Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2024 07:45
Behavioral task
behavioral1
Sample
629ef96921c67d7102df6138b3085ff4dca0ae1796cc755752bd0ce876b36ac0.exe
Resource
win7-20240221-en
General
-
Target
629ef96921c67d7102df6138b3085ff4dca0ae1796cc755752bd0ce876b36ac0.exe
-
Size
5.9MB
-
MD5
7e53c0fe2ceecaef94bd317c526d3f09
-
SHA1
70fee9a15a7507e6cb723424258755426afe3247
-
SHA256
629ef96921c67d7102df6138b3085ff4dca0ae1796cc755752bd0ce876b36ac0
-
SHA512
fab95cf71276fd9f08db1ed5542bff2bb073655a1d785ddefa36cd87a32ac2ac71974a7c26bd24dda0897c52caeccc93dcd29e4883de223afa79b7b59d34bfaf
-
SSDEEP
12288:EKkAmLeYTYzVdduG802/z2KFWKkAmLeYTYzuvx:JZBdduG8fLZip
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2920 msedge.exe 2920 msedge.exe 2308 msedge.exe 2308 msedge.exe 4368 identity_helper.exe 4368 identity_helper.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe 2308 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
629ef96921c67d7102df6138b3085ff4dca0ae1796cc755752bd0ce876b36ac0.exemsedge.exedescription pid process target process PID 396 wrote to memory of 2308 396 629ef96921c67d7102df6138b3085ff4dca0ae1796cc755752bd0ce876b36ac0.exe msedge.exe PID 396 wrote to memory of 2308 396 629ef96921c67d7102df6138b3085ff4dca0ae1796cc755752bd0ce876b36ac0.exe msedge.exe PID 2308 wrote to memory of 728 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 728 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 1840 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 2920 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 2920 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe PID 2308 wrote to memory of 3816 2308 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\629ef96921c67d7102df6138b3085ff4dca0ae1796cc755752bd0ce876b36ac0.exe"C:\Users\Admin\AppData\Local\Temp\629ef96921c67d7102df6138b3085ff4dca0ae1796cc755752bd0ce876b36ac0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=629ef96921c67d7102df6138b3085ff4dca0ae1796cc755752bd0ce876b36ac0.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadaa446f8,0x7ffadaa44708,0x7ffadaa447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4775298638787392576,705772504347733495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=629ef96921c67d7102df6138b3085ff4dca0ae1796cc755752bd0ce876b36ac0.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadaa446f8,0x7ffadaa44708,0x7ffadaa447183⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
264B
MD524559bb656eb4ee5e6b7f976144a0775
SHA1c8e3b50fd925b72c837490b0f2bb8315d9f0a129
SHA25697d2ccb5e59071537376b5b0b52c37fc4077c0a64120b2d12e37296ed8f63f0c
SHA512ac936ddaec70bc22c3684805cce63a71cdbd6914040ab8c7ee7fb09a09c8b68606cd8330e6d8c25a4064cae5b89c3915992df81ab3b1bbf8816007f9d5274c06
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
437B
MD505592d6b429a6209d372dba7629ce97c
SHA1b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA2563aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d5e0841cffd1befe34f1f50f414f46df
SHA17b4e28c55ce07e39f3596e059ee5e8fe4c39e272
SHA256ac90cb114de6aec941cbd0f3e5499f4296c29034acdb8d7069339219d07dec0f
SHA51210fedfeaf6e0f3fdd6ce8b55b066dc7843fa0bf382fe9f0b6135632ce6925c1bae1d46f4184f4c0d63dc594cbffd70f077dff2c9e4efe8ae36b9dc4dbf899386
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD557a7f7a0bd09aa7f01efa18d60b2c619
SHA1ed49c6744097cc916056cf46add6d291edabe038
SHA25678c72c47a45b1e8ec6a942f3d3a69f5789b2bc702964eaa5dcce09ce3b8e6f2d
SHA512275d16b5dbace02639e39a068a04bcdc3538b4339245bee3c823bf68178f48c2c6522dd41778b0e473fd0c500f60ab7a2e0627150580896c6884c2902e9b1da5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c55ac84d1101ede0196a6c36efb03961
SHA107bf55756541bd6cefe2966a9734eea30b713e3e
SHA256af5ad9d12c61c09efd2f58c4a7ad4d2c39653a634cabcb38637284c308919aa3
SHA5125e166312aaeecf8a49810031f6ebae1cc912b69e287bcadefdee10d4a93d78fe897820a229efe9c9300f19de47bdcd369af96ac78b7ac5dd5a922c269ee5b727
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
371B
MD5b7ca96cf4204eaec052faa81c416ecce
SHA14d357b8ef0ddd5a86162be59b5af881c7227720a
SHA256d7825aec50f4e962c985aa6c20a670127d5bc41f1ae6e607821f93bbd784c42c
SHA512bec34dda8ad8c86b4810c2d7f9c5aa345600a1e17045b61c8b64510b34cdd58d4183a837ca556fb91e820f53a3e83aa758443486fc72b5d8f812ecd3dc651bc3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bce7.TMPFilesize
371B
MD5115787bed7594f31ee073b8201f2b5bd
SHA1c4d64e8e4e187909fd505f4ab647fe34c96b5c0c
SHA25609912d2eed994b5fd1bf6c5ecc7ee5d4460bae06d0bcbd5b26e4238785911b5e
SHA5126927cda6be112af160c965b270cc076fb18a712237c46e93c51b0fa460a957ac07819e14383d37ca915f4bf088c161ff8b65effaa5ef44e9946faa9e398120c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD56689f112d4a83219b3cfbed06cf8fdd1
SHA18fe39ddb3836233ea2bf2efc3583d14552642cee
SHA256c2776cc0057709ad54ba4b4d4eecf517e23ceb7285c574b80b66245f925ec65b
SHA5125035e3b48833b3ec796d9735fdae63d8446369e009432f1dd051ee6a98b3e915d2294ea197c5af7078a2e598fa827d81573c0316e9206d3598323ae6087e4532
-
\??\pipe\LOCAL\crashpad_2308_DPVZHBVHMEHUDLBEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e