Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-11-2024 16:59

General

  • Target

    https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-38N87309NT488983A%2FU-46J66644HK157514P%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=jr4Mej72SiK3GWrhbpIcjY4Dg4nY4kNEzksakQ&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-38N87309NT488983A%2FU-46J66644HK157514P%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3Djr4Mej72SiK3GWrhbpIcjY4Dg4nY4kNEzksakQ%22%7D%7D&flowContextData=axIk0SEeHObK1uCCRM_PfzqrGREVOPWtI3RZ_S_iboa56Hh7o3G-UKsOwhW7X3dLmxZbWiJUOjmompJ0QFYP-TbMP-7aQFblFANdA7kdR4qK3qlLTZxZ5XvY_FJzDbJks6jK-DxTG4D_HvLvcFTwHlzZ27dy4yFo6dgA3MI1m3zcfYGbR0gTTj5gNWYZuSEsYvU3RtWYI4dpbdRvCbXWDrDy7x9LIZZZ5ifpDyGnJXQ7q7YX6u9_9z-60HMDI7OJXkbYtDNJrdA0nNMaSEvUlcxz1MC57JEmVfaekq6W7YoXMN2z&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=62ee71d4-a8dc-11ef-bd9d-07c85df43a96&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=62ee71d4-a8dc-11ef-bd9d-07c85df43a96&calc=f236722d9dcae&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin

Malware Config

Signatures

  • Detected potential entity reuse from brand PAYPAL.
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-38N87309NT488983A%2FU-46J66644HK157514P%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=jr4Mej72SiK3GWrhbpIcjY4Dg4nY4kNEzksakQ&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-38N87309NT488983A%2FU-46J66644HK157514P%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3Djr4Mej72SiK3GWrhbpIcjY4Dg4nY4kNEzksakQ%22%7D%7D&flowContextData=axIk0SEeHObK1uCCRM_PfzqrGREVOPWtI3RZ_S_iboa56Hh7o3G-UKsOwhW7X3dLmxZbWiJUOjmompJ0QFYP-TbMP-7aQFblFANdA7kdR4qK3qlLTZxZ5XvY_FJzDbJks6jK-DxTG4D_HvLvcFTwHlzZ27dy4yFo6dgA3MI1m3zcfYGbR0gTTj5gNWYZuSEsYvU3RtWYI4dpbdRvCbXWDrDy7x9LIZZZ5ifpDyGnJXQ7q7YX6u9_9z-60HMDI7OJXkbYtDNJrdA0nNMaSEvUlcxz1MC57JEmVfaekq6W7YoXMN2z&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=62ee71d4-a8dc-11ef-bd9d-07c85df43a96&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=62ee71d4-a8dc-11ef-bd9d-07c85df43a96&calc=f236722d9dcae&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:116
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3d6846f8,0x7ffc3d684708,0x7ffc3d684718
      2⤵
        PID:2376
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        2⤵
          PID:820
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2812
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
          2⤵
            PID:4952
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
            2⤵
              PID:2224
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:1184
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
                2⤵
                  PID:2888
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5196 /prefetch:8
                  2⤵
                    PID:4008
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5220 /prefetch:8
                    2⤵
                    • Modifies registry class
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2008
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                    2⤵
                      PID:2588
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
                      2⤵
                        PID:4588
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4868
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
                        2⤵
                          PID:2444
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
                          2⤵
                            PID:4304
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
                            2⤵
                              PID:4524
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                              2⤵
                                PID:1516
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12483263980040846188,13774713555724739945,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1840
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2108
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3372
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:408

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    dc058ebc0f8181946a312f0be99ed79c

                                    SHA1

                                    0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

                                    SHA256

                                    378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

                                    SHA512

                                    36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    a0486d6f8406d852dd805b66ff467692

                                    SHA1

                                    77ba1f63142e86b21c951b808f4bc5d8ed89b571

                                    SHA256

                                    c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

                                    SHA512

                                    065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

                                    Filesize

                                    215KB

                                    MD5

                                    2be38925751dc3580e84c3af3a87f98d

                                    SHA1

                                    8a390d24e6588bef5da1d3db713784c11ca58921

                                    SHA256

                                    1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

                                    SHA512

                                    1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    936B

                                    MD5

                                    fd7faac33b3a8446584342efe3eea9bb

                                    SHA1

                                    42f74e37cf3564d71e47565de2e7a9665c47cb3e

                                    SHA256

                                    c4606af9152a90fae828c05e5885970b14e56e1a1ac959b83903452cc1283c47

                                    SHA512

                                    19f353e1a233cd5aaa954f8663b28f63b5fe009d26ca422bcbf17dc4d0cb9fa2a0c33b99996068e9b13589c9370a931910a0bc44e2606d7ebdc80b7d851d5b77

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    1KB

                                    MD5

                                    c8e5f203e99c6a13c470a526e2a49faf

                                    SHA1

                                    caf47753f2978a4eaa21626492dbebd6e6d52734

                                    SHA256

                                    1fd9899934f738bf369c999db9e49d94f6d6f83f91788ef4ec7e36987e5ef1cc

                                    SHA512

                                    a381d97b8853a085b86e0d7f9de6db90e9ae5b3dccfb00c3396169284117726ba5f742af22a8767d891971daadda23ee307c41748491f1808be801b5c048c400

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    6fb53f09f497cdfab57b639d3143615b

                                    SHA1

                                    246120dbc2bb4a3f6f10e1f01f265e9987c58081

                                    SHA256

                                    deab64e651346f0a9cd8cb07a5d814ab70e9f4b38c4c4d4b81803368a004f330

                                    SHA512

                                    abc0d99051a025ac46d2df1917f6d1b777cf9faf725ad33221377848379bd17a1133d4a23d26fb4590d62256551bfe4a1d75ead25afc98b6af101508b7500f95

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    6ffb8301251f3d4883f18d0803283a70

                                    SHA1

                                    14491a57b917a1d01e966747cee4a701a92b786c

                                    SHA256

                                    00386e13713c09ae9c83b9750dfb73cde9f5a13a3499d9942705af6e88b86780

                                    SHA512

                                    3f619cdbd7ff928a9176aacdead91e64303b5489a30af823c9dc5cc1957bac834b4a9b398abb84e616171d05b40fd8b1d35281d161cb8d0baafdc29fd1a2920c

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    692b6a7f7d54f5f520fd9a183e5a0045

                                    SHA1

                                    13696b02986806ce9fe0276a6cfdbad2ec2540ec

                                    SHA256

                                    387324ff73fbbb03e79258024c46622db8f7bab142aedba097161cefeaf33754

                                    SHA512

                                    bda88714cd7eff16414ebbc851b7acb1dfd25dae59f9438ddabb9441d02b6f9ca792b899c3e33248015764abb0d78950613083c87079abe69daf5b6697f45654

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    481f7828c9a5d8092dc328e99785b578

                                    SHA1

                                    e029b0ce1e180fc390d5a2df08002f975af67d13

                                    SHA256

                                    fd6af62a96bee56ecaf22f358224b7dddc84d6e72c0884d2c77e413e90d7cd3f

                                    SHA512

                                    e33ab5474bbcf1413b1da18404a76387da84b468f4aa0a81ad3004d72d5d87be04ccb4e71f28328e6473f89d7168eea2328140375d8353f800344c30f0abf5f1

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                    Filesize

                                    1KB

                                    MD5

                                    32473d7d4aa40b95a587111af8f544db

                                    SHA1

                                    ca9a2ff34071ef9e0e3a9595ff66c0b0f055774e

                                    SHA256

                                    9e49a663c89f73d0c89c78485020302e64986d28e950855c08a0fa6b807a37e5

                                    SHA512

                                    2dc651a78cf8a7aa1acc64af0ff0ac243003d45af9dc715251e598bef7ba2916eb35d0dedb195dc2891c2559dd0c41da127610bfe4b671b58148682883623ea4

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d2a.TMP

                                    Filesize

                                    1KB

                                    MD5

                                    bcccd26ced79d2f0485c6d3495a89e24

                                    SHA1

                                    648310b2464318cef13f80c46e4cb86c2feea779

                                    SHA256

                                    5ee733f425d84d2d979e3bfba8fd00d15d594fb323c12a146096ab74c898858e

                                    SHA512

                                    966ce58938738957161ff81794bd2b31ab148762e2cc9f36d4ae3b56c70546a503b4e2e748e41bc6601ba21fae4a429a723e7c62da22cea8d5658bff3969a7e7

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    10KB

                                    MD5

                                    ac9ba6891ce19ef2cf650f9d16aaf206

                                    SHA1

                                    9c6249d17389fe151d2925598bc600c8d4d1fec7

                                    SHA256

                                    b979c58542df8af447842df658d6a0b90dafd4efe07052b5f8be00810976c3da

                                    SHA512

                                    6effccaa5e6d187881adff8380f8b2ca625bc1c2e1507463f23cf5668be90eec1be3c450f7d7325586396f88b9ac2a1bf4ba10390f83f92993a808fc27f710d6

                                  • \??\pipe\LOCAL\crashpad_116_UIGHDJQZDYWTLVJF

                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e