Analysis

  • max time kernel
    50s
  • max time network
    56s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250610-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2025, 18:53

General

  • Target

    https://d5q4mn04.na1.hubspotlinks.com/Ctc/JA+113/d5q4mn04/VWbdCp5fxWsGW5Jc67c7Dwf1tW2nfwL35ytCK2N5t-njT3lcq-W69sMD-6lZ3nSW6X2_t25CjsNKW7njW161BSLwqW23CpLZ8-_zGBW76hKSZ906ZpwW8k5xsr7Gy0yCW99S9Dt8v104zW53ltgS7X6ygHW7TzdnN7lSlk-W6Z4Fmy7JQ8Y8N1sHpZCVT3KxW8dQMl67lBDXMW6nJtw33GgPh7W2RYF3c6w5yNwW5JhdTb37wnvbN1F-6jFjsVhNW4-C2TQ38ldcqW77QFqz7VyX-DW5h8HDs1SQ6p_Vb7BJ-9lvm1jN6clgMGtJM4Tf8R-Zp604

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d5q4mn04.na1.hubspotlinks.com/Ctc/JA+113/d5q4mn04/VWbdCp5fxWsGW5Jc67c7Dwf1tW2nfwL35ytCK2N5t-njT3lcq-W69sMD-6lZ3nSW6X2_t25CjsNKW7njW161BSLwqW23CpLZ8-_zGBW76hKSZ906ZpwW8k5xsr7Gy0yCW99S9Dt8v104zW53ltgS7X6ygHW7TzdnN7lSlk-W6Z4Fmy7JQ8Y8N1sHpZCVT3KxW8dQMl67lBDXMW6nJtw33GgPh7W2RYF3c6w5yNwW5JhdTb37wnvbN1F-6jFjsVhNW4-C2TQ38ldcqW77QFqz7VyX-DW5h8HDs1SQ6p_Vb7BJ-9lvm1jN6clgMGtJM4Tf8R-Zp604
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4188
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ff88b22f208,0x7ff88b22f214,0x7ff88b22f220
      2⤵
        PID:372
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2040,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=2020 /prefetch:2
        2⤵
          PID:868
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2248,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:3
          2⤵
            PID:3100
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2564,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=2720 /prefetch:8
            2⤵
              PID:5860
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3520,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
              2⤵
                PID:4664
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3532,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
                2⤵
                  PID:4708
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4820,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:1
                  2⤵
                    PID:556
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4876,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
                    2⤵
                      PID:3292
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4804,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:8
                      2⤵
                        PID:1592
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5388,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:1
                        2⤵
                          PID:4292
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5596,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:1
                          2⤵
                            PID:2928
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=3808,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:1
                            2⤵
                              PID:2628
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5876,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:1
                              2⤵
                                PID:4680
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5380,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8
                                2⤵
                                  PID:1172
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3776,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:8
                                  2⤵
                                    PID:1964
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6588,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:8
                                    2⤵
                                      PID:1000
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6864,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:8
                                      2⤵
                                        PID:2196
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6864,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:8
                                        2⤵
                                          PID:5068
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6536,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
                                          2⤵
                                            PID:1924
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:8
                                            2⤵
                                              PID:1892
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7048,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:1
                                              2⤵
                                                PID:6112
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6884,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=120 /prefetch:8
                                                2⤵
                                                  PID:1892
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:8
                                                  2⤵
                                                    PID:3568
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7060,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:8
                                                    2⤵
                                                      PID:4808
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                    1⤵
                                                      PID:4756
                                                    • C:\Windows\system32\AUDIODG.EXE
                                                      C:\Windows\system32\AUDIODG.EXE 0x510 0x514
                                                      1⤵
                                                        PID:5300
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                        1⤵
                                                          PID:2328
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                            2⤵
                                                              PID:4808

                                                          Network

                                                                MITRE ATT&CK Enterprise v16

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                  Filesize

                                                                  280B

                                                                  MD5

                                                                  70513332cfe5b518148a0b18ef97f28a

                                                                  SHA1

                                                                  164c8e2d8d70f81e62f11924bfc01d784583ba57

                                                                  SHA256

                                                                  76ff45838a4c64f365dc15ef0e8660a32b4ef2c8829190ffa16d0fa75bd9e774

                                                                  SHA512

                                                                  63ad5cd4f64e15b24dae9b01ede6fe8c7883a5b81708ba7093eb957329a8808e3915256044daae42c58ced7ff0881f0ebc9811e79b63af7d03d1b8a9945eb209

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  0dd57f01026cca9d62cc827b2652e2b4

                                                                  SHA1

                                                                  193717b4cb8fdaacf2074d1a80cc2b0a04af0c68

                                                                  SHA256

                                                                  cfc6d2fe2a5e6f37678919fbf69b77a37fbec6d9e547dbc881875b3a96920efc

                                                                  SHA512

                                                                  92155d9a9a1d14b51822afe399118b6f297c4bbc6d269b8f0a012c5b62cd7aa6b42fb174a5791de43fb70892a782971c4f211bce7acdd681124685ecafa8297b

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e474.TMP

                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  c7b268d22e7c2d26147391af5fa35f17

                                                                  SHA1

                                                                  0f915ab55a06c9873895c71a4f3540076327fa63

                                                                  SHA256

                                                                  6353bce984bcff42fcbe72d9b1bb5b55cfbb1b309d1ad73cc2629b11c8c83b08

                                                                  SHA512

                                                                  56b28391ec5c5b3fd28b65c3836e9b99ec7af4a8bbef8d641712ea3a9352ed7850b49f721370b69376a49693c9b12881956d008ff0791a71c03ad598e95e42f3

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                  SHA1

                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                  SHA256

                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                  SHA512

                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                  Filesize

                                                                  108KB

                                                                  MD5

                                                                  06d55006c2dec078a94558b85ae01aef

                                                                  SHA1

                                                                  6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                                  SHA256

                                                                  088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                                  SHA512

                                                                  ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  d751713988987e9331980363e24189ce

                                                                  SHA1

                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                  SHA256

                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                  SHA512

                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                                  Filesize

                                                                  40B

                                                                  MD5

                                                                  20d4b8fa017a12a108c87f540836e250

                                                                  SHA1

                                                                  1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                  SHA256

                                                                  6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                  SHA512

                                                                  507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  19KB

                                                                  MD5

                                                                  8f6e2ef0827c572c66ebe3bc70646009

                                                                  SHA1

                                                                  1eb11b18c3cd8e084df908f0026e11a64557da2a

                                                                  SHA256

                                                                  7b584cf8a60e24f533d92470de7ec124aa3450676e2aec2ed88b174b218d2d40

                                                                  SHA512

                                                                  27b2a558878625b48059df206bb49befcdff421270b5da1f4403ed4b7f95c4bc4ac33ee94c000e9ae875d6cbe6dcf1698eb7a42b2f216135e2a8d5b2fc9aca32

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                  Filesize

                                                                  36KB

                                                                  MD5

                                                                  377ea36c1e9969cc92351c66d58b1942

                                                                  SHA1

                                                                  c7c5a13089f7be47528247e09988ae8d1300be57

                                                                  SHA256

                                                                  23d33bf99645504497c20de366da683a8246a37ef0a062b2d1b74cc808f51740

                                                                  SHA512

                                                                  3185c39b690194704aa07f3b47a2963c5d5df3f5a412aea14638131f7366d4b539c2e3c62250daa17cf11b042189b7661df7e30b7b9b6004db52b4a534bccbe0

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                  Filesize

                                                                  96B

                                                                  MD5

                                                                  262eda4d738d6f42a4761a64a2e2ac02

                                                                  SHA1

                                                                  40babaa52aac072ab50692f12ad011498d7c1540

                                                                  SHA256

                                                                  7688ef832ec946dbbcf4956bc8cdf3de5e6909bdb64b9a73aefcfc4180c14a89

                                                                  SHA512

                                                                  3f28cfb04cd75f4be20da35269e1b0fb7bbb41d7f6b3949bf2d675700bd1c20ee1e715da890483a5ec8d48f8076b601f3dce765e4dc40c9d8a0d7412ee4dbdd9

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ac5d.TMP

                                                                  Filesize

                                                                  72B

                                                                  MD5

                                                                  e541abfd7a49992c2a0f42a29d4be6b6

                                                                  SHA1

                                                                  bf5d1b1bd07cd01ae80d1cc5c592892110504d5d

                                                                  SHA256

                                                                  dcde4b662929bff45715bc7330aab373262e6fbf1141c0ad1c3876a6726ad60f

                                                                  SHA512

                                                                  daf9d13a547b06c7203a2ead282db28e0b07ff5bc52ea684530ec1d1a8e23d05f9e60b70f6c2dc663cabd06c5941669378df31e3167842e553be28474bd764d2

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                  Filesize

                                                                  22KB

                                                                  MD5

                                                                  baf1775e74f8ebd99c184f1fab0d2b0b

                                                                  SHA1

                                                                  e0db0374f02ff1ed2a7e4b6e1a54e7e1a37ecb24

                                                                  SHA256

                                                                  f6c8dd5dc4c589c53cad576c9b1a9cdfc8b60d0fa833350a927d41ea2944883f

                                                                  SHA512

                                                                  8c03be7fb196b716055355caddfd40d6006f2c98fc91be0c6dc38f0ae52da8c7a838de89fa7588301b838e7996f3c41bcebfbe6a31767260da075252a5556028

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  38KB

                                                                  MD5

                                                                  8f88c3f9ad715ee60e88f584a251ead2

                                                                  SHA1

                                                                  980ce25bf450b7492b03ef85c5c80ad94e075ba6

                                                                  SHA256

                                                                  36b13282a76c219a9c31b97c6d8e58b02601299ccfb809aad9161961df2bb6f9

                                                                  SHA512

                                                                  38c09291545c3a1d9af6f437c806264f22e3471f6eed29626ab120e7edc09dd995d997567dbe20d1e31b84c431d8a40413b1ea9b41f6baf78bcf2cb50c0860bb

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  38KB

                                                                  MD5

                                                                  e2afbfe205736483a550a836982eb29d

                                                                  SHA1

                                                                  1eae17b27d7c24ccc36ae2f87720ea7ec3db7962

                                                                  SHA256

                                                                  335d961a8034dd29246e07434c5ef650293eb55a62abbe167743c9241ae844fc

                                                                  SHA512

                                                                  b0885f0f5cc3fbd835fd6bc789bb27c16cd5287004ea837bc70c3fdb62156f504befc46fb0def019eeae689eb9d8b2282c1492d9f1b40074f1b3a536ea973e2e

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  45KB

                                                                  MD5

                                                                  69ed4b0a91e9271db1a8167b6c27e54c

                                                                  SHA1

                                                                  8895dd8dcde617bccab9109d45097236f3bea83e

                                                                  SHA256

                                                                  8f61ce81b379d1f7554dde2960c2357f8bc683980cc34fc6c05816a2540fc161

                                                                  SHA512

                                                                  eaad52582634704ad0c44c8143a1c951542e1eae9684881bdfc875a026f100f35df6e6730b8cb35495baa9dfc8d258fd476065592272b8301731c9a76e97f4dc

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

                                                                  Filesize

                                                                  156KB

                                                                  MD5

                                                                  b384b2c8acf11d0ca778ea05a710bc01

                                                                  SHA1

                                                                  4d3e01b65ed401b19e9d05e2218eeb01a0a65972

                                                                  SHA256

                                                                  0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

                                                                  SHA512

                                                                  272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be

                                                                • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  e70966776f936535e47983256362530e

                                                                  SHA1

                                                                  846919a4376e28a0f588c2067540ece7688dc476

                                                                  SHA256

                                                                  b20f121786db269d9dbca6d4bc28675396491b124638e7a8244e98561aad1476

                                                                  SHA512

                                                                  92a35a619b3d29e2aa0fc787b3d3fdedaae6623b183f353949855da087759c20c559650ef88ea29d0900d0f50c3e27e73ff30f25aef10c9f9eeea0c10236dcdf