Analysis

  • max time kernel
    545s
  • max time network
    561s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-11-2024 01:07

General

  • Target

    dyv.png

  • Size

    1.8MB

  • MD5

    11b7bbb67f673539b5a2c0f2962e3a80

  • SHA1

    7049f78608ddf8fcfedbf24724bcaf92794866f3

  • SHA256

    ec21bc5f665662e4492b99aaae389f5a132619ef73631118b6e2d3a3a231e275

  • SHA512

    c21d38a50fd8e4bec8027c6bd103d81b354afd2c1e1fdc581d016a40eaf9ffa879d50a39361dd36a8bf0197685161173b154c7902e8e861bb835bbbd79ba0b87

  • SSDEEP

    49152:oJkPBnd7Ez7fqZxqjbfb66iezYy/0eSOYseXW58n5:oJEEz7QxqjbOnezYy/ZVYXW58n5

Score
7/10

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: [email protected]
  • A potential corporate email address has been identified in the URL: [email protected]
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\dyv.png
    1⤵
      PID:1868
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa286546f8,0x7ffa28654708,0x7ffa28654718
        2⤵
          PID:4716
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
          2⤵
            PID:4560
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2480
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
            2⤵
              PID:3480
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
              2⤵
                PID:4832
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
                2⤵
                  PID:3172
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
                  2⤵
                    PID:2936
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
                    2⤵
                      PID:3920
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
                      2⤵
                        PID:4760
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4632
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
                        2⤵
                          PID:4808
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                          2⤵
                            PID:3052
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
                            2⤵
                              PID:2504
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                              2⤵
                                PID:4320
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
                                2⤵
                                  PID:224
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                                  2⤵
                                    PID:3268
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
                                    2⤵
                                      PID:4772
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
                                      2⤵
                                        PID:1896
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
                                        2⤵
                                          PID:3724
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
                                          2⤵
                                            PID:4636
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
                                            2⤵
                                              PID:4228
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2824 /prefetch:2
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:2060
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
                                              2⤵
                                                PID:4556
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                                                2⤵
                                                  PID:4312
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
                                                  2⤵
                                                    PID:1696
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:5116
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:4840

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      152B

                                                      MD5

                                                      6960857d16aadfa79d36df8ebbf0e423

                                                      SHA1

                                                      e1db43bd478274366621a8c6497e270d46c6ed4f

                                                      SHA256

                                                      f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

                                                      SHA512

                                                      6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                      Filesize

                                                      152B

                                                      MD5

                                                      f426165d1e5f7df1b7a3758c306cd4ae

                                                      SHA1

                                                      59ef728fbbb5c4197600f61daec48556fec651c1

                                                      SHA256

                                                      b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

                                                      SHA512

                                                      8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\33c5503d-5588-40e1-b4b1-5e831c70badc.tmp

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      1c34691d92421e889fe94c31048d3ab4

                                                      SHA1

                                                      320f22065523b8392ed251299dbfcf1bb20a02de

                                                      SHA256

                                                      9a11ed235715b1ebc6f457ec7046735d008bd26ece0e4a673d077771cff0f006

                                                      SHA512

                                                      9ce9db8bee2fa566715f4fee7dc77d2c9d2e877c891fe20013597661da2eeb49c1bff91136a4b874a94ffb7ccbef16a323e63305a9cb3e3c2948211de7f385a7

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      579f1aea191e39a2b65ef4dff8ad3274

                                                      SHA1

                                                      f48598e36ae163b5c7e5649019988fd22e34555e

                                                      SHA256

                                                      b19f8bf7115f9f14d3c194111e86c409140e9706a4a58c6839ec7df5e9744aed

                                                      SHA512

                                                      48630f4cc8402d0de6c715fc25512a970e22c6bccbab658fcad97faa8b2bccf4c3503789bd70db5a430d749a3b84a8cfcd3bca80fdf9c69b187e900645afb974

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      a5ffcd8bfffe5df2903a457ac77fb780

                                                      SHA1

                                                      03c3189501510aa6deb99b0eeeebfbf23fd53d84

                                                      SHA256

                                                      2f9dc6523b3a2978353afe5e2311e2838d95629e32aa1d34d637be9225961077

                                                      SHA512

                                                      6145cf21b57dd4d4564d489951d6203868443d49a6cd1865810fdb434c04812ade7b7949908947bf3b123205f6b325335548ac1f9473ca7c11abf88e6185347f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      2aa763ef3ad2351683ca045c6ba40e30

                                                      SHA1

                                                      8d9d8e967919bd8f42f168fb67529bc02c8c216c

                                                      SHA256

                                                      34d0fa42e4a6c64618ae0143909d418d409111367794e60e75240f9aad56ef3c

                                                      SHA512

                                                      ba44aaa1d9c551d3f2f804606ec22b93b63cb45e0edbf0ab4a1339304a8f6f31309a10aa76badbb7dde6a1f8f9acfb37041db099f1fdb3e94bf4e5b96ce1320b

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      1f467367def816172aa7b0019f196407

                                                      SHA1

                                                      6cedeece9f14f5f8bb4d17b8dc1146d73f0a5501

                                                      SHA256

                                                      f405d5d904cbc37b2cd25d1ce05f29e6f3705dd76d151ed8262faa0d5c42827e

                                                      SHA512

                                                      71c7c88137c8b1c07fabbfce62935564c75dbb904298e53925d7dfa42f185fc9cde46684f9bb27fb07c7489607be8dc3296ca8b88778ce5b460d90096d966166

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      60b3e50c4e423cdbba6d92c135ba1f41

                                                      SHA1

                                                      30acfeeba911dec9381a4b323ca329f78b9e3d86

                                                      SHA256

                                                      70b118fce1378e619f1733041a2a1776c4548b139528bd38734f2c1562c15d74

                                                      SHA512

                                                      b4e7f3488c7d320a6bfe4a3a6df4069e106bef883bea51f706b0137995700bbb04d56491080674721317353a1ede25249c9f8fd6e0e8c11367f5f6d2cc11dc1b

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      c32cdacc020d636ca80a08de31f079e3

                                                      SHA1

                                                      47e98226d69213dd2787b2a203e576fe75b718ee

                                                      SHA256

                                                      56242e90cfa879662b8c8e57eb19bb024478dcb29b66ba1cfa3808f922572a62

                                                      SHA512

                                                      b9c868b3ad05c851dc137c112dd489a503b92bc33a127ceddcdd36f51a0af74d2c8f290ae23f448f8cc93dbcb9696d4167d4b8966e38c84b39c72df26b5f0aae

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      0a5876716a29f3761119a169041bf84e

                                                      SHA1

                                                      05cf86de2645e469c3498e4145a676fb07f00e37

                                                      SHA256

                                                      9cfc1c9f23cbc66ea77a83c41161a26089f12f0711b623c8ba1f336c9ba9537a

                                                      SHA512

                                                      fb231e4c77cae1f609289434b3d88c0a3b1f3ce93ba45cab0a3007045d246ad53fe0eb3b8a5beba08ae624a06caebd38cb20f812e238a2747722f312da28f7e3

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      7KB

                                                      MD5

                                                      ce83bdbbc53c2d35b2e8224b046a4f0b

                                                      SHA1

                                                      0c5e20ee77a0b1d0e7a6f93d7d5eaf0a0893cfba

                                                      SHA256

                                                      04afd8415cf68de4ad44ab2c11b8d63a47faac75c0fa04004e332543f501f199

                                                      SHA512

                                                      3ff3651d4bd2e5b0e4f1d29e70708103862a39f21cb8204e553ac54c23c66165f58ec63522c80ccfe9409943cd294dfc71d64f7e42afafd952536f11d9b2193f

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      6KB

                                                      MD5

                                                      96ea33acfd707739afceaa7c3ae416c6

                                                      SHA1

                                                      656ee5bc611b610bb3789a3b275de35753b359be

                                                      SHA256

                                                      8ee6338c08acb1ae166f5edb528c69d55a2902bcf2049eaddadbad1cb0cc7888

                                                      SHA512

                                                      7d8125951ef80430f6a3bfc858c2433d403f52595acbcc37445f865de5f7f9b713b6d49b04f9f06dd23fc68bb8cb999887e48509293f399bb5d42cceffd7644b

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                      Filesize

                                                      5KB

                                                      MD5

                                                      b0a63c098861766d814dc5549594ac7c

                                                      SHA1

                                                      21d5654d2a9b59f05f8cc537826e65f2662967db

                                                      SHA256

                                                      4c5d2806cc11a5cb20a7cb38f4c0c65e8b5ea3a3500cf0b65e1673460bfed83a

                                                      SHA512

                                                      5ef625c3b2e1a7dde347722b17f6aa7ea32620bc926aa531f76c4b24962f84b6c194b66ee96ae62338e1c0c69a51357500a9e9b3b70e250ba0e0f69cd4cb1871

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      e2ae783c62a0ab1ce222ee614e0b0ece

                                                      SHA1

                                                      9a5aa0e32c6f29fb599c0a5e6d42d0c86afc73be

                                                      SHA256

                                                      844cd9705bf09e5c077bdd1d7ff43cac8a8516276ba6d9652cdaadb9ed2c2e58

                                                      SHA512

                                                      4725a659fda2818935fcdf364a204ba936f95ab9a3a77638f1d64fe5a2f988c8881375333b51a9dffec82d2ed8910783ce6a40e350721a3631c5cf92872cc72e

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59ce91.TMP

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      c1eafcaa15e402bc5e4f290dc54fa7a8

                                                      SHA1

                                                      b1fa968a88306fb288c15290ba72a5f4fd4998a5

                                                      SHA256

                                                      5551b312e37c18e9f1bfc49f613f5eade21291da711c2daecd027b9dac4c803e

                                                      SHA512

                                                      066389b7a1cd02cbd129752a0f766a3573b88ad9061077321d0c1fac4f2b1a69254faf20c6cf9a748bfdd6fb285d9896b8a0c9c9293210f14244589ddaa5fa20

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                      Filesize

                                                      16B

                                                      MD5

                                                      206702161f94c5cd39fadd03f4014d98

                                                      SHA1

                                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                      SHA256

                                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                      SHA512

                                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                      Filesize

                                                      16B

                                                      MD5

                                                      46295cac801e5d4857d09837238a6394

                                                      SHA1

                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                      SHA256

                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                      SHA512

                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                      Filesize

                                                      10KB

                                                      MD5

                                                      95563e3bf8599edbd86ec48612d03908

                                                      SHA1

                                                      6a409800a0bd1fce73a91d75dc852dcd12d97ed5

                                                      SHA256

                                                      9b0db91c798f290bd096d8d75332e3a31e66733f80a47661e589f7816eafa263

                                                      SHA512

                                                      439f3c61c78ea3a4ea4a9bb8ebe5138fbe48f21e3c1f77812748d37ad192eb4b1a1e611c9eda3e7b45ecfb08bcfcd362b539574afb542938cb7ca9f3954ab7ae

                                                    • \??\pipe\LOCAL\crashpad_1720_RFETBBXITANGRDPO

                                                      MD5

                                                      d41d8cd98f00b204e9800998ecf8427e

                                                      SHA1

                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                      SHA256

                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                      SHA512

                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e