Analysis
-
max time kernel
40s -
max time network
41s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 18:20
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 2368 msedge.exe 2368 msedge.exe 2676 msedge.exe 2676 msedge.exe 3576 identity_helper.exe 3576 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
Processes:
msedge.exepid process 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2676 wrote to memory of 2672 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 2672 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 1636 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 2368 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 2368 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe PID 2676 wrote to memory of 3032 2676 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ak.us22.list-manage.com/track/click?u=6a260763f286cc8c2ca551256&id=bad8d2223e&e=ddd287cb3d/#/?/aHVtYW4ucmVzQHRkY2ouc3RhdGUudHgudXM=1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceba246f8,0x7ffceba24708,0x7ffceba247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2104703363637843573,4433225850572895321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD5b186c1f7e1ac3405040b2bd007b82076
SHA1f9026ba4bb510b6fc689c5af1597459bf11cf1a8
SHA2564e8dff959cfc4c76b158b6c5a8bd8c64be94bf1210574ef349bb21d5d012d5bd
SHA512b5ebf8de22426f731ac1025804f98339a124854591e45b548dc5d0a235ecc070362125f8a7f64351e418b3933c136da749e5cb0c59de49174e80fe3fab2a9b76
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5a223cbc40cf46e0236e47d5028d01943
SHA13b9060fa4662147bdf78d5911f1dd50a3fb76574
SHA256787df52747139f72d88af24fd65d3b4a2fbc10eff4d01bd7e1d631a602b36c0e
SHA512d7fef6442120996c48dc7c232391751c493ee7e6594f0d0020a510fdcf50dba9405c7536276a5a41c5fb54e0752311a67f9ee45a34facbbad6369a07d66ff21f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5abbf5a2cc5b197f5be1f3502aa596d66
SHA1c2f4461867fdd805031712de8a9eb734bb62221a
SHA256481d5458579ce2ee80ebbb0545828916c69fc9b775b3fd2acbe41c56ccefc373
SHA512d78e01aa8a24683ec9a393376eece5b099d4c5f110b360f42060b8e8f42769c186c4f9b8ff39bdb23895aa4bba724b62a5d939771490df8a9efa6af8f60b8c67
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD54edb734a7164222c8a3efa230a0ef4e2
SHA1023fc33a1cf9465e1db0c987aa55313f443b01db
SHA256512456c8fc40917982f7035515c734b5b59b646905d9010e241a83b652b25c90
SHA5120a7b58aacf59d2b61dcc418850da6566054cade3401d8a6e66fb71031f480d617ff20a052228eaa389f9c35d1f773f9f5d4cb9d2222c8d78ef97f9211b2e1e81
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD50b29ed0d49bdbd415e3336573e1b3aca
SHA1496eb097ee828ab8862048bc3e05e3a679559595
SHA25626c8c2987f91bf7f24c3526daf9e8af21a1021c6f8019a689c538f3b223a097a
SHA512741a2ff2c44fbb6984f671283b22c2d94ed564f3d5ca17db264674a48b14e27a45c88e8019b968ca185d497e29cd753692a182ba404569f3e6c6fdd0761df9e7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5787be.TMPFilesize
874B
MD5f5f41ad588823c5d69a61ca8b827fee4
SHA1cd5c67ba946cd0138ad9fb6a59f7817af440fe66
SHA2565da632c4a2e2713b1dc22f1655eae73aa017925c9ba2ae4c38428eeb881b5c6d
SHA512df1b901882c54e465a44a43c724541ab4c0d31092c0da3e4451583eae0363b6791ce0eef11f732a314788d4cb25c61c2b50e1a5ee00bead2541d8751ba1f661b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5fca3bf0da48811ea4823fb09b325ad84
SHA1f6b50e4667434978770d7726fc21d10103622579
SHA25676971554fe0616eff1dafdc5aad0074f40ade839686c90125ca55d0e5fe9afa8
SHA5120decf2a97d6265db10447d14f912ec30524e28ec46514777a6a4d759ece464be76434a68ed71061c53aea5ce9de1d3cb157ec43c185501cb2fb9c24b9a97b698
-
\??\pipe\LOCAL\crashpad_2676_NMZJBYYUPCTHKNLDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e