Analysis
-
max time kernel
137s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2024 01:33
Behavioral task
behavioral1
Sample
5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe
Resource
win7-20231129-en
General
-
Target
5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe
-
Size
151KB
-
MD5
8c3e3f803b9d4ad07e2aedb1e9c49562
-
SHA1
f69709942f3a9c5dee2e3a6701e08c4dec188f8d
-
SHA256
5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4
-
SHA512
b46b1bd1197984cfe21a0bfcfd75fabb4f0d854fe72ba0479e0e31da8efd54fab24b868133d7e275da9ea1c4ffd239a3e779e11753c32fe32445632d5d789026
-
SSDEEP
3072:x+q669TOtPbQPkJqoD21d92gGb4du5A/n7Eyd:xvTOtPcPkJqoDCDGb4dP/nQ
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3044 msedge.exe 3044 msedge.exe 2532 msedge.exe 2532 msedge.exe 1600 identity_helper.exe 1600 identity_helper.exe 5484 msedge.exe 5484 msedge.exe 5484 msedge.exe 5484 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe 2532 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exemsedge.exedescription pid process target process PID 1908 wrote to memory of 2532 1908 5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe msedge.exe PID 1908 wrote to memory of 2532 1908 5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe msedge.exe PID 2532 wrote to memory of 3948 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3948 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 2852 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3044 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3044 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe PID 2532 wrote to memory of 3272 2532 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe"C:\Users\Admin\AppData\Local\Temp\5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff8b91a46f8,0x7ff8b91a4708,0x7ff8b91a47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17345583905826866290,1530502351614636596,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5527700a8b3171f96401f05b1ed26d5bdd8a648cae3e85ef4b51a6e0deaad1b4.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8b91a46f8,0x7ff8b91a4708,0x7ff8b91a47183⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\95f942eb-a9d0-4ba7-83d6-5beb9ce11cce.tmpFilesize
11KB
MD5d2856a6326f29b9d21bbca7b255104e6
SHA1bad9aef86577a96e0bf7460fcba0c863ab76e9a2
SHA256e96316697f04077f7e0b2b9a3b7a9e6eb132c11e29fc60618161585592c9fb59
SHA5123bbe846bf6224d3b8b9ec5edfa73c4f7d8f2398ff1943bc1ef00120d7973e44171b9d7b0f7ff236ac221126c3f468cb5ff6e40bd0da201dddc58e5665d153b07
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
264B
MD519faa62594ffae211b75857c5963e6e9
SHA17a35ed7fbe2f9aed5be9aa8fbff270a391103774
SHA256bca0a58dd8c9c383795b0437c96a39c5dff6e119a71f33d223ff1474211c7654
SHA512418df0f1cc487efdaafba936c5271d3a27a8ced9e59b0ee0c31ee6e1cef07f75017110de16727387d8859275b2eeabc211ccb95aa435331610f74736b438fb8b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
437B
MD505592d6b429a6209d372dba7629ce97c
SHA1b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA2563aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d3166b16a7393df591538cfc1cd95589
SHA1c0ee1150998caa11d709ec70796e36cd055ad5e9
SHA256202c56acc685c2618a626c5a875ffbc3fc07d0e69bd4ea7d94c969758e0ff6ee
SHA5127497206a852b3c1d2adbc5ae16f95e25ba9ff4b695ebad460ffd019540faeaacf1e399bffac506cf735a1fea6eedd52844cc047bdadeeb3cf68f6ea462d159e4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD59663b4312fb706d85be2b576cd03b350
SHA1df9d6d37e1cb221c4ee27085218502734cdf5e0b
SHA256a5dcaf880e2dc1dcbe492730701046321b2b863a9a4a5045606cf2e1de236bea
SHA512351c257136931a786b926f8002b9047d0b31de2ab7a003e1c2d3947c156fa54fe5b1a43644817e7dc66254a440a76f648e5fdd833d58b369364d80c58109db6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b703845ef3c2aafe7421a5c61c7c41ca
SHA1c4af22e027a4fc4c64892a20a7ef1cd0245bc6bb
SHA2569c1c595829fb214127aaf07d70f7d901653e6ce74aa16c3fbc788caf5bfd4f66
SHA51281654b170c70cd6d799b07fa7c14afd24bf07689a6e0edcc4090bd3150aebc2144cf4fa90e65ffa7b70f13447b3920a5a229b2461f37eaf7194828ca3c56918c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
371B
MD5a4d57632f2ca5193eb739057b023f23d
SHA16fc7f6d587a45af3b5ee67c0c32f14528229d374
SHA256b754426ff94753d35f251e78cacbe6f8f848e076e643ad43a3064f321c7f3a8b
SHA512dc83f17a3992b14c28033b6b5dd6305006782a066c68c924b4c8bf2e04596de24ae104e83814aeb8810e750f54dc8f0f08d4bf20463eff71b9d06c995aeaf7cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
371B
MD52172b13aee9b92402344551ef19337bb
SHA1851491ecce5a792ae8964224dfc443c7c6618888
SHA2560602537133c1524f5bfe564ab1b590b7ff1975c53e179f098aef539fd2a7afe8
SHA512a94e49c1b2de6d4b8b765c51102a68ace6291f53817eab09b6d69b2527a23ec5b60791d76ab6e20d09bab3e937abe8826618ba8c3886f57e3bb3da35f48ea6f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
\??\pipe\LOCAL\crashpad_2532_DXJRPZCAQSASXMDBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e