Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 15:32

General

  • Target

    http://ipfs.chainsafe.io/ipfs/QmWfeBdmjKMZGNjoh5sLp2dApBdUvDYBVjQFzmDXAegHQb/#cmd=https://www.fresno.gov/secure_cloud_storage==cuuhohmmmdfnpndybmgyykngcfaavzlx&id=fjyaqkzlyhxjwltp&session=igzonzypmqgwdnwowzzlhpsmvtzmhbmg&tetfoqwsyvjpfstpatgiynwpmkzgudln=c2hhbm5vbi5tdWxoYWxsQGZyZXNuby5nb3Y=&eqmyvzjtioakivbnauzoyynwelasvdda=U2hhbm5vbg==&zzyqmoslafzagyudlkrqwooslouxmxpw=T3RoZXJzID8=&qgivshhmgnzynejzqkqlmozuwuieilxo=6/12/2024 5:16:07 a.m.

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ipfs.chainsafe.io/ipfs/QmWfeBdmjKMZGNjoh5sLp2dApBdUvDYBVjQFzmDXAegHQb/#cmd=https://www.fresno.gov/secure_cloud_storage==cuuhohmmmdfnpndybmgyykngcfaavzlx&id=fjyaqkzlyhxjwltp&session=igzonzypmqgwdnwowzzlhpsmvtzmhbmg&tetfoqwsyvjpfstpatgiynwpmkzgudln=c2hhbm5vbi5tdWxoYWxsQGZyZXNuby5nb3Y=&eqmyvzjtioakivbnauzoyynwelasvdda=U2hhbm5vbg==&zzyqmoslafzagyudlkrqwooslouxmxpw=T3RoZXJzID8=&qgivshhmgnzynejzqkqlmozuwuieilxo=6/12/2024 5:16:07 a.m.
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2496
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97ed846f8,0x7ff97ed84708,0x7ff97ed84718
      2⤵
        PID:2972
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        2⤵
          PID:3860
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1408
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
          2⤵
            PID:548
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:4048
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              2⤵
                PID:2392
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
                2⤵
                  PID:1880
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
                  2⤵
                    PID:3736
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1392
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                    2⤵
                      PID:2028
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
                      2⤵
                        PID:4612
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                        2⤵
                          PID:2792
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
                          2⤵
                            PID:2464
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
                            2⤵
                              PID:4924
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
                              2⤵
                                PID:1384
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                                2⤵
                                  PID:4592
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
                                  2⤵
                                    PID:2148
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
                                    2⤵
                                      PID:1204
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                                      2⤵
                                        PID:2784
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
                                        2⤵
                                          PID:3280
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
                                          2⤵
                                            PID:1880
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,2034106675792051753,17612765367531056639,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:668
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:4260
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:4924

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                              Filesize

                                              152B

                                              MD5

                                              81e892ca5c5683efdf9135fe0f2adb15

                                              SHA1

                                              39159b30226d98a465ece1da28dc87088b20ecad

                                              SHA256

                                              830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

                                              SHA512

                                              c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                              Filesize

                                              152B

                                              MD5

                                              56067634f68231081c4bd5bdbfcc202f

                                              SHA1

                                              5582776da6ffc75bb0973840fc3d15598bc09eb1

                                              SHA256

                                              8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

                                              SHA512

                                              c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

                                              Filesize

                                              1.1MB

                                              MD5

                                              01793d28a13f2adbcb518aa698f287db

                                              SHA1

                                              9b96d55b287a34e189c0f22196e83c907b937c43

                                              SHA256

                                              ff841c6aa6d5ef0f05b3aebd8c4c3a044ca3bbe1e18654e801f61c94e9ef46cf

                                              SHA512

                                              131801e2f3d1f3a80edf848093d9bf8307723407c2b45eaba4ccff565a0c37585bf5f8b6d5724c576fb06bc41617d5721ac31f8baff21541854194334fc807e2

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                              Filesize

                                              32KB

                                              MD5

                                              152f497e7569a48b19de8beb84f3ef7b

                                              SHA1

                                              e7d3834afe2e7ef8a2e0bb9c9ac3286c167adcb2

                                              SHA256

                                              7ce0d3ffce899b04ec45ac9c9e04861d23f1cf2128870ff4b246d08a7925e539

                                              SHA512

                                              d74929d8b6a7b73e70be01c3d430de356bfc8d9af42afaad4f9d1f329f89994527fb454b9c0cefb027870c7606c02aefba6b9354c1aabefd255ab53a57e39b52

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                              Filesize

                                              27KB

                                              MD5

                                              a095258760400a6981da293354bd7794

                                              SHA1

                                              0b266c422c6e4eaf1f02728f3d685669662884c0

                                              SHA256

                                              a0844c8c927c336a7bc264c158e902a53cecd425d6dfd43036ba68397cb6e448

                                              SHA512

                                              8fe0bf3a8c80a89d9d9b2f012dd53dd208ccb98f731d58136a1b51d357bb05e81c4a2fa8075197a8f75d0a2cd461ac12d97a07cc3ceb4ae6e4aad4315a6d6f62

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                              Filesize

                                              1KB

                                              MD5

                                              6768da33d2474e592cf1bc1442eea8be

                                              SHA1

                                              cd42988068ad25d6194a0b4ad28b2c4906a34662

                                              SHA256

                                              3b63c91c7707c648c8f350a8e67a4b875337306e6de39d68e95165ec744a0760

                                              SHA512

                                              68bbae02545572ec1424d33db8b2d3cc810ad242bab28b32a98bc3a47d034cd70d8769158afd629e6fb2d64a25326ca5549daffeb3261cfd4955cc6b5c48627f

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                              Filesize

                                              72B

                                              MD5

                                              522435eac6edc524851fe2829cd9f8dc

                                              SHA1

                                              b250eaee964edf088947215d98c9157725100196

                                              SHA256

                                              5ea2922be5a86fb6d5ac9c76dfe2f24db10663b39f69936135758c4f8b13e0e8

                                              SHA512

                                              9442f8d952e70d381c892d33adbbcfefa24ed7201eba4d19f4b6e6ba31d5556a91336c4fe07bef080dc9b66650888d5a2e072ecb14f5ab5b0895e924367aa17f

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                              Filesize

                                              2KB

                                              MD5

                                              f69a248721f0385111d340b837cad247

                                              SHA1

                                              ada4a51c7002cadf41e1f4d74baff30e733b373e

                                              SHA256

                                              7dd2933731ad0f451fdfc5727dc786c7564fb947d8b2e38f73d8c64ab9857d98

                                              SHA512

                                              ac741bd47459a05b5c1646cc6f105e67bd64725ae7c0f5f11bcfffab148adaa2b16283f38ad2cfc57b293bec7f6d1b16686dae743d8a6d9a70e5dd13d96af7bb

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                              Filesize

                                              2KB

                                              MD5

                                              33d8f1923f8ffbaa115e9016580f27be

                                              SHA1

                                              6f5053c381b916e9ef7b97b1d2b3c93e060d2ff1

                                              SHA256

                                              d3601315e91375cb3318b61aebcaa02ac61e3d953bbb91bb0883e516b678809a

                                              SHA512

                                              1da575de21ad30cb9950b3c299f97dc5488b44e423f7a9332d6c9911a809b79a97024a7fbdcb50e66ea93b3699b6f68578504042b2fbbd7945563c6c3d1a95ee

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              df093722dcfcf028bf975f2ae0c523ed

                                              SHA1

                                              a930135f9e2c664cb8def14b0cd11189053a9a28

                                              SHA256

                                              58fc2da5b622daef7009fd87b869464007c27efbeb3e654075e9b5fa2c6c5364

                                              SHA512

                                              1136ccf73a2881a51b771ecd66336c2d142ebb9f436caed04fe4664fdf35bc1c98836b78aed8026ef3c0b5450400426c71c0fd097958c28de6406f9b566f0d06

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              8KB

                                              MD5

                                              6ef224eefc0ee3b0ec7b97ba4dc5d938

                                              SHA1

                                              4a282a495a861b5f384c29daab1309ffee578895

                                              SHA256

                                              009c32c5aff2cd6dabec8a20b29455c9684541d83896c4673fb7a032f8e575f6

                                              SHA512

                                              0834d3bdf58df6da08f65977aae16b514ea5506668adceeee9ce38474fe5d9c05a56784c4c1bca7311d1d2ad4523b58d30180b1a3d3113aeb2f9a5b64ed7c62d

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              9KB

                                              MD5

                                              0a2161517e996cfd1f4303b1b014141e

                                              SHA1

                                              fb8f3ef3b5213fa0d4cb02292bd1e049b66fef88

                                              SHA256

                                              67c4987c4e43622ab944e6a37da1ed6568f7a7016ee91cf1bc20387bdd338f08

                                              SHA512

                                              06ecaf3303638008403a13e25d3dfd808107b6d03bb32b35fa1596da8615390857948b25a552325234d3ef76ca6f2c06f6496a578a6c428baa94a23a2b621b12

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              8KB

                                              MD5

                                              0c97e0a89e6dfbf4cb24014242052769

                                              SHA1

                                              54814d9c147762855f224fb0b0c12449dea38053

                                              SHA256

                                              391a28b3398f21c69d4bbcfee8f82c7017e26e7d30cf7a585db2066db8521fb8

                                              SHA512

                                              e6d4871d4e58193a731c40d831c768acb450b42f0bb1d452ad9035b1143e3a4f74870ed7f06c128fd73c2280145e3aa443297adeda41997cf2c17e22e08bb433

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              9KB

                                              MD5

                                              701126cd784e213cf756cdc3d1b95863

                                              SHA1

                                              c2274b42db398d30d36474914700f18c49dbad59

                                              SHA256

                                              c937290951dba55f9056318660be9a806ab1f4f066335b5ac9dab9572211b603

                                              SHA512

                                              1fa4829fa6fb29a27915ca20897eadf97d67c7434b700627ea216df1beb0b85578ddef6e4202cd359d9c04ff747e906b3eb38d807e5dbd609de15448bd2d314d

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              10KB

                                              MD5

                                              6fa6b7c1a514961aa6d8063ac66bd97a

                                              SHA1

                                              2136bd4c1c3566c8ac66ac2c6c6ab704306c4aca

                                              SHA256

                                              19371692e142f0ca3004113c8bcb7b6134043b90eeb7fb592bfc4384890251da

                                              SHA512

                                              19160805317e212cd7eb2ac1947fc7f256a05c516986f3ee887ec05b7b0f71ce338c8f53bc78f8f5b0e9dc701aaf69f5eacb9b931c56ae26d99454bc27e4603e

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              10KB

                                              MD5

                                              2fd5f905a45b9a7905b28ebc9ebebf7c

                                              SHA1

                                              4d07e8a09f3dc09f795fceee03be755d8724ddc1

                                              SHA256

                                              5cc0aa797003bf4007d51ac3de6eb18d8233e7b143cb4b807edf63c68f799bd0

                                              SHA512

                                              c3e1e6fe3f238c94d0aab173c3eb4249876dacddc91dd322c7cd660483bb6be327aa1beabc5212f477ad37b45996183b4c5527f524520b4e6534aa6eefa4cdbb

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                              Filesize

                                              370B

                                              MD5

                                              db7ae337cf9e4b5aecb547bbd1934872

                                              SHA1

                                              638465dc0057680722f868a745cc8a418e92c2d6

                                              SHA256

                                              544ed264341aa1027f0086ae118ed5139b6a51938abcc2406d5705060bc4da79

                                              SHA512

                                              9536da2b4082200fe8e3efcbff8d9d7a4bf4f0fc2516fb3a859adf87668ad9f0615c5e7a11725724463a65aee65a3527fecab0f9cd9a530b76c5c027e9e64f88

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                              Filesize

                                              1KB

                                              MD5

                                              38780c165ba3c7b89beafae1f5cc1386

                                              SHA1

                                              4ce757748cd39206818fcf0b2aedd18ae9037b13

                                              SHA256

                                              ebd33a5f447c3b3be4464ae3c948984f18669ae52770e71d776f890f03fe543b

                                              SHA512

                                              017ba8cff29c6eae54b2b40372d033011ff47a826e1b2c2c01f6c68423957cd1ce7d99f90c64e9ca99a98796225bbb3cc79af4a44c97b808ce12ad36798f7695

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                              Filesize

                                              1KB

                                              MD5

                                              68af8808af898a5e7bc5ce297c723fd4

                                              SHA1

                                              373fd2ec99b3b754d0d20a918ebd9583310f85ba

                                              SHA256

                                              dd83c60f492e27e631ef40917a8c7a2012986b3678c9f1fd525107621295d422

                                              SHA512

                                              af88a0f7939e48acd766fd4e6742f7ab1f1fa82f8c91543bfa986eea08be10f9301094fac62717b7fd4ee0037eb70cfb80425a166d436e99b0ebd64371936bc6

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bbce.TMP

                                              Filesize

                                              370B

                                              MD5

                                              39ea42d73039f0bfd898446fdf57a3e2

                                              SHA1

                                              cdc54007d5f6d0e4749c5b24201e0437de7bcbc2

                                              SHA256

                                              829e25c676e2010c5abe5fb6e42727e1274b96c1527345be1eb59bd392d0c2b1

                                              SHA512

                                              c236c161737acdd89d1a35218a4c938e3639f26c465d29a5b4c580442b68fbe26e67ad593e2042deb426faf9a76fc3f69721ee4e2ede5c8970d39d07c65407f4

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a40e5519-db9d-4a73-a962-c46275f2cbff.tmp

                                              Filesize

                                              10KB

                                              MD5

                                              9a2f53bc8a95edb351267e6b6d8a079e

                                              SHA1

                                              c2a9075ae6fc64563f515426354cc78628f438f5

                                              SHA256

                                              ca04b9c497b5424231b6be3c27229f3d0c3972a4b6ef76837fae45254f672de8

                                              SHA512

                                              b23543020ff28c0e9b8f15f2f8bf46e4db659d6a3968da23d2d8ffd39b0a6eeca6470b7e2e24370dbc72f42bccbaf4e0a6bb9918982031ec9ec35860fa74de06

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                              Filesize

                                              16B

                                              MD5

                                              6752a1d65b201c13b62ea44016eb221f

                                              SHA1

                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                              SHA256

                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                              SHA512

                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                              Filesize

                                              11KB

                                              MD5

                                              74e06494497966983f32d2c295002c4d

                                              SHA1

                                              fa7fc4680fa836858d6ac69cab18f57129816d37

                                              SHA256

                                              e25073a63de1364eb435594c5c180d8753897c2c96a187c455998d86f7daf067

                                              SHA512

                                              12fae0ef01f1a8179122085d40961729e21dac24fa3ff3310fcde0df46f61ba6604890fef1867e3681dad809dfcef92d60cd80b4f7899f0d47cc47e20b42ccdc