Resubmissions
Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
05-06-2024 14:52
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://nashobastone.lt.emlnk.com/Prod/link-tracker?notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZpcGZzLmlvJTJGaXBmcyUyRmJhZnliZWlnNGcyaG1oc2M1bnhtcmhicXVsYXQ3Z3o3eHh4YWl4Z3ZnajY2anZzcjdndGlmYmY1emV5JTJGU2FuRU4uaHRtbA==&sig=HZha2UwZxamUYjQFX5bVB1aQH83DorUbsX6Dj2Ckf7m4&iat=1717572291&a=%7C%7C613033766%7C%7C&account=nashobastone%2Eactivehosted%2Ecom&email=2b%2FD8dsUBGrO3AqJz34juqFFESU%2FHs2t8NI8EPPCyLHe8mlnUna62%2FUfPPIVMv%2Be%3A4hCDfznQSsAmA2JMPqWzZ6UEEip1Vjyy&s=0a850a463a30a6a822d745c54616af1b&i=1A3A1A5#[email protected]
Resource
win11-20240508-en
General
-
Target
https://nashobastone.lt.emlnk.com/Prod/link-tracker?notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZpcGZzLmlvJTJGaXBmcyUyRmJhZnliZWlnNGcyaG1oc2M1bnhtcmhicXVsYXQ3Z3o3eHh4YWl4Z3ZnajY2anZzcjdndGlmYmY1emV5JTJGU2FuRU4uaHRtbA==&sig=HZha2UwZxamUYjQFX5bVB1aQH83DorUbsX6Dj2Ckf7m4&iat=1717572291&a=%7C%7C613033766%7C%7C&account=nashobastone%2Eactivehosted%2Ecom&email=2b%2FD8dsUBGrO3AqJz34juqFFESU%2FHs2t8NI8EPPCyLHe8mlnUna62%2FUfPPIVMv%2Be%3A4hCDfznQSsAmA2JMPqWzZ6UEEip1Vjyy&s=0a850a463a30a6a822d745c54616af1b&i=1A3A1A5#[email protected]
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 4216 msedge.exe 4216 msedge.exe 2712 msedge.exe 2712 msedge.exe 4620 identity_helper.exe 4620 identity_helper.exe 2400 msedge.exe 2400 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe 2712 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2712 wrote to memory of 4792 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4792 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 2680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4216 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 4216 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe PID 2712 wrote to memory of 680 2712 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nashobastone.lt.emlnk.com/Prod/link-tracker?notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZpcGZzLmlvJTJGaXBmcyUyRmJhZnliZWlnNGcyaG1oc2M1bnhtcmhicXVsYXQ3Z3o3eHh4YWl4Z3ZnajY2anZzcjdndGlmYmY1emV5JTJGU2FuRU4uaHRtbA==&sig=HZha2UwZxamUYjQFX5bVB1aQH83DorUbsX6Dj2Ckf7m4&iat=1717572291&a=%7C%7C613033766%7C%7C&account=nashobastone%2Eactivehosted%2Ecom&email=2b%2FD8dsUBGrO3AqJz34juqFFESU%2FHs2t8NI8EPPCyLHe8mlnUna62%2FUfPPIVMv%2Be%3A4hCDfznQSsAmA2JMPqWzZ6UEEip1Vjyy&s=0a850a463a30a6a822d745c54616af1b&i=1A3A1A5#[email protected]1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xa0,0x10c,0x7ff91bac3cb8,0x7ff91bac3cc8,0x7ff91bac3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17998911376462887963,11144686950639543130,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4728 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5390187670cb1e0eb022f4f7735263e82
SHA1ea1401ccf6bf54e688a0dc9e6946eae7353b26f1
SHA2563e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947
SHA512602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58294f1821fd3419c0a42b389d19ecfc6
SHA1cd4982751377c2904a1d3c58e801fa013ea27533
SHA25692a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a
SHA512372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016Filesize
207KB
MD5e955953b801c04327c1e96c67dd3c618
SHA1f9061d3780f153e863478106bf1afd85132bccb0
SHA256e8965a2d52ef25918ebee58ab6971745d396177a7943acf1ed53a65bb4dddd45
SHA5126318ff1eb838954dd73dab5ed891d47f4f39089fa5e899d30183c32269c5620bd09d169af4cf8303e3d5c2ebab23cfe9ae5d9fa5c3281023abb009f66a25782a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
840B
MD5a4017178903e09a4c967d259c1720aa8
SHA1bab9ac82472614c0926fd8b2172f5d55de01a8ed
SHA25640ffb12a47ccf3b188bf3390721cb5f68915ce74400b7a76b0e7da57a15a43f9
SHA512ef1f025ddfa5e52d3ccec81ece94967a4a5612abad9da3d46e1279f4ece8d672413d5032b081c6a27e6c458889dc1e1f090f0b2d9e5bd35e1497741d654b957a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5ec186cb39d04bd1257def933ce265907
SHA187f2cb05696b40ca005ce036ca55aa655635054f
SHA256fc34a346a243a8b223bc0b825f33815bc89bbc8d608b7792e1770d6fffa1a9f2
SHA512a0548995ce02bf52dc6fd46ab8db210209dc183c4ec80957744b42fcda8bd33c500a4f6237050cbc4d7343bd0af6393613630fd506a2216303deec9ec3cb44ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD599995555089bf505fb398c7c0f2f5e05
SHA1a2aed915a6be3dd00efc0cf3c14192c2f56ad225
SHA2568defa1824d37546726533f1849a23781fcee3bfda8b6068a308b6195975786ee
SHA512d0cd587c815a3712c6e58b1e704b05ca7dca99cb9dd07ff3856b1d25a7922a9cf91dc494493910c463e9d1b666e2d16794580f7732de002ffe303a24bc47aa54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55003d89c5b92b3e475b6864cd0316abd
SHA1deaa9c5ff3555dee6a61e4ed093aeda1a8b87478
SHA256a5ffa16a40026699a65aca72f6986b5a44e6e39e938774351c1b8580a04e36f1
SHA51211f19cee8d42bb8b4cb40f8680094979851767eb5b672003773cccc98c16b6ddd2e01aa247632ed25505b0f72c85cf009c0c618e26f978adaf982e1c0e6ad942
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5472a1fe4da91c3f069d898277a911888
SHA1e85568e5436e8394fbb80ee933ebcf2b649a565e
SHA2560e8c3767163df7ba7f2b8bfd7693157d5e7ac7c334055db913e32ab638724654
SHA512d6faac295db4cef49a3f443031be98ea653f9a0a0b23e3de342e0f8afb3675e85ce16924917102f9f42ae9c780b9e2ab26c9d19043f23c0c8872b3ed88d109b7
-
\??\pipe\LOCAL\crashpad_2712_QLIBDLVQRSZMADTLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e