Analysis

  • max time kernel
    67s
  • max time network
    68s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250610-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2025, 19:22

General

  • Target

    https://github.com/pizzaboxer/bloxstrap

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pizzaboxer/bloxstrap
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:852
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x338,0x7ffa6b64f208,0x7ffa6b64f214,0x7ffa6b64f220
      2⤵
        PID:3968
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=2684 /prefetch:3
        2⤵
          PID:3116
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2616,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=2608 /prefetch:2
          2⤵
            PID:5148
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2260,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=2784 /prefetch:8
            2⤵
              PID:440
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
              2⤵
                PID:4604
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
                2⤵
                  PID:4552
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5392,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:8
                  2⤵
                    PID:1176
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5400,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
                    2⤵
                      PID:2688
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5140,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=4744 /prefetch:8
                      2⤵
                        PID:6020
                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:8
                        2⤵
                          PID:5112
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:8
                          2⤵
                            PID:5096
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:8
                            2⤵
                              PID:5636
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5744,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:8
                              2⤵
                                PID:5608
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:8
                                2⤵
                                  PID:3644
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4248,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:8
                                  2⤵
                                    PID:5100
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4756,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:8
                                    2⤵
                                      PID:388
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2116,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:8
                                      2⤵
                                        PID:4776
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                      1⤵
                                        PID:4816
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                        1⤵
                                          PID:4996
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                            2⤵
                                              PID:3728

                                          Network

                                                MITRE ATT&CK Enterprise v16

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  280B

                                                  MD5

                                                  2294f3d9a64baef128a25b87589d389f

                                                  SHA1

                                                  424e387efc6a6a15e78b75f6993c1c2b3075b1df

                                                  SHA256

                                                  36f7957c705b6991cf14d92a054f5f029666152a4064d59cb0ff3d928b29281a

                                                  SHA512

                                                  bb23f81a610122ced958c119f398ccb753bc760084b92484f78a9459cc4d055ac6268aecaa350bc311fddbc08be89103ff36ebfa92e240e383ee2f155e899858

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  02ce9ee75bf1fbb818bb1e5060698b24

                                                  SHA1

                                                  e515b02d0d86af761dd8ba60e117ea52c12ffca8

                                                  SHA256

                                                  133da34bf9abec62d2b346f9c851a51dc9a365862a271983824f9d5c38530d15

                                                  SHA512

                                                  202e4b51151742b3f5e5ba4a07dfbd67084e9293647a5e9dde1bf8e454c74d8a4b93758ea9e5e22106f255f95a511b708ce08efc98e5f7d1f6c5821f0db1eb27

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe587b74.TMP

                                                  Filesize

                                                  3KB

                                                  MD5

                                                  f89442fc9bb2551ff60c2f1ecb66a529

                                                  SHA1

                                                  496a07f132b004405928381229d1de2d6b071862

                                                  SHA256

                                                  b082533fb4eb45c2b2fcbe77956cb5d7327d1bc0f581b3fb6d37427a4560421d

                                                  SHA512

                                                  569d517b019997d69502e7152abda4bc031af828d8d166fdcc1f6395fab1add0f43620d72698ea1abe1f6281436bb0fcf13fffb92449615f29cd90598dd1dee4

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                  Filesize

                                                  2B

                                                  MD5

                                                  99914b932bd37a50b983c5e7c90ae93b

                                                  SHA1

                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                  SHA256

                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                  SHA512

                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                  Filesize

                                                  108KB

                                                  MD5

                                                  06d55006c2dec078a94558b85ae01aef

                                                  SHA1

                                                  6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                  SHA256

                                                  088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                  SHA512

                                                  ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                  Filesize

                                                  2B

                                                  MD5

                                                  d751713988987e9331980363e24189ce

                                                  SHA1

                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                  SHA256

                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                  SHA512

                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                  Filesize

                                                  40B

                                                  MD5

                                                  20d4b8fa017a12a108c87f540836e250

                                                  SHA1

                                                  1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                  SHA256

                                                  6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                  SHA512

                                                  507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  16KB

                                                  MD5

                                                  cde9046278d3266b05e899e8c68066f2

                                                  SHA1

                                                  d6a6ddebdd66815c48a4dff80902b0c1555e51c3

                                                  SHA256

                                                  ceba2b266e51b193a9742e1ad6457791bc55b6fee292268c1327f5374dfa413a

                                                  SHA512

                                                  362787f75fde7e3b5a23e47677911860e6bc0cb979937fd032af3160349f2e08582a1ffb3a535b0290da63a2e81a0dbba24f4105da1f1667bae0155eccd8f2b3

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                  Filesize

                                                  36KB

                                                  MD5

                                                  7278aaa23c5df0569cc0443ad7119eb7

                                                  SHA1

                                                  7a40e79d1c9e5d00dbc59de73e29d62d6534d576

                                                  SHA256

                                                  d9c7185ede5a507eda5ffd0e40f32a22f9db2b4d3ac2aa7a2564f9d0ec7f9fa8

                                                  SHA512

                                                  41938722f12aee4df1bb057462c192c7a18bec484af4dd4c0b5211d697a7468a3d1cdd9d8bcce0551f27e8a7e1ebfcb0e4cec481570c1aed06850660df039ec1

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                  Filesize

                                                  22KB

                                                  MD5

                                                  c28d41bafb3e6f4d8e8928b0b16cebbc

                                                  SHA1

                                                  276a27aa6392a920936f2f20dbdfc1b218d32307

                                                  SHA256

                                                  74836d72edb6f0339fc8972fe19ad6a910141704ed7a22633d478abeeb1d009f

                                                  SHA512

                                                  0199d5eea9d945e099fdc10f85edd164623e844f5eff4ef96ed8602e9a45cde554aae45b386259c6991174cba6c6b03ba6c1bda1aad5c0179924c6b87b8f4a06

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                  Filesize

                                                  462B

                                                  MD5

                                                  89c34b37eecfc776af6a6991c8d70912

                                                  SHA1

                                                  f7e0c601523264f968052f0885aa46882348acd5

                                                  SHA256

                                                  d6483468b314d7981ede895c0e403b25df41be0bae765a64085218e541ad136b

                                                  SHA512

                                                  7c99f8d27ae76da7096d7ad3e56ecb6ed6df648f8614bf743307369a5f48895a05ecd9fae5c3d01807b39701d2744ca15eba400bdeb949088341ccc5aa421293

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  38KB

                                                  MD5

                                                  23c604380bc301518081378fcbcda41e

                                                  SHA1

                                                  2c78c7133494868616817733f8bd36055da78ca2

                                                  SHA256

                                                  bf02bea2dab4426bb4e6732110ffa628dc39504502e4ae4a7feff8205a50dd38

                                                  SHA512

                                                  6429d01ebfd3d479bee7f9a737b98138ed9cfdfaf4c0a095ae788731a54cabc424b62d06fbd8ef920086dffffd794f7b0d32c9f0a85800a22a109b46b02e9d3d

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  38KB

                                                  MD5

                                                  01c672b92c8ccaecf8069c5df4963d1f

                                                  SHA1

                                                  135b90afed5519d424a79d45d0defcfb04e13e16

                                                  SHA256

                                                  a7383d1309b9a94b6dd148fc15b2094475649473922c73b7acde725c6b42349b

                                                  SHA512

                                                  c860f9b55a0ba76033e612a7fa9c9d6fc4a132c777ba779ff0f9585269250d97bead198caf97edf16bab67b01db17fa15f29101b20d70457d16a5ab4e4958350

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  45KB

                                                  MD5

                                                  196d7830a1ae7cc11dadc6f8b8508caa

                                                  SHA1

                                                  95707f47257cf33b1cbaae9f143faa6e76314dd5

                                                  SHA256

                                                  46ae0b16b8c9a875c89cc8de8139c64be37af710ad10cec1bc8af245eaa0c003

                                                  SHA512

                                                  6c6b1e5558d5fe156a69b0a89fa7c5512509a0b9fbd330a57d2012d3f7f4e7abd2dcf8a97ff4e123d7d1d55190cc37a717cf88e6e0f09cd9830f6c033ac1625a

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  45KB

                                                  MD5

                                                  88348699ea5eb69f3cdf79ae652dfd22

                                                  SHA1

                                                  84b1b3a0019e52cbbaea8daefc361da6ffc85c18

                                                  SHA256

                                                  e8f5c2ba7b2b6bf1a561038a225698c1aec34a2c823106e3668fea55decb6a41

                                                  SHA512

                                                  479275feb4a04d2bf7e8cc4e71a610f5f5f704b52cbbb670b9880bf1dfdfeb5b7f9caff184bb2739be694a0e9f53d4b084d2ddf7d9cb212098871083d4549971

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                  Filesize

                                                  392B

                                                  MD5

                                                  def7a8a797d8fab52aa80887070bd1de

                                                  SHA1

                                                  0c70740c02037606fa7180773d30b70fd28411f9

                                                  SHA256

                                                  46968f8a217cede7072b2d6aa831cd1889be5cf61cf762d72803f44127d85661

                                                  SHA512

                                                  270b7197b4f3e82766dd11166f9008f51ca6ef55c9a2a1974f51a7d61f23f6011ff513b95664ce5cead8c326c83eb99b570bedc84955cdf12fa8c24079dd7f53

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                  Filesize

                                                  392B

                                                  MD5

                                                  e80dbe373b1308b3872738bfa9960d47

                                                  SHA1

                                                  df67f8fe24647a15e2a4260434dd3c08637423b2

                                                  SHA256

                                                  a72720bda8d0668fe9e11e77ea4d7e0fb2acedf70847d1e10bf6b183515ac207

                                                  SHA512

                                                  ee8c74b4356d3a1283e66baffa60bf6634b62130c8fd1843aee7480e4ca8a792318196bf56fc9fb42036fc887dd47ec31dce2e147ce62808ee3ff6e3bbc87b9f

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe580913.TMP

                                                  Filesize

                                                  392B

                                                  MD5

                                                  56a09b49e9430f6e431d70f6fe6e224b

                                                  SHA1

                                                  bd460647bcb387208e69de2367ca4d110198855c

                                                  SHA256

                                                  820a4ce8f91a8e42c702215bd15d7f1908ad04e53d85f0ddb90cdc4ab9514954

                                                  SHA512

                                                  519fcd078d80d06f9da7e6644853bccc7790303de17d920bbeeb2840aaf325e96a9b3e9b0dd3d05e343ebbc96697abcd1d2b5d34e739e2fa4b68af59cc778485

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

                                                  Filesize

                                                  156KB

                                                  MD5

                                                  b384b2c8acf11d0ca778ea05a710bc01

                                                  SHA1

                                                  4d3e01b65ed401b19e9d05e2218eeb01a0a65972

                                                  SHA256

                                                  0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

                                                  SHA512

                                                  272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be

                                                • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                  Filesize

                                                  2KB

                                                  MD5

                                                  3b138effd747715618582ab9e91cbb39

                                                  SHA1

                                                  54393d51eaf9f5aedb3eb5e2ee8914ee87e3b7dd

                                                  SHA256

                                                  62bd20c24d06c6edaf027b66ef099b06de2600d0c421a4541955031ac9218424

                                                  SHA512

                                                  8fc38257b8925a4007ad43fb4ddaaca6cd0d7cc6e401d70746a70209dad557266964d0ec7ebc827d20859a1eb6b6400bc1199f450fd93630a9926618648b9ad5