Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
15-05-2024 19:36
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://bitly.cx/AXk
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://bitly.cx/AXk
Resource
win11-20240426-en
General
-
Target
https://bitly.cx/AXk
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{DF11299D-0C32-450D-88FA-6F74A777D551} msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exepid process 1376 msedge.exe 1376 msedge.exe 3152 msedge.exe 3152 msedge.exe 924 identity_helper.exe 924 identity_helper.exe 3016 msedge.exe 3016 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 1388 msedge.exe 2100 msedge.exe 2100 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
Processes:
msedge.exepid process 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe 3152 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3152 wrote to memory of 1720 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1720 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 4844 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1376 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1376 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe PID 3152 wrote to memory of 1504 3152 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bitly.cx/AXk1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe782b3cb8,0x7ffe782b3cc8,0x7ffe782b3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4848 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3448 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5676 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1056 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5046d49efac191159051a8b2dea884f79
SHA1d0cf8dc3bc6a23bf2395940cefcaad1565234a3a
SHA25600dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7
SHA51246961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD534d22039bc7833a3a27231b8eb834f70
SHA179c4290a2894b0e973d3c4b297fad74ef45607bb
SHA256402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6
SHA512c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
480B
MD55e9d17421907619a0dacc3ab741494ea
SHA164caa4bf4c8438fc694adb264fd942528ae2fb3a
SHA256f8228b879bdc7aae7ae485290b0c929305d04b19e4014bf736694fe52a047aed
SHA512bc068346d44f6e10aca23e2d2e7190c59056f2f26d6d83f54d4b049b852023b5d8fcc36afe6dae04ee02191e476fdffb2b6f5252b7d5e72acfdae07e9f26b28c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD54fc7ee87b9bb5720394fad999c355adc
SHA157ca87866b0d66121920febbe8615850e91a1473
SHA2562e188b67e91d7b65aae1f6838a0821c22ac53130fe484eb93366e703935a2b71
SHA51241458af0af0dc8c8428c3a03c5bac4e57f78224b604086a976b3c22c1294b1fba6e57f573510deb85e6dd2e0107eb00d56df19ab868d7d7115f99bc48928312b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5986109f2acc5fb5e80001b30a666ae1c
SHA197042088b505fedb024341833fae0f88508e9daa
SHA256a1c3ad0884b933d25639fb2cbcc8151174f41b05a8cb2656659f84d7cea75a9f
SHA5121b24cca062d7f8345e6e1863878f18d13ed452cf8ae896edc8bde514648250dd3acaded37fa1f01d0613127465666f88b1c3ce60b325a3699e8a38005ee6c4f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f3651b1cf3a4577a6732599f7f3028ba
SHA1e3d68c9d3dbf1e935d195d4604391e8933c898e2
SHA25641e8cde6c95ccc4a6eea6aa65dba79bef5bb0948e34d9543a3973706361eb5dc
SHA512b56f5f3da749e7f3e91e0a0f8ed4a94837e6d389820420ae1c1ca083e0536e6cd6d83bea70c28cbdedbae6a4326abe150b5f2826f0c67fb104a7c57183992580
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD54ad0111f7b34cb345c4ae8bade5ee5d6
SHA15f1dec6063c30815b676e684d792d755a674e4c6
SHA256cd04140f35e5262c58ac9e08284eb782218fadeb99eeeae53be3f82385462bec
SHA512881c7adbfb6f7716622e995769bfa4ab80760f49bd56629cb2e742a90fb12e951aae3522da1574958835ab35b41166ab78c0cb8adebf59c5d7dd42870b24070a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5a8224be12cd529202cbb665889482661
SHA1d3f3e375d410251ef10b3ba1945944b5f7163078
SHA256835356dd2090ed326836918155ef534189aa8000465b03a201977ae0a6d8240e
SHA51206159064e8abbc6f112bd6b81fe1c52cafba7709f3d6dff0703fba66b6de3785b4416743977e2eef88b124b713bc1f7d2c4eccd6a7b058212ad87a0f51a026c5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599522.TMPFilesize
707B
MD5da67da109bdcd8d2f6cb4a25cff4eccd
SHA140db44c86826930f6745bdb341695ea98aa780e4
SHA256479b3dab9ad6eec2bc41571eda874ea3c02a5c08db995a69d2aba74c5877bca9
SHA5120248b86596dac3e8734b296beab90750fd17ff69b437a339358319d9616a2562a79b209cf4be5a220efe2fd34d8650dcfa14997764d216fff36f3b2a8b4d979d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD58540f9ad5079d69f77be50b44dbd1ab8
SHA19ed50f83ee2776647222c234f0511e4f7ecde400
SHA2560bcb1b90c1a6d062ab49360017f280338e1b691cb701247868cdb2421c90f783
SHA5128af2e10a1ba038c7eee30696813f687b58a940a77afb6b234ea6b41ee45a2ff380f9484ddf16afe640a420467ba34e7ce4880819beca0abb5196797ade46b4bd
-
\??\pipe\LOCAL\crashpad_3152_DZWCJCLYDAXDCOFUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e