Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 23:26
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://nmpsconsumeraccess.org
Resource
win10v2004-20240426-en
General
-
Target
http://nmpsconsumeraccess.org
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4436 msedge.exe 4436 msedge.exe 4700 msedge.exe 4700 msedge.exe 1964 identity_helper.exe 1964 identity_helper.exe 5284 msedge.exe 5284 msedge.exe 5284 msedge.exe 5284 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe 4700 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4700 wrote to memory of 4664 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 4664 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 2232 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 4436 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 4436 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe PID 4700 wrote to memory of 1160 4700 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://nmpsconsumeraccess.org1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda88e46f8,0x7ffda88e4708,0x7ffda88e47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6348 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8924662619742711079,14783548805595431190,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1320 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x48c 0x4941⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003Filesize
72KB
MD52752d8bd58314a524de49bdae7a2a5c6
SHA1b85b16df301d05a627b6f8982f3145f3c6d17cf6
SHA256bc5f0b6fc162c75b4e85306946bf8142752227f743a294a1ae65c5322c0f662d
SHA512fca29224b4fc0d7de067bfe2f329edc0df7e737ea71f244d9f0b1ffe4c6b56d40f562a732256542eb0f16cd36fe55022ef0e31badb1eb97584fb5af463348af4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019Filesize
206KB
MD5f998b8f6765b4c57936ada0bb2eb4a5a
SHA113fb29dc0968838653b8414a125c124023c001df
SHA256374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028Filesize
32KB
MD5f48baec69cc4dc0852d118259eff2d56
SHA1e64c6e4423421da5b35700154810cb67160bc32b
SHA256463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c
SHA51206fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5cce95b4ca9f3b7e33ec84a34f781edc3
SHA1d962ee09cd25ec15041fb6485c45a7128ed3d4b0
SHA2560eeaf5d6f98b2f1f0a1cbb4b3155e10e43e9ae130ed1e53ec92eade615fbee1a
SHA5122648ecbafddb411ef34bf415226e4a3a5408cbf33751b8f1267f1c7595e3c893723302d339bb77924f250593319aa31a09ee93574cdab38c8853a89f3edd2ac0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
5KB
MD5ab7b611987ea2f64dc736174f58ac43e
SHA1275913f5acd3c4a942df312c7dcc7380ef22d133
SHA25657d41dd6d17d6c5ae341ef852f94c62b1f8259422bb57c8bd507c8cbe08c4ab5
SHA512db869ee7d60e36cc512b619f67512aa036b32ac67b158ef30beee0983aa8b5dbc11d1a4c027b289a2821b7a1ddc3c3fe203b210a9741d48c19525ae6e6cff94f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5fdd9e746111c27a828d73c060ea89538
SHA165d8395c5f1a52b4f9f51287f6590cc99fd59c42
SHA2563f93d344ac3e83ab304070ab73029566deee8adb949768c5bc79774c19cdc327
SHA51231cddfead2006d2a07e3305b6c5bc11a9e281cc4e177b7fa2e034bf2e435a9c47ecdba14a96b9953a95c8b1e5b89f5a5b1676b9ba06c2c0c39f17dc53ae2cdb2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD569c9026d895235bfc9c448a7e18ead76
SHA182e4768850411bb7a02ebe9d15555f8eecacfcba
SHA256572582b11fb378e27a60f94ad9573fabcbb12b2dfb37c6d8a81da6c22a8adcab
SHA5123f16913aeff7749b575e4908c4761339a556fd8ecfb72d275e59c7307205360e51199d5e723401394fb930c4e335498f5c59a587713876a1294096ba0bd284cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD52c29058d2eaeb8075b7217ad9d08da3f
SHA14c1ec193dcd08d6f7a225021e6da87a7c2f0017a
SHA2561461adaaabdfb452b66535da5c69d6cfa398aff59d870a7775375afd7907f62f
SHA5127920893a5591181512ed9e5a8a7d3db7f55604d49ed2a633df4d112b05a48d75a89ed00213cc14535640272ca10303a9d73b9c077f0cd5dcd14ff2ab7260057a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59d9dad0571f0321dfdd5ae3257aa33eb
SHA1d99ce3c6118d19d991fc08604d155b44de547406
SHA2566a457b043990ded9d0480a0dfab5a96b0366d7ba45c45ef4155c7d066d9b47c6
SHA512502ca9484f297583c0f35b39fde23ace269918359e9b673b42de516ffca0d74598d238a389c44d2134e419bbb7f75f73a989339c38aa14c8098e50bb6e68ff47
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5930917da9d4db2ed69291cc61683745a
SHA15d4432a5195b246e493fd1a9b9056f9c1405974a
SHA25631f25d79f63e7c292ccc5a182bb45fcd964f53ff596d5672785b26378e07d97f
SHA512eb0ec679d2272dc54a77ec0daffae93a4603001e53aeb23031550972e50cad6b5b4b470395dfe59a0fe9da9068b1734903e332a35d3c40e1082df60c91f29ea1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5203b9e523c16e9144ac06b143691b121
SHA1f9de3177cf69640e6d0f1b7ed666bdf5e53a6917
SHA256876edf6155a073cae25a0b56dca610afba4a95ec1d81e818a924488644c7bd6f
SHA512122768a1b5aed535b2c650ff7e2a7d3f66ca284cebdae588757906f51be734ae369e4e30d9c35a3e1e041c4fd3017d1bcb7a15f3dc692ea5636ba7a98127d8e9
-
\??\pipe\LOCAL\crashpad_4700_XKIAELSTAASJOZSGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e