Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 17:49
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 52 https://3.swiper.com.cn/demo/02-responsive.html -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3312 msedge.exe 3312 msedge.exe 5032 msedge.exe 5032 msedge.exe 2716 identity_helper.exe 2716 identity_helper.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe 5052 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
Processes:
msedge.exepid process 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exepid process 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe 5032 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 5032 wrote to memory of 5080 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 5080 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 2680 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3312 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3312 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe PID 5032 wrote to memory of 3336 5032 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://p5.music.126.net/UFvPnLIfdYE_RFE_WO_JbA==/109951169560994308?/qz3t1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff091646f8,0x7fff09164708,0x7fff091647182⤵PID:5080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:2680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3312 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:3336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:2068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:12⤵PID:860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:12⤵PID:2356
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:82⤵PID:5100
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2716 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:1708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵PID:1384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵PID:2312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:12⤵PID:3372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:1684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:3316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:1720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6224 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5052
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4780
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2672
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007Filesize
863KB
MD58f1ba77d776583ebe52415eed0abf678
SHA11e63b5a473c784f999a9957c96b472d9847d6205
SHA256c8f040e02884df23e7c70598097098fa3374846c58777366fa4658733f721036
SHA5121ecead80c23ad4db4c8f9b7ad5c74c4e771b0c56145a061e732960fbd3abbf1bf5b9611fe7311466b596761563ff96ad44be4797388cd6af39b9e6d9c2cb92a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
144B
MD5e9fff40c15223c57f644e8a05161ba59
SHA130e7766dd3f2e1a939e31409235b34025e66d92b
SHA256aa451ef9c9d9c611226917ca9df14ac53ba28aea70f305a91e716681881841c2
SHA5126862344335af73bd91e686068eac9342dc864b8215af55c621e190a11d553d40e3a47626c4bfc42895bbaa294ca026a2ee807fc1258035317b7d632abc0bef8f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
144B
MD51e76dbbadf3b65a28a2ab9e2d00fa4c0
SHA149a76366e203eb1bb4e3d3d46d2989c7afd0b784
SHA25677043622545b16fb95ffe1015deaf27f3949cec20637994016c681d0a91b35f1
SHA512163477c0e587ea207acc3f3cb630a5d6f496a868c8ff9ee8fc04cc39d08cb013d316075a4bb33358c546f3b204ba32c183b84996b65b4def2d192aef6a4d4b8e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
416B
MD5c6dd7c1deecb0a386acc8b80036a7d7d
SHA1e2885d4f649f6e7b2603468b620925f90f89bdd1
SHA256c3a045fa66380ad09b009094a75e32afa912821d22129db847c0b9ea57f796fe
SHA5122f7f030858b8892c8e5599d116ea4f7f3f15afa63772384dc966b87b8be9600f2357be29e5d4ea95f238bdb95a1b4458fba92e97d99955d1b109e2a760af6553
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5cb3fbc6bbba928142dca6f9fb426fe0d
SHA1b0778a8c7c52fe1d0e6628f9549f30d6c222ffbe
SHA25629fc90610b653f607d896a2571b5955823e037033b0e15ac50bb600f489109c0
SHA5129dc518e8e2d50fdb35f64b33eacfbf2babab892c4a26ced4353788a2a236152f094cb38e1c597cee5cf21fef1dae22b5e1b5d8f7366829c6395bd082e8525436
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD572723b73c1f673fab9679eb7e6097240
SHA1f369be6b1bffd91fcc035d250a7d127995db89b8
SHA256024c9d43752ecd8424cfee9997e6dcdccd661433304bbe6e8bf94fcf2c5a3f84
SHA5123eb2a8bef3ded082667a0eade8ced73e242bc95e3883ad3fbc097eabf88ded798c1bd7c717df54f262af2741eb08f69db77be83b65138dde3623888dd7b7eda9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5ebef79673795e75c2d4ad90635a6eaf5
SHA1ad3c00e760f68218f6008b1db12206bc7f6cb56a
SHA2567d88eee1142d7c8445423ba11725faa3b76e9ccd1b31201664de22116d0601b5
SHA51286da8329552ba224aa8f46ea381fe4951c63e753fb84a83f8b027cfce2dd0e20911da61cda6c9bbda69048dd51c857b6844a571ab055c2995e581f7de5fe7a52
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
38KB
MD52dbd26410e6abb88bce313f5bf61f29d
SHA1fb1e901b92aa6f07925c73b2fe41e4bf1166d012
SHA2560f0d7f5a89c521c24d2ff565fccea46efba929ec7b755509d007750a96b9a47e
SHA512bd9f0de445714433c243c37558a7b8641a9dc34e6a5eaf47773501573f877bd1d6d4216e3bdeeb0f646934774bc4df781b20102d24c13db1a694751a0afac668
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5cbe6afeb47d531465e5ebb29563cfc1e
SHA154b459ffe870fc1ba4347777922088855a4cbec3
SHA256f5121e6b00901402478819601f2cbbebac5d35b0588861427787b7a17fde469b
SHA512230392337464fc4d7c58f6d4b73b48412cbfa5e53fdb916b88fe4bf91db785b2545c4b5e9ea749977ddf757a98fbbb81dd6b59f8a6d15e4fcb48623f20025678
-
\??\pipe\LOCAL\crashpad_5032_NDSULQIJKYVJPNRIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e