc59141c30cea46d0da452edfee51674a7 |
| SHA256 | 045b42eb2f154a38b9cf22acb0e43463eb251cb95679f4933ed4de48a1ac1306 |
| SHA512 | 6a5c8582cf7d46e624c3877e7f9d9c27d9df6e948761c604cdacf5ca5e2f7b27da98088b52c30e3ccc5334a8a59f2e29a49ddf4d039821e1bb596e322e015e2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 63fb689300d9cd5af3dc27fa240d0e16 |
| SHA1 | 0a554633d4752cc2c32f43d727fe40eae774dd8b |
| SHA256 | 250b9a890c406434cc4bbcfd2b6b5e54ac0e680880b63ac17889556d0b8f55c0 |
| SHA512 | 85c47de9497036fcbf2de82b3a02c383c1bc51c81fbb4b51fbbe26e7d2dca333fc38fa12b836bf19e65211a2e717806f5bd25a67472ac25eecdee33d133134df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358967004528857
| MD5 | 58eaa797c7b097c0dcfe193558940d43 |
| SHA1 | 46318c1b0f5218dff895acac67737e162737ac3d |
| SHA256 | ddca545aeda4bea7cc80b72a5a8101e9943dcc974a461959cec44fca41edab9a |
| SHA512 | 10f5e27f8139d51b9db4cf21dff7bfb73cd7a8b9087ad033527757250734dc09dde39e4b0918269dee69ae4da8a201c01f40a16ded447a7df0ba3a370318da4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 53809c5b10bc3702ddfcdb479402c551 |
| SHA1 | 0a8435aa6b64218b3e57feb7a70ae2cd523af8fd |
| SHA256 | 95b37fc311a59780baf9846248e8ca70cc706fbc2c794be945f3895f1aabf2b8 |
| SHA512 | 302a1fdff3371a2e2d77a0e9b524f2fd42356e83d6559c63ae40e9510eb693a6ac345639876e372943af28f04f2d644f84c64145611df360cfec6588f5d7942f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 53e9a37e7b6e91ccdd628be06d0061bf |
| SHA1 | cfc59125198a980ffbb06c1959318aed312259f9 |
| SHA256 | 22070f5c0c89b95291516b992bcc74be814c1af386f11f98ae6fb564ab55290b |
| SHA512 | 88ae90a3c59a027b7d9a3b70787cfc48b096207c8c330c5fa7ff88bb2f758c9cac73ea3205d32e347f82584ded39b454a9728ba8048cc591aeb55e774a989d12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 0d8313a33a254c924d1e2d1ad24aaf1b |
| SHA1 | ccef4921c6036a508bb2080f024f62cc8ba6cabe |
| SHA256 | b9c73b3782751a2de469081f69397558c816f8d625341a9e9c17c80413c5a03f |
| SHA512 | 75470934fb2b923cb0da06d968ed59a9ee99dd64b5294de9bf2feec71949a87a063859f94f61b05f56d9858374f240405bfd9dead53c9172b806cb8004494c43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | d93653f4327a16d7f4c72a7c437e9742 |
| SHA1 | aeaf0289bdc31fe12de1e54c847fed5ba59a8431 |
| SHA256 | dd188a30d740141fb9c3458f660b968ede3bfbf180d4661e442b570b37b9cada |
| SHA512 | fa8b19a69fa709d504bd21eb9947f5b29ab6651d1b6aa08199c803c9aaf06770847fa171a522d4f3f1ea7b80d5075ec858ab26033b25970a56ce6d1567f3ad83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | ee0385d7389998b6538870b030d1f809 |
| SHA1 | 9bddf4032ba292911dff486396d8bcfd4eeeba28 |
| SHA256 | d8e62da6ffdea13a2ed757158eb9d3077e45044465d0180da5669ea38d1b958c |
| SHA512 | 7a1b3730611318ca3de80f9b44fc1694f0f58925f7c42ff12be42f86c6646e4d531d5bfd675408a1908035d7a0f4a5075aa592494528450e04ae29296eeb0deb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | ea53ec142638cb1e66ded3ab1f8bcb13 |
| SHA1 | bef94d26e8d30f94d2b7b055b9081ba2a2b5f8e6 |
| SHA256 | 2e519248d3a3d244be2cb50010f08370e81a291507e1b4dbb439140baa1346c0 |
| SHA512 | ec9a30729670b859e01cd686f64864627e6d671fdebdeab9453dcb69d0db16929fc248fbd227597709fd66e97ef7236e39e2fe2d38957214961cc78ef26a9383 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 99eb4f3410780d4f7c9f432f5cc23f74 |
| SHA1 | 186c87877609c9f2b5f44bbc3f9eece2e096f842 |
| SHA256 | f6644a9bb1515338c075e4566e5a4862e68cec526012120ab1269a36c1f2855a |
| SHA512 | 986ed64fa359668606a5e6b7528d9244cd0093097a8f8b701a8108de20d7f7cb09befcbb5653cfe1a0c32813020b5646a278cab9e4d5de2f2e40dd2492037c3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 3f804d157a26dd03d76df2a02decc75f |
| SHA1 | fe87a29667f5de28e6661efbaf5e3f30e99cdfb5 |
| SHA256 | 5564821edc77f8be13f5654ba3b8b4cff93f90be1c492b35daee701798867f9d |
| SHA512 | 27ef9c9d22d539057a053dfeab70bc24a87b7d443869f3178b08173382f20c9b58b6c6708b4e9672e93576ac3291e929d69b3d5d0c30f3bd528d5f37dc2c431a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 574275e9b5b61b0d50cb3e8a42110623 |
| SHA1 | b4c33e271e68678e7b8c936c9f672822fc9e2f24 |
| SHA256 | b618c4cb608859ba57dea8d14dbac602ea60ffcc3cc40ac849efbaae90545027 |
| SHA512 | 4088917483b0a01741c874927c626f29f5857a947e9d79130c1c4da4b995450876903c292ffa14f56c69f25282844f79d486db531d5e21f0be00e3ae239ce625 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 36e46d20b58c2b055184cbf309358575 |
| SHA1 | 2d37c5747f8d417b88a55984b0947092ac0d4159 |
| SHA256 | 9f51c6948575ba22324f7b91fe5bbf2e36e03882652aa4dfead51be5a28497c9 |
| SHA512 | c283760a234e3d1b3b39a69e1695efc3a00dbc47f3344c4846124bc678461719ed1699a7208d86299f9672c31d7dcade3320649c03f7661dfb651ca596cb6e04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
| MD5 | ef9588ca82f853399e5968af99985e74 |
| SHA1 | 80d9df4f75c3e789ddf10584d9ff9de2b6154cb0 |
| SHA256 | 9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5 |
| SHA512 | a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 507bb3a6e827b7ab83e2afad1f8f8e9b |
| SHA1 | a6198df196fe96295492e5f18aafc62f217af0ac |
| SHA256 | 2dd438417b9069be69d6f14ba21ed7027b4694d7f27f527f2856cb6ba9bf3f66 |
| SHA512 | fb5c59593bf5cab5ef613c837d0ec305987f2d9d9fb6169e4e77620ec3478203276441f7340bfb990a73e73a4850ccbc270f24d82af620216175376b9e2142cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 6715f2821e0d51ff6a0e6a7e067571f1 |
| SHA1 | 7ae242b6080ad220e06d55aedd3e402072597c22 |
| SHA256 | 5e183f5a77de51faec0a005f360eb4698963bf89b4d7983dccb6ab2f1e38b49b |
| SHA512 | d776942d5d6e0672b86d9290a8b69d90c0028965a155f8f7d52aa4bf2eeae00909fecc7a3aa59751d55108ca82bd203526318ae4386b0686e6efc7c09762b3fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358967004438857
| MD5 | 2c959d14283c7a477a277c5cff3a1661 |
| SHA1 | a5c31114d8f5c12877e40c56074e39327f10b17c |
| SHA256 | 1fe9b80e9689889174c94354cd2bbace54e0499fca835ef0633a44c82ca8327a |
| SHA512 | 0d50b59705d3850f999a795f38f70457c73bee1d2179cc7534b18841937229628a3792533d6877eea5141414754e4d195c081029e898315b39fb4909a09ebe17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | a76dc67e83ab97350e37e2ec9db7f74b |
| SHA1 | 15e8b50df1b5fddb77238725608b1d75a906d858 |
| SHA256 | 3588f318274b84a99ec45ce382f8346c4e8080e808155a6b9eb6e294503c2a7e |
| SHA512 | c06f8b6190ed73410e24ba45f5c5e0b472ee3de8321fd45b0471b4d8b46caeb7edd01fd956cd3b8281a9ef30a3e1b7f59b027a6b20c9da2208ebaf690552bf11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db
| MD5 | 9a8e0fb6cf4941534771c38bb54a76be |
| SHA1 | 92d45ac2cc921f6733e68b454dc171426ec43c1c |
| SHA256 | 9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be |
| SHA512 | 12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
| MD5 | 2b432fef211c69c745aca86de4f8e4ab |
| SHA1 | 4b92da8d4c0188cf2409500adcd2200444a82fcc |
| SHA256 | 42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de |
| SHA512 | 948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | 2393f098de0356e6ac544b11817379ec |
| SHA1 | e82e67ec92e137e1631a17c4fad01cb68204bd40 |
| SHA256 | f2548ce90ac231f57b8c7cc9db17fad30c9d1bd040718d164d9202486d77330e |
| SHA512 | e5d32907ef8843bdd69b9c2f5c5cf456b059d03bb03eabeec6ed5e97915771492dfd321a3dacde1838efe44b11e66bba10e251d7ad4b95864ffa6b6d8546fe13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002
| MD5 | 22bf0e81636b1b45051b138f48b3d148 |
| SHA1 | 56755d203579ab356e5620ce7e85519ad69d614a |
| SHA256 | e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97 |
| SHA512 | a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db
| MD5 | d926f072b41774f50da6b28384e0fed1 |
| SHA1 | 237dfa5fa72af61f8c38a1e46618a4de59bd6f10 |
| SHA256 | 4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249 |
| SHA512 | a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
| MD5 | 8be985ece811ba0a3f10087f5f4e6fd4 |
| SHA1 | c87c84d4fe182ffb8362f3cabd33349af94e9b55 |
| SHA256 | da78d36c765d3248b1a72ead5f83b7a58cba7d361f17a6831332ee994cee939a |
| SHA512 | 901932baea8712e89188cfce00a6b2388ba38697bcbfeebcf8b83b88b0cb26c7323b098ba6983c312ded1041f6e297412010113a32e99a9350aa4492ca40efa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
| MD5 | bfe844056f5c0fc13047f4aba04e98e6 |
| SHA1 | a371870ba004c28e8a95b1af819a50d5397392dc |
| SHA256 | c7b2649bf48e27ff329624a769fb87b3827f80b30903f5a494fb082acd2c7e1b |
| SHA512 | 7f340f88da730d11abe474ddb17d0c932cdc78a852cf621ab2b01b7726a12bacdb1d87773ac262ca889a5d8918f89441a74d736c1cb60d5d5c1b16d0756906c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor-journal
| MD5 | cdc370f353507392c40e99de9076f778 |
| SHA1 | 81961fc9e638d1f00fc7173b78845e9548c392e6 |
| SHA256 | f7f3efc41ebaf93d3c2bda90502828354fa4b39ffdc8a4ba0c12443838750165 |
| SHA512 | ab31899875db340f2ae02f2ef07b7407af78b8678088ebe475c72837f01bc61b7026a4d228b085336ab20e82a3d0381ac0e95ef06ba31bd4609a2e880b86185d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 77db1abbf557c80eb58d4d9b69901c29 |
| SHA1 | 46a824a0839cada44b42c80bee66a1a2c5266e02 |
| SHA256 | 3a45226cd5048139c7ff050ab28d292146b4a4a4ef8730110e7d5c392b6670ce |
| SHA512 | 3f3beaa96733346e4ec4a5ebf1d3f81a7b0a54854c4973bc5052efc6e9cebd748a03622c6aa4a1f6e00606ae5a72bc809ced7a5304c64379e7cdc6f5f5ee8f17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 971dd31b30fce01333add9c9630b5002 |
| SHA1 | c35f925ed9e2588ee6daed15c8f8a8c51c4275a5 |
| SHA256 | 686bd93aec2808c9a99f5eda5fc2c48733e445c979c041b500ccbede2e7b50a1 |
| SHA512 | e9a5e1a77d0ec9e491cfa37d37bb2333ca856f8235a445771f89d00c3899598dc1ccef737e29bda25b2c7e782c866c3ad637aaf83f54092ad04f078ba3311482 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 197ec11fc30191960dc9f2695a22b045 |
| SHA1 | e6f61dbb6d8237a36333faa10c513ed8b41ab52a |
| SHA256 | cd995ec3c09a1f8dd19871bdaf7037d934f9f16e3d488a65be964540a5dc2b47 |
| SHA512 | 1fdec503b251b5e1b208e71b75ee748740bb1fcfd4c4943fdf7e51a6a49cc3bbb3bc80b130d13ca28dea79d8f3e8ad249a3f08f469cc20c103cbe8ba49e12753 |