Analysis
-
max time kernel
95s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08-06-2024 13:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://outlook.office365.com/owa/?ItemID=AAkALgAAAAAAHYQDEapmEc2byACqAC%2FEWg0A2khPfYERXEawhkdSeXT4fwABeAywWQAA&exvsurl=1&viewmodel=ReadMessageItem&nativeOutlookCommand=openMessage
Resource
win10v2004-20240508-en
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 1172 msedge.exe 1172 msedge.exe 916 msedge.exe 916 msedge.exe 3660 identity_helper.exe 3660 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 916 wrote to memory of 4532 916 msedge.exe msedge.exe PID 916 wrote to memory of 4532 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1252 916 msedge.exe msedge.exe PID 916 wrote to memory of 1172 916 msedge.exe msedge.exe PID 916 wrote to memory of 1172 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe PID 916 wrote to memory of 5020 916 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://outlook.office365.com/owa/?ItemID=AAkALgAAAAAAHYQDEapmEc2byACqAC%2FEWg0A2khPfYERXEawhkdSeXT4fwABeAywWQAA&exvsurl=1&viewmodel=ReadMessageItem&nativeOutlookCommand=openMessage1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa84ef46f8,0x7ffa84ef4708,0x7ffa84ef47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15539185922818185878,12550967630208352819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012Filesize
32KB
MD51e5b765b32c5f65973d835e9ee3ebf20
SHA12ae4b7b8e6303dbb2424730062c2fb1d752219b5
SHA256d443b4a9f2542caad44e23d0d3917456e781bab47cd000cdab5a2aa571395379
SHA5120ec798c3379d4724f5168a51e2bd8eba221f629ae41749b444cb1487b5b16a01e220857e181c710babd86c0201593aef9f8c21291f57bf14d5ebb72246958665
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013Filesize
16KB
MD512e3dac858061d088023b2bd48e2fa96
SHA1e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
SHA25690cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
SHA512c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD54d7da190364ffdfe861060e0abdd4fb2
SHA1d7c1b403a85c6460dba2f81f169b14bb583b992e
SHA256bea77fa718fdcaed8ee07c289cbceea7c789d74d48bcc0125b4a76ecc55629a0
SHA512bc5971ba583c8422cedb73fe095b56f801cf6081b633e0e819ccef27ada7f9351c0bea02fd853526ee1f9a74ad61e856e47dc928d19dfa3212e8333db441ab99
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
432B
MD5362845362f83c5b8c0f593a61bfb5ddd
SHA1196557b7c3e59b3f085f73e9ed1504d532006818
SHA2560e06764d3c175d15bad8d4f207b848caa70a375821cd61df52ff7ea028fce883
SHA51224db1aa324fd231019a7045285bfbd94d0475e38b3db39d9d7c1a76b54b235a5d6cae64b4760eefead7155e451085e710882beeecd1d4888e2d91d2d1470b95a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD537dbf74308522ba9c1a535acce59096e
SHA11d8ca48fa630a0f6c79a0b3359f6c87c2bfae6f4
SHA25684c3a4a42b05a2d4752a493a5975786470ebf795a0126bfe095b937e67534dba
SHA5129b3d8fd206a0bd46225c3b80ea9c60b863f5f740df4244ccc54c305c7d9c0c12c7061286a6faef8b47fbf6136f44f45d33ecd806f85faefa555044d78023e5d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5674275b4df17e53c51c0b2eba05b7061
SHA1a7f7af5570767ec3f317620083566b49f80ddfde
SHA256a4a1fef7825d1a6867c3cfdddd75c04ac7fbadb11fb43e39c6ccbb416f555781
SHA512b27e82527a71f3f7aee77182311a1c0a981362880d74dc87adcdf71d6e0e40be432ca6991fe0aa835a5913c596f4308ac900d3679a36fa9a6727428a23856066
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5d13c64e836b69f8ba37dc2aa3a1e0836
SHA1e426f4472caf59af882e137399daa8a84fc841ef
SHA25607ba9a60914cca07969694bdf0bb6062f320e1bff07f4e58abd89b4ed69d3e88
SHA512b9d2e696929182fc540ba0c6bcc5673119dbfaa29d16105745fa1020ebd2f3278f6d3e72ed435b56b16b7c5c8ec3fcbe7ce4ac624e14328753612a79d452aeb9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a8469ef5f430f9a51535cee5bef9756c
SHA1d830178ac63220e7ea7fae7f37e62d4cebed1257
SHA2562a21a04ba1771848411ca5c3070a2bb20876b6b0e06bfd3649fd7e6028e62367
SHA51220a99e4cbaabf2ac235bbf5b4aae91a0aa3c37012ec3898b18c51f65191ed8030bbb9a29d050928c517050ed10afcb1abd07dab2a379b5d5fb667410b736538e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58348c433de4b7fcf1ed5bd27d7756f14
SHA12dac2d72df002fc000cd0ecebfc42b07438208a0
SHA2561984ef29398c5d4c973f476785407687ac00ef179473d2762de8b0822e917d6d
SHA512f98c41dc4e5fc693b73fc5a334353d164ded6f4660f81e7ed5610892c31fdb6d1072b11f7c395d2aa455014152cd99c2eb7c93c0c09cdf540b35b3e2935bb57c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5b4e5c858e55fcad167ed5bcf9905898b
SHA172334667ccc1418b3ded3519a797cdb5ef73c037
SHA256bfa4ddaf9e5cd11b60aa7a91f8c96be7f7a029084a1504c07fd03dc30925f428
SHA5124ee93540f231fcbdd33402b4e6759e755c0c09468b1d9f25d0c48e79c14f945cdc4cd850a3cac2fa7eb06afa6f2dbf19f7ecf3a088c6d4418e88b08d39a7765a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5693d35677aa200251dba6732448e79f0
SHA1021478576615a879a20214f07b3fbf1b60a7b34d
SHA2562f3a76829fadf4a30154414fb6384fd0a2b52fe937e31925af7af0d4759fdbc4
SHA51243a2e206253cd341ad33ef9e890e2ba3b6ee662f6fa083b2c528a41f3a22e9153d4bdd2c5385d6f2639a224cd4361fa1ce368077b5d270209cdf9cd929e2d062
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
873B
MD56b45bb21fb510dcc5d91b524e64595d0
SHA171da89f936ce99bea1d8d2a9a6a97d7922e99393
SHA25645bc20fb8b98f25e9c92b0c797fe798e0ca527d7d73a1e6c697e646880713030
SHA51264ca156f85f69dd6f5d9b32994a66b473fd8323f678630b86e29a56e9e39ef704bf55d41fdb8fda31fb4969c40e60de11c402bffa55460e3086cf3a5525c1f45
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
871B
MD54f503016f016aeec6aa303436083013c
SHA1121f0545aeabd5f848afebb81fed1e08592e1e63
SHA256419115c4f00f232c98012d389ffe5da3009b9fa25033e711432b76319e6bc9e2
SHA5122c6214674c039afe31c81cc9233a6d4cf20194c1cef30ea60893c2388324a0f9b1e87d66ced9e7b03ae9def7b6b7ff0064f47b9b7a95d92ba0506f9074aab99f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b594.TMPFilesize
705B
MD5df06cbf7144f1d86873ec99d4b60a803
SHA19802051177c183612d3aaf61dd67e5d58bca11aa
SHA25670ad26f59b4d93b44e72785a95faaad750242b09b21b21991e67702aa2f666d0
SHA5122027325393b3a0eed54264899f6be82e29e9d056cf488df715b066334b4afa63d6b6b18a3e06f3888b742bc6f86f8881906aa520e6523002fac0a139145f2617
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5f21ef2bc33c2fa0697d8ab594d25710b
SHA127ba4e9cd8f0f382d6f34aa0239a586611812eca
SHA2564ad56bc1c45947fdfacee8c2a8dff47672d58382281ab28cf7e787a160749bc1
SHA51282a3c8becee705ada730ee59738c66821f1d6f245624b7b2ee097bdb68a51b58edbda743e8cf720447d0c44357ededc62bae7c9bb892f6d5fa4549733ae68623
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_916_KIBKUNQQQFVNGMVUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e