Analysis
-
max time kernel
265s -
max time network
268s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
07-06-2024 03:09
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 3 IoCs
Processes:
flow ioc 139 https://case.stretto.com/voyager/file-a-claim 16 https://case.stretto.com/voyager/file-a-claim 16 https://case.stretto.com/voyager/file-a-claim -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1492 msedge.exe 1492 msedge.exe 1180 msedge.exe 1180 msedge.exe 2576 identity_helper.exe 2576 identity_helper.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe 4396 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe 1180 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1180 wrote to memory of 4544 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 4544 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 2700 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 1492 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 1492 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe PID 1180 wrote to memory of 920 1180 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://withdraw.remittance-investvoyager.com/claim1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5b1c46f8,0x7ffc5b1c4708,0x7ffc5b1c47182⤵PID:4544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:2700
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1492 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:1772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:4852
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:82⤵PID:3764
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2576 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:12⤵PID:3996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:4004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:776
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:2112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:4328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6064 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4396 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:12⤵PID:3960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8378609162457979038,2838160392457060915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:12⤵PID:3252
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2416
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4452
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
480B
MD50a4a57b9d98d84ac1dcb62a8bd3a1841
SHA1db75a38a7114b25813fb86c646f678f72c7b6660
SHA25648983ea9c49c817346b9341481e1a2961aec600e1f6a4291cb2f2bad51b2822a
SHA512f563093974856fb6f5b853b32f1e788ff9a64c81a611946fbedde730973f5336173397fc3c6418a14c617f625f686cb47b3bf3628285d0f86749323fd51b4d7f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD53c8ad40fdd436aaa786cf1c18274005e
SHA1bde75a123c38f58343b1d7470130d9480fec30fc
SHA2566de3fc4f810aa6b2b00feec5762bf7dba06c0b3ec0c32ac3d332b918c5f10a49
SHA5121c64423cfd4c4700204b835a162e4dc0c5962421c9b4013016fc55da98560cf80f3efa51bcd832db0f7b42be077c93af437e43d52ac58fbfadcd4f5e28b26f77
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD560a7c79fc0fd50a8fd31f80d4600caf3
SHA15f89b31f43bb6d615a5f933344eecf06288fbc47
SHA256267834909779c1b12d648b1cacf97fcb6748f25ffe23d6ebacf9244bf43cbfa2
SHA512c5b0896b10c0c708db81cd6de5adedfce81ef75605ad04feed31a7fde8acfe33b5825e7e2b3c0ac85e3d6156e36602db5abaeaaa9e6878dbedebe745e3573566
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD587fda900b00cb60d21b8ea82628c4a03
SHA11d5a2fd406ee0f2f2cec5a8897dbf23c0b32bdb3
SHA256ae0fde51cdf1617f497793aee7b4c9c0185092890030f3842c839b9a87f4e755
SHA51244b26a3d2b74d62c8ccd0876d0094c8679314e36d8ea5347f170afd37276312b60aded462288c8be5cbd25f40f9953a0de7b2416f29da480dee1c7093c1088e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD543364faf756c83699feb6a17284d4b92
SHA1dfba2ba8ac66fa423b7daa67a195ac3b95433cea
SHA256ab4c7202664a32f807f24ac11244eafb90cbd6462d5d303e0afc0d30385f9f6f
SHA512dc39ff05d92a15ac6e1246bab965dade76ba8f2419142a5a1b17d988d7c1d5022629d0c937c2e13f373ce84e5d687e8135e1396a12bda4030ad464b5661d33c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5db1254a2e6139b466ef6cc3f62caaccd
SHA15208a27d627c28db9c3157ab975cfb00e2b2db91
SHA25647b2ee563680ab36d38d84c7687111fd1f4aad9eda6291a1c94a5ef0c2aa3bdd
SHA512a3d6cd8176e6214ed2a0681c9419868b58f7187ef9c7a2eda288701729d4f40c5fff392e2c9e078bc1633a3eb30ba00b3a6d2f8b62d2884421dd5d633555230c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ead94185abaf64ea64d42f3ce48c23c4
SHA1b44a9784e3ef416b9736d0ed879458b711bda9bc
SHA2564c2b956cca409bd75c5c4f894c522c121c12678022e6891fa5a454932c24de33
SHA5124e8ebd7d764a5f3af1d17624b47f08e9837a5d5a1df52b239b9d35d831d1be9068510e07ad1bc1c9e021e6d4e758b02ca3d1403e7e5ba44e5352890fb8e4f4d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD500e834846a85f26672caad61bf75a5ba
SHA10b9779d7f33147dde30b6a4b20f8bccd8a4653b8
SHA256fc09e1463dc0a319e5b6bde416b1c4e5ceed827fc6aa5802a634dd4075e8d41d
SHA512f159fee1604fa6c9860cfae3b62ffc60a5ab817e1c6dc101c5a9170729ca35f1cfb06a8f0ae9ee52f436524c7e8f5e296ffa33544df750b0e830eea67579971f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d18abd59a75862088874edba0d814bba
SHA1fa070ad161eff50a163c4d8a002a50b04d3988f8
SHA2566859b70fe5cef7b9bcfc6aa37835e3ccdfad747fbbbe06cb58f7fcb203736d20
SHA5126162d848c3c9f15662df267dfbb712948550e070cbdbf92918db9d64333ceef321acf537c426b356eb46155cd3ee1e1c9121801e3d00092bcf7c8413c58928cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5a5c46c2ce1d6645372cb6d61c741f689
SHA1c8eb4ddc28c0225cf74b2b8f5bc7848121803a46
SHA256f2e14344c01f76685fd38016d775011f732326b52ed2db4c28ca1a672953b4ce
SHA51215e571346d6f9ef5fe0260c009c45622263d8f47120131e8ab308e2bcce41c8ed8d9d0987cc7adfb64ce13fbcf58b5abd214c862c4d1e535817f30921e42d59f
-
\??\pipe\LOCAL\crashpad_1180_EYJEGFMBLJWIXMMMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e