Analysis
-
max time kernel
142s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 20:49
Behavioral task
behavioral1
Sample
3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe
Resource
win7-20240221-en
General
-
Target
3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe
-
Size
202KB
-
MD5
e5a3336be63954b960b82ae4e52015f3
-
SHA1
21cfcc09a4ad840adb58ab4a49ceea94a4bb9e8f
-
SHA256
3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a
-
SHA512
b17c36ce4f6a89fe0f87ee6ce96ed6f15021d4778ce4df2c244a4577ae73505e7bfb80658d68386f90207d5a52bad5b406ebd2cda1fd759928069c2f51341eb4
-
SSDEEP
3072:fzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIWdbfp4ZaXfhRAG6KZnpGiLLj:fLV6Bta6dtJmakIM5NfZXjZZn3L
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1516 msedge.exe 1516 msedge.exe 4080 msedge.exe 4080 msedge.exe 2100 identity_helper.exe 2100 identity_helper.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe 4080 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exemsedge.exedescription pid process target process PID 2964 wrote to memory of 4080 2964 3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe msedge.exe PID 2964 wrote to memory of 4080 2964 3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe msedge.exe PID 4080 wrote to memory of 2196 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 2196 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1348 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1516 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 1516 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe PID 4080 wrote to memory of 4692 4080 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe"C:\Users\Admin\AppData\Local\Temp\3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a17346f8,0x7ff9a1734708,0x7ff9a17347183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15198853721397942991,10030104031478048502,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3e27800d32e78f36e778fe2100f7a3bab1d07d18ed63a73d10db31abf4dcb92a.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a17346f8,0x7ff9a1734708,0x7ff9a17347183⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
264B
MD561854dd7c1814122fbe6409f2c16abed
SHA16c17e5830cc6ac1ac0ecd82cf5f3aa4c0d894e25
SHA256c24716a464933c1bab3a630876ef0a4cc15e1353409db1065b2257f99ee81444
SHA51240ff2b49ca93bb11e117be60366aac37624ca7fe762e12d0448e8aee572601c427d5d6775a635e8d1ceb794c14f95e131f0cf95a11872d56afad04765530988a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
437B
MD505592d6b429a6209d372dba7629ce97c
SHA1b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA2563aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d3b0d1c612989a002eefd7ad449233fe
SHA11aa251d744c2397f55f6419d6dd32093fccae978
SHA25610db304df68c148e2790db1a52812d4d1bd596147b8e9da4d7370669fb131120
SHA51279307e267a36b4ac9632efe6f9c88e5d8ad0b964f3d1572ce377a9f383e4381c238307bcacd5a0f8021b645a215889c3349543618eb4d9f7e1033eaad203289d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD56085836dc1431f663d13db28d607b145
SHA13b1c9c2f8e43e76d69b63f4017bd68725f6c028e
SHA2563ff6c8e2e590b505dee72130c66e957c53e042a86bf4475b477ac136d7297e2e
SHA512e56e3fedeaabdce442f4deddfbd7481dea50e98689897b139350b08c7af6147ea7f59bd514f41ca7e33ca22cfb437a2c8c50ad8f0362b08c12c13b9b2a95ac39
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d9eb18e304d271dfcc912a74d7d4b375
SHA15554448e82a90977d80fec0ce5fef32d282341c2
SHA256c49b1e239f52a9ad05591c0e9bb25198a838207aa78078c5e86a0ab270beafde
SHA512905e810576c645c74432e446aebca174a0c05acfa2c83a2e4a648c6f64e246414eb7eb4f4987dfb849771b267f7e89911a6b02f1b335fe9c48e564973aeda586
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
369B
MD59503bdaef641d8bb6ccd66f8f757336e
SHA1c7c230bded39464dd5ce8beb3063d7685dac5f68
SHA2560eeeaed4d4e7fbcd28314df8c7a50dd8aaa06c0314151cfdb8c9cdf2e3722db7
SHA5121ce98f0a996d38742cf707bafe5d26ac1dc76dacce0420afcba01d2271354b3420c91282bc36897ee9d3bbd3d58c40ab9edf617f6da3db8a6c669d9a7a149e69
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a1ed.TMPFilesize
369B
MD5f47ff2afcb5f0d52d86f0399eb50648f
SHA120f74f52c94adae9cdb848fefcc2b4b28351ff00
SHA2560ab63f41516a7fc8fdc78f7cf93d215eba8caea9a7b3d5abe3af8542ebb5128c
SHA512f01455e7a455c1d625184c5be7a868229cee7a4b0f65d34cdb8d3fe18b2cf6d1d7044975661fdb27184fa9f99b3abbed711f563f15ddac39e3a0fa313643f345
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD55650ff499ec7d5b6305cb8a04b9b6200
SHA1f579ec9606828405cea659e00630038875758c13
SHA256cc97e833d25b626f6316b67fd1eafd6bc1af3d05dfd7f5c4a81d13714c6a5607
SHA512f45bfbd9020799618ba0c76d2f26f335b80bc9b0902955d342d8353be9b7363efd8d9e7ae5eceeaf992933bc4c2c89636d5c9c90d7ec2c07ea1699515f2d319f
-
\??\pipe\LOCAL\crashpad_4080_WMROOLNXZJEQIJAXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e