Analysis
-
max time kernel
194s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
05-06-2024 15:56
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 33 https://case.stretto.com/voyager/file-a-claim -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1960 msedge.exe 1960 msedge.exe 932 msedge.exe 932 msedge.exe 1712 identity_helper.exe 1712 identity_helper.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe 4424 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe 932 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 932 wrote to memory of 4120 932 msedge.exe msedge.exe PID 932 wrote to memory of 4120 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 4284 932 msedge.exe msedge.exe PID 932 wrote to memory of 1960 932 msedge.exe msedge.exe PID 932 wrote to memory of 1960 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe PID 932 wrote to memory of 4564 932 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://href.li/?http://ipfs.io/ipfs/QmQoUYfdG6pMvbcxjwTS491x4TwPeTk7qVCdHJwgzGsFdS1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb19b146f8,0x7ffb19b14708,0x7ffb19b147182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7012543388236627001,14683546294207851109,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
480B
MD5756c9e553e276c2cb5963f4d81a8edc2
SHA1f00e9bb81eb6b4f864a833dd1b52588fae54e744
SHA256382447e87f96395372f6e5276129ae39d3d5bfd85c8456dc3d51dc0557f7f800
SHA512440225fa99b19bfa8d40ec29c1e9583655f975eac882ca1027cb6fed03f0f925c976c97b48a78b4bdcddac0114fa805120553ab12238d0b7a1b7a7454dbf28af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5a8ec3e239e46c5e8acadd5f5394f6a8b
SHA1c033602c46fda473c47362d19946e938f723e0f3
SHA256d9a4f8359bde59b2f741952fe87a22e5598aa103f66a7315c3db8cb0c83ddbdd
SHA512dec58e074e3ae4b22a8ff656282015acde9a9222ae1af32b6a8dc3535d65072ea241cfc6a71e1fd6847e45c01c9497831b290fc3393ac3cccb12c8b248e1aff0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD55cca955ade9bf1154e542ec627fcbb0a
SHA18970f3bec9af144ae4b2a066ed0cc099ee88334e
SHA25699ae6342e4991b36e51897c54cbb65d166d3d58e58f560ddde9729cc69fb3f4f
SHA512f23010bc7fddcc345354b2775cd30fdec5fe052c13f71ca57c199104eb5dd55f8e2bac93f131d94fb99e6348162fa26bddbc4da564d33204478513deb6a42a4a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5d443e5d7b9c603fba9a980a3b7edc5c0
SHA181b64672913dfbb3cb8a191a2062328fc9359d8f
SHA2568bc82450e046c7fc28475b8e933a00692a17c0987a49a1fa568f558911d8fbf5
SHA512d90ff3d38de13c1ee2f75cff3a9ae65a10d812e065a1253367b68c271b91083309446f96298b62a06adf24c9b534b78cf8007dd379a6cc4cf47cca070d89aeed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD544276ac9c83ab949a20c78f202323309
SHA1714a6c0a1b1c85558349bdec2a6949ed906ed29d
SHA2561e3a6d511402b490efe586e8d10c6a3b9dc27eee5444cc965e9f1b3255da787c
SHA5123a25bc87323dec7e79077e8a7dfdec4cbc6a83b72e6ff4e6d7040706bceccdad6cb9f4733910d722a65c4e22e7420cd2911a34a8bba36088e2d16dc976413b90
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e8c612b3f4bcf44825b6eba04b103833
SHA1dea8a17fc50743f3048f22831fe031adc9cb605b
SHA256edbcb45308f5432a9c7c887714c29c3cefa1deaef36ad591e785ac01d792a9e7
SHA5120392583f4abac70c5bd7c25065effa13db4ca923979d9f607dbf4ba19825f23b726bd44d2f0bb4d3eec262c0998a15eb30c8b9acf2cd35985fa140c506d8bf03
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5f46bae9f38624f10159c8413e2ecab6c
SHA1bc0e7d9f2a7deed95bc6142df9f4ac90001a0933
SHA2569a3bf72561400e1ae866850a9c9a347e8035bf6e933987d94daebaad51ec73f8
SHA5127f588ae5678b5ce9101745860d77563652ea43a8e1bc0f8e88eb73a40d080de307581f21a7185839b6d75f90f83cae9360385992d73141542ec7892df6252f2e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_932_LBYMNTMRGERZDCHLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e