Analysis
-
max time kernel
273s -
max time network
245s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 14:29
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://zonaclienteprome.cxblockwr.sa.com/
Resource
win10v2004-20240611-en
General
-
Target
https://zonaclienteprome.cxblockwr.sa.com/
Malware Config
Signatures
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
Processes:
netsh.exedescription ioc process Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exesdiagnhost.exemsedge.exepid process 4512 msedge.exe 4512 msedge.exe 4600 msedge.exe 4600 msedge.exe 1956 identity_helper.exe 1956 identity_helper.exe 2856 sdiagnhost.exe 2856 sdiagnhost.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
sdiagnhost.exedescription pid process Token: SeDebugPrivilege 2856 sdiagnhost.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exemsdt.exepid process 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 1728 msdt.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4600 wrote to memory of 2836 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 2836 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 5092 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 4512 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 4512 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe PID 4600 wrote to memory of 3816 4600 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://zonaclienteprome.cxblockwr.sa.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb08546f8,0x7ffbb0854708,0x7ffbb08547182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:12⤵
-
C:\Windows\system32\msdt.exe-modal "197184" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDF5143.tmp" -ep "NetworkDiagnosticsWeb"2⤵
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17104022723572299937,15497317622076207119,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5444 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\sdiagnhost.exeC:\Windows\System32\sdiagnhost.exe -Embedding1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\netsh.exe"C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter2⤵
- Event Triggered Execution: Netsh Helper DLL
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061814.000\NetworkDiagnostics.debugreport.xmlFilesize
69KB
MD5dbebe0d1d074866729947e8817d453e4
SHA109de269c58b48409eaf470da92e5d4141a359043
SHA256e32bc20908e7da01b11d14c9c931dff3110091637222ec47215fd19e086cb95a
SHA512ab5d53241201640e9aa154945aeffd0b071ec83f6afb35444ed637ebeb2d311157ab3fa2ddd82085dae14d57cac6c6c473ee4882dc41bf9b3b536a25d4aa8ab0
-
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061814.000\results.xslFilesize
47KB
MD5310e1da2344ba6ca96666fb639840ea9
SHA1e8694edf9ee68782aa1de05470b884cc1a0e1ded
SHA25667401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c
SHA51262ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5257c0005d0c4d0bb282cb470925e4376
SHA1f9b8efb511ed64292568977c9f2ec255509e8f7d
SHA2568185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22
SHA5122f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54819fbc4513c82d92618f50a379ee232
SHA1ab618827ff269655283bf771fc957c8798ab51ee
SHA25605e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c
SHA512bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD54395e344157ec76f9d7e6c5b048585e2
SHA12427d167cd5d9c6a56364170e01887cf62411aa7
SHA256ce43d7269d767a059e8fe02c64fb1e3c32cfa89a4c415f13b942770e05f676a9
SHA51211625ef7d5df78c7f4b8a83543040512b3270bf27b245393fd4e838e136c326332d1f60f97ae3d3ee147078ce6d9f46b81996d1607e3decf0b4b89ed6538ed3b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5b1ef8251868f08efe4a91928f33368c2
SHA14790c51a4b8aedb57b353bcb2c3cce9f12eba7a9
SHA25611c10ded3ce445b7c3266a5333e13cf3ece387322ff174e03ca93ec786122f65
SHA5127b38b5e6706666828dbd6b0515652c5930a1594136a2f05536187b44bc8f3713d62f105bf2be002d3aec2109bd9891d2e8200c440c24d8c4d4a20683196f9fed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c6827842362431702288ae41ca5e16db
SHA19b53f40abdb30f06142f105113f4ac9ffa275352
SHA25628c24384a4fed66a245338243e1f8d88d7957da24a54a45b420639855795b2f5
SHA512c6c30ed852cd8a74a4805da9985c08dfb1a05d730411200ecf23291e257a279dd2d1743257ca109dc0cd0440a8656d3646da7ea5a68ee5739bb70741f0f8c58c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD595cd1581c30a5c26f698a8210bcab430
SHA15e8e551a47dd682ec51a7d6808fe8e0f2af39e86
SHA256d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9
SHA512e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5a468da069d5454d81303bbe1504681d3
SHA13c10d741d419742482da956df4a7b0a450b9a42b
SHA256cf67635cd76e95faba4b782565ea7e312e9f3bb4f6cffeaa03fde86fa0b9a3c0
SHA5122796160ecb4b61667375cf93054d1baf6ab0a286d86182d60af35d881a27549b9e8c88018537b2a41b7b212bdd677a2e7e9f51701579e9c440a08d93871de17b
-
C:\Users\Admin\AppData\Local\Temp\NDF5143.tmpFilesize
3KB
MD59ea8097e6cf1047554a5b1e7377892ef
SHA1a593863c864cb20fa63c86e276d513f86a5a17fa
SHA2566637690ef0731ee0b15a3c45821ad9e63366bcecfb119aefc8c46e182ff797bf
SHA5123653570268414b99c9fcd1eb54401cb840d03d87990e0c1ff44967654ccb5dbf192f606c9199f4a9ba55ca901f99236851c29bf3048532b1d316944aa76267a9
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y254rbnt.wrn.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Windows\TEMP\SDIAG_988b6d1e-ae19-4638-b35c-ba942a099321\NetworkDiagnosticsTroubleshoot.ps1Filesize
25KB
MD5d0cfc204ca3968b891f7ce0dccfb2eda
SHA156dad1716554d8dc573d0ea391f808e7857b2206
SHA256e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a
SHA5124d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c
-
C:\Windows\TEMP\SDIAG_988b6d1e-ae19-4638-b35c-ba942a099321\UtilityFunctions.ps1Filesize
53KB
MD5c912faa190464ce7dec867464c35a8dc
SHA1d1c6482dad37720db6bdc594c4757914d1b1dd70
SHA2563891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201
SHA5125c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a
-
C:\Windows\TEMP\SDIAG_988b6d1e-ae19-4638-b35c-ba942a099321\UtilitySetConstants.ps1Filesize
2KB
MD50c75ae5e75c3e181d13768909c8240ba
SHA1288403fc4bedaacebccf4f74d3073f082ef70eb9
SHA256de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f
SHA5128fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b
-
C:\Windows\TEMP\SDIAG_988b6d1e-ae19-4638-b35c-ba942a099321\en-US\LocalizationData.psd1Filesize
5KB
MD5380768979618b7097b0476179ec494ed
SHA1af2a03a17c546e4eeb896b230e4f2a52720545ab
SHA2560637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2
SHA512b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302
-
C:\Windows\Temp\SDIAG_988b6d1e-ae19-4638-b35c-ba942a099321\DiagPackage.dllFilesize
478KB
MD5580dc3658fa3fe42c41c99c52a9ce6b0
SHA13c4be12c6e3679a6c2267f88363bbd0e6e00cac5
SHA2565b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2
SHA51268c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2
-
C:\Windows\Temp\SDIAG_988b6d1e-ae19-4638-b35c-ba942a099321\en-US\DiagPackage.dll.muiFilesize
17KB
MD544c4385447d4fa46b407fc47c8a467d0
SHA141e4e0e83b74943f5c41648f263b832419c05256
SHA2568be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4
SHA512191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005
-
\??\pipe\LOCAL\crashpad_4600_CJMLSBDFOWEJDZVXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2856-486-0x0000017AB1C30000-0x0000017AB1C52000-memory.dmpFilesize
136KB