Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://email.troostwijkauctions.com/c/eJy0kkGP2yAQhX-NfbESmRnb8YXDNlVPq17aezSByXoSDAhIrP33lVfblSP12hOI98F7eoyhOZK8-ar_9nd7Elv137UCBYBQbwieSdwp389XNmVlXolKLtyEOBG5Zg5v7OR6m1hsU8GP5pVyaaKY2-4emxhylrOT8l4doXppX9QOFByeHGIK69snTzOvBr9TCLkscr01v9g5TnlLJzYShX052TCT-PXGxHKdyee9d1v0f4YuPEdHhb9SP4nv8ePsJy_ZcSmctuqDklCR8BH9GHxJwdVW2xHPHdes1UEdVI_dMNaTVrYna89KwaXrkFrES8-Hi0FzMQNarkVDC13bo1Kq7QD3_WDRDIjQj2MLI1RdW74apbtZnfPehLl2elmW_b_FCo510jGbaf2CG_tcde2256IfnMLnsvscnJ1CQByH-qHhTwAAAP__ut7NWw was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:55
Reported
2024-06-03 08:55
Platform
win10v2004-20240508-en
Max time kernel
19s
Max time network
20s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://email.troostwijkauctions.com/c/eJy0kkGP2yAQhX-NfbESmRnb8YXDNlVPq17aezSByXoSDAhIrP33lVfblSP12hOI98F7eoyhOZK8-ar_9nd7Elv137UCBYBQbwieSdwp389XNmVlXolKLtyEOBG5Zg5v7OR6m1hsU8GP5pVyaaKY2-4emxhylrOT8l4doXppX9QOFByeHGIK69snTzOvBr9TCLkscr01v9g5TnlLJzYShX052TCT-PXGxHKdyee9d1v0f4YuPEdHhb9SP4nv8ePsJy_ZcSmctuqDklCR8BH9GHxJwdVW2xHPHdes1UEdVI_dMNaTVrYna89KwaXrkFrES8-Hi0FzMQNarkVDC13bo1Kq7QD3_WDRDIjQj2MLI1RdW74apbtZnfPehLl2elmW_b_FCo510jGbaf2CG_tcde2256IfnMLnsvscnJ1CQByH-qHhTwAAAP__ut7NWw
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6703997803498215756,15398107957498544219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | email.troostwijkauctions.com | udp |
| US | 34.102.239.211:443 | email.troostwijkauctions.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.239.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.troostwijkauctions.com | udp |
| US | 13.107.246.64:80 | www.troostwijkauctions.com | tcp |
| US | 13.107.246.64:80 | www.troostwijkauctions.com | tcp |
| US | 13.107.246.64:443 | www.troostwijkauctions.com | tcp |
| US | 13.107.246.64:443 | www.troostwijkauctions.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | media.tbauctions.com | udp |
| US | 13.107.253.64:443 | media.tbauctions.com | tcp |
| US | 13.107.253.64:443 | media.tbauctions.com | tcp |
| US | 13.107.253.64:443 | media.tbauctions.com | tcp |
| US | 13.107.253.64:443 | media.tbauctions.com | tcp |
| US | 13.107.253.64:443 | media.tbauctions.com | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | us.sentry.io | udp |
| US | 35.186.247.156:443 | us.sentry.io | tcp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| GB | 18.172.89.54:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | tbauctions.absmartly.io | udp |
| US | 172.66.40.94:443 | tbauctions.absmartly.io | tcp |
| US | 8.8.8.8:53 | cdn.segment.com | udp |
| GB | 18.172.98.174:443 | cdn.segment.com | tcp |
| US | 8.8.8.8:53 | www.datocms-assets.com | udp |
| US | 104.18.41.126:443 | www.datocms-assets.com | tcp |
| US | 8.8.8.8:53 | shared-api.tbauctions.com | udp |
| NL | 98.64.106.18:443 | shared-api.tbauctions.com | tcp |
| NL | 98.64.106.18:443 | shared-api.tbauctions.com | tcp |
| NL | 98.64.106.18:443 | shared-api.tbauctions.com | tcp |
| US | 8.8.8.8:53 | storefront.tbauctions.com | udp |
| US | 8.8.8.8:53 | tba-bids-prod-we-webpubsub.webpubsub.azure.com | udp |
| US | 13.107.253.64:443 | storefront.tbauctions.com | tcp |
| NL | 20.86.94.46:443 | tba-bids-prod-we-webpubsub.webpubsub.azure.com | tcp |
| US | 13.107.253.64:443 | storefront.tbauctions.com | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.98.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.106.64.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.94.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 151.101.0.176:443 | m.stripe.network | tcp |
| US | 8.8.8.8:53 | 176.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 52.11.91.164:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.91.11.52.in-addr.arpa | udp |
| GB | 18.172.98.174:443 | cdn.segment.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 2.17.251.42:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | events.eu1.segmentapis.com | udp |
| IE | 54.247.121.216:443 | events.eu1.segmentapis.com | tcp |
| IE | 54.247.121.216:443 | events.eu1.segmentapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.187.206:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.121.247.54.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.31.224.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_32_SVXUJYHWYKWSRHVX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa820d3f39fc9053a8aa6fbdeea0ae1c |
| SHA1 | a24bc30cffacde499bfd4fdb9fb85f087ae6b9bf |
| SHA256 | 390eee4f27bd1d8dd9660308c8e498f1dd5e54cdd35d4c2c95ba51ef66e1a9a1 |
| SHA512 | 38dae2f8e60e6a57a61571ff93e618f851072f1b79ca5725f596f36e29058f00d11130dbdc51d49d58a2de164dafaef21aabcb99008d5c0e904f5e5b840ec17e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 6cbc84cd420e01b01bb217c58695f8e7 |
| SHA1 | b12bd9fe72d22f3c2b5b7b8fe5af87374713bc06 |
| SHA256 | 5e9cf0926200722c96fe08d4e838266a29eb5810686f454ef7737a2fcd566b2f |
| SHA512 | da78834fdf9324a7b12beb0a93f0552b6c7eed451a372bbd6b286ee54d6a0ef32ba2e63430310c865b10bff471e15f06de24d96bad054338bfc9d7b49fc0a99e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21536838cd678c2aa1e3dbde4cc24c1a |
| SHA1 | 2aa70b8be8386aef6ee838044f8b72246b6383a3 |
| SHA256 | 0312e2f65bcd452ab744008663f4b111edd0891ee34a70bb8805bf342184f7bd |
| SHA512 | abbe46a5c7fc918b629532ad9e39c3075e778c4bb0ba51f9f356fb868d637174bc97df0f4c8202fb644096eff4ba79bde173c544924f5cb26e3f957cc07c5024 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a13b6cf39f2e7b9bb35dbe6ad5227df |
| SHA1 | 48d9ef006b444df03a53a3b281133e844b1bbd8f |
| SHA256 | a979af4d65cc350b3f9aeaf70492c65755272dcb196dc52835f3523f4f77c0a6 |
| SHA512 | 57f03b369318235280e7d71a8b807a5a4a49e38e5a3e8d14c312342e7e448624da21a9ae8c89b73c175a8587f6d9028794e84b67d9ae9d34997a33ea003f9dc8 |