Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 02:19
Behavioral task
behavioral1
Sample
631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe
Resource
win7-20240508-en
General
-
Target
631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe
-
Size
300KB
-
MD5
4990d5be4b737ada6ac3b70ac9579054
-
SHA1
1790ca8f04ff2cb3ee92c6a1d29855b30343511f
-
SHA256
631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525
-
SHA512
22d99a81e8ded9923101864b715eea3cd99a81a1ef19647eda18de711eb5e4add61d6fadba2a36887af6802ba75d0fd8ce26a92fa59de73d30b615e9e7469703
-
SSDEEP
6144:vmhwqSIB8yXHtcoFa7XcM4qa3IB0H1V2xiYq42FrcsqGJlmYb:vC6IBFteXJ0/EAL2GJ
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3876 msedge.exe 3876 msedge.exe 5148 msedge.exe 5148 msedge.exe 2012 identity_helper.exe 2012 identity_helper.exe 5096 msedge.exe 5096 msedge.exe 5096 msedge.exe 5096 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe 5148 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exemsedge.exedescription pid process target process PID 4748 wrote to memory of 5148 4748 631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe msedge.exe PID 4748 wrote to memory of 5148 4748 631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe msedge.exe PID 5148 wrote to memory of 5460 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5460 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 5608 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 3876 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 3876 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe PID 5148 wrote to memory of 6000 5148 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe"C:\Users\Admin\AppData\Local\Temp\631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad38946f8,0x7ffad3894708,0x7ffad38947183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,694034402991311188,12736547955114208055,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=631ba21d543678ab025037ad8f53cfb354f097c6bf580019be33a3364019c525.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad38946f8,0x7ffad3894708,0x7ffad38947183⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
264B
MD56c7fa2ff97105e45d921804eb52aeebd
SHA17a46e781ddb336d800ea59bd992c087658672fbb
SHA2567022d7b62da65ae892c8b511236d968d3ff818c078d2e609cadf9b15e8c6ff0a
SHA512ffe09a99b6d8fa06f9b497860a45993cb88c18b29f6a9472384b66b5bc182342b6409d5443c89b49f7020028fa4368ae076d9c9ed413029ea58a2844d4346b78
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
437B
MD505592d6b429a6209d372dba7629ce97c
SHA1b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA2563aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD59825cbfff3cecceab09d7aefce7d88ca
SHA160f3cbe215ddf4ff7649c5f0aa4d9b11e8eb7150
SHA2563d6ef6d44ed19db04a3c148462e068689611e391884ba7448d5d082d2f726561
SHA512b99553307265d2bf0184287630e4943808bb4fb5f10916ee4dda55420ffd48015e67913a741dd93a849a879c167d09be0c59b8887c8184b198cb235df9d87197
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52af48689f4211d78cd6cd5399db29850
SHA1f859877eb940fb5f4b299b1b57d8efa41094f8cc
SHA2565477b053396d603032ea9fb2392e85bad79e247e7e201104b4a828ffe0ae7b9e
SHA512990dff01288e2b1418180694b31dec0fc6667b1b2d16b09267ac9bbabeec5871be5be3d7fece9dc14721581e4181f002010e2fec3c683483a8f5453ae69a11d0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5cf30a6796c4226615b5dfe5d3e406a05
SHA172c054b3e243327a8760dc5143062a9297f2b491
SHA256a048c5c948c4ba53a5ca790e1febd0d01af4702e4efee535e7731635c9418494
SHA5120c894d14ca07fac5bf7dc9b8a23a08198775cf599952bf5c2370944f15eebc14403db2d7d6121eaaf520ea103c49378b2f6e16848a89c88107410a893d27b998
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
367B
MD5bbdcd44cdd89e612f1419cc641180518
SHA13dc4cdfb8f6c0788081f90ce0ddee4d3a3987c2b
SHA256f16faed05ebf6b032367f3b411ac683af897648cc60e1d71f3c5df450f8b25a2
SHA5127b118373c6ed2d2f2ecb00f2c9a3167c7850d124da1384d3155f709fae0ab2019476964bb4ba7b4416b0c0e901587b96a501595278f4369be607700a035071ad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57aa59.TMPFilesize
371B
MD5483cfeba2ad6ee07c44a2ac225247060
SHA16d2ebfbdc0d9d2157514c807ab86dc82b91ad3a2
SHA25688fd3b3e234aa3f93e7d39cb992d284246fddb2545298670c52cf80d2f96383a
SHA512d4e4919fe0466905eb940f97e0d9191760114c8f7b38c63c521b2cef689844a8ecb26eab43bfbc7ae2176b7426448b17d00e9ef51dd6627fd43d73192f020372
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5a9773ea5bd979bf456aea7d3426324ef
SHA17347964621c3fd7c25eaa0d43a22e341fa5f07a9
SHA2568fbad08e7f30248e13006c254694a1a4a7f369f55d680b84d1f5738511e1c46c
SHA512bf98207476c9eea711e7902ae17dc70e894878207b02f5344842cacbc99cfb199816bff5261a215c0a4a18243cc58eef815fa1e66220747cc1c71ccf845daaa8
-
\??\pipe\LOCAL\crashpad_5148_YDTJFSFGEXVXOMKNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e