Analysis
-
max time kernel
170s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02-10-2022 04:12
Static task
static1
Behavioral task
behavioral1
Sample
4ebc2909f676bfe052c3afea0c5ece94e25aaf7056b9392b9cdeb64ef5d33deb.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4ebc2909f676bfe052c3afea0c5ece94e25aaf7056b9392b9cdeb64ef5d33deb.exe
Resource
win10v2004-20220812-en
General
-
Target
4ebc2909f676bfe052c3afea0c5ece94e25aaf7056b9392b9cdeb64ef5d33deb.exe
-
Size
381KB
-
MD5
7a57ab6e8506f0e54408bd299c7542a0
-
SHA1
25ccaff8c326fb348c58467da08688d64b24676f
-
SHA256
4ebc2909f676bfe052c3afea0c5ece94e25aaf7056b9392b9cdeb64ef5d33deb
-
SHA512
af1afe8581355679ab63c32f653b8971ad9e065cf2654edc746fb491aeaa9f7298a496a275958dc1abc333217dafe371b2fd4aa1d6a75e98227dc2faedef34e8
-
SSDEEP
6144:KCvc/B+c/Bahv2KuxaO+VOVXl+g2bje/TcpqoUv/bbyTfBU1ieA8:fv7v2lf+VOVrt/TJJ/vIfKA8
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\1b8ad81d-3044-4561-bb1c-96f43ff3e6ca.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221002070932.pma setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1248 msedge.exe 1248 msedge.exe 4040 msedge.exe 4040 msedge.exe 4168 msedge.exe 4168 msedge.exe 628 identity_helper.exe 628 identity_helper.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4040 msedge.exe 4040 msedge.exe 4040 msedge.exe 4040 msedge.exe 4040 msedge.exe 4040 msedge.exe 4040 msedge.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
msedge.exepid process 4040 msedge.exe 4040 msedge.exe 4040 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
4ebc2909f676bfe052c3afea0c5ece94e25aaf7056b9392b9cdeb64ef5d33deb.exemsedge.exedescription pid process target process PID 1092 wrote to memory of 4040 1092 4ebc2909f676bfe052c3afea0c5ece94e25aaf7056b9392b9cdeb64ef5d33deb.exe msedge.exe PID 1092 wrote to memory of 4040 1092 4ebc2909f676bfe052c3afea0c5ece94e25aaf7056b9392b9cdeb64ef5d33deb.exe msedge.exe PID 4040 wrote to memory of 1584 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 1584 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4816 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 1248 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 1248 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe PID 4040 wrote to memory of 4948 4040 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ebc2909f676bfe052c3afea0c5ece94e25aaf7056b9392b9cdeb64ef5d33deb.exe"C:\Users\Admin\AppData\Local\Temp\4ebc2909f676bfe052c3afea0c5ece94e25aaf7056b9392b9cdeb64ef5d33deb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=4ebc2909f676bfe052c3afea0c5ece94e25aaf7056b9392b9cdeb64ef5d33deb.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8f47e46f8,0x7ff8f47e4708,0x7ff8f47e47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6384 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7eb055460,0x7ff7eb055470,0x7ff7eb0554804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1247559679388236301,11075995404402483495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=4ebc2909f676bfe052c3afea0c5ece94e25aaf7056b9392b9cdeb64ef5d33deb.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f47e46f8,0x7ff8f47e4708,0x7ff8f47e47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,5312852158951807549,16909029528112584074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177Filesize
471B
MD5fc4451743ae6d96d07076f3062309c18
SHA1ffe7b073fc93cc73b1779d73528763a15c701ec6
SHA2561e1ab179c71a268faa3558cb48f11d2c9ea8d30f6cd6b90d8f5a68c03769f6be
SHA512c2d22f63a041d8bcd2440b89aa12f6e08b6e483a637e6bbee20e83803dc0d9ea3fb826e8a33612e5d38f55bd34e5a80961ec35ebade192fc72f7a281d2fa7ac5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177Filesize
412B
MD55ad288aedb1095423a563b1805eb40c8
SHA1a983da66a10857bb89a918dddd4fd7b12abc230b
SHA2560b368aea4d9221c81600832f720db194bbac87e30ddcaa91ba12256e475fb3eb
SHA512350c454a6136b77115c3ac0cc79f27c119c802e063eb7616bc5ed2d86ac0cda08091eebef0c466653d9714dfe2e75b17928d83cd79355de654e81afb28208379
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58be9513fd38b94d4f6b5011b68b60326
SHA147feef421fe8de09e36ca685e9cf19d404aa8917
SHA2565bf3203e8be948e62917ebab13e1b21aec105c473089b233874fac8e5748bb2d
SHA512cb3dbfa46f3ee28956deab38fefa8276f9efa6ea978ff6b7f810f7f9ba106ed569f017cf5c840ae90fc5f83a1e6dbe50efef8e3412f4f38452a00915b2cc58bc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5a8117aa711296c165c2e8a0f1c517ccc
SHA126a71b263984ae1cb067ede894a89aa93ada372a
SHA2569a3b0450d6cbc2182b60541db8d7ddc376af2f9f20237be40094dd7052f5ce77
SHA512888bea7d503a1022d4a96a7f4de05c0e28b67153f528f192e593068c4dde2468a7857e07518aa46e6343a7d6ac5ae41677ff19cf629023095398e5dbf6d7f59d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
3KB
MD553e90a5f961660349b3154b1c8a6ed0a
SHA1ec1b255e70e9d6b615d2dde4fb6ad82d042105b5
SHA256a72d9bb47dcc52b79f4400e625ac0e3f8a7d1b4e0a54c2a07a406f84baabfa95
SHA512d2f151fa5f2e291cebd9c3cc80626544ac43f1eea79d49bea6d22ab9cba308318f7c3c948727faf3ff0e47dab2eb71a338775ff2aa8ce2b8950479f518c3dde5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettingsFilesize
81B
MD5f222079e71469c4d129b335b7c91355e
SHA10056c3003874efef229a5875742559c8c59887dc
SHA256e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1Filesize
126KB
MD56698422bea0359f6d385a4d059c47301
SHA1b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA2562f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUrisFilesize
40B
MD5cc03d43b6461fcd0337af8cf2c219793
SHA1999ec2f0a85cb05be69dd004af2cf31956a1279b
SHA2563c8f6dcb246294f21103d9a4807e3439a3df045102e9cb39d3aaa4be4e7d0ae4
SHA512b4e6b2bbdd7242aae099f0ae17dcebb965ccf76a858cfe88915bd7fa0c8806b900d7dc4a9f1ceefada736c22ad03b7f9af275e19a193fb5392750691962548da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638002810792906586Filesize
4KB
MD5432778b585897d0b910239ce38a2df68
SHA16e54340a96d3cda2c41fb818217c001ab5c1126d
SHA256d297d111a5f7e93967ac23b0d54ccf7456e408d1c1bbacb2d3a728d2ae40d644
SHA5126f5bbbd4af8bc2ae18ef2f186e6c6a29a9e5933f3ff98a1c438421c20375184479da861a722a55b1258f18b99682cd31b579f2496f702a78e4820a7f13f05caf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTrafficFilesize
29B
MD5d4dba390ab9454a5408405d55f013558
SHA1f3ce9d1b11ba8cb019cac4178a37b4a7d9b72891
SHA256fa728d3a97a5694c54522b3bbe9ae4fef0970ef62b1bab8ba316a56f8e429caf
SHA512ef0b93e93758b60816ebc23a44fdde3cf3dc5ead7f9db4fe0caa10159c9a171541149d17366b1f64c62d3933f792d757e8dc96b15db31920a7f49ccef506666d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638001453611427348Filesize
450KB
MD5e9c502db957cdb977e7f5745b34c32e6
SHA1dbd72b0d3f46fa35a9fe2527c25271aec08e3933
SHA2565a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4
SHA512b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca
-
\??\pipe\LOCAL\crashpad_4040_OHNWVQBXEGIAPDGDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_4468_HUCNIKWQJTXWBAQNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/628-176-0x0000000000000000-mapping.dmp
-
memory/1092-148-0x00000000002A0000-0x0000000000302000-memory.dmpFilesize
392KB
-
memory/1092-132-0x00000000002A0000-0x0000000000302000-memory.dmpFilesize
392KB
-
memory/1248-137-0x0000000000000000-mapping.dmp
-
memory/1584-134-0x0000000000000000-mapping.dmp
-
memory/1684-173-0x0000000000000000-mapping.dmp
-
memory/2200-144-0x0000000000000000-mapping.dmp
-
memory/2436-171-0x0000000000000000-mapping.dmp
-
memory/3124-146-0x0000000000000000-mapping.dmp
-
memory/3240-142-0x0000000000000000-mapping.dmp
-
memory/3364-164-0x0000000000000000-mapping.dmp
-
memory/3704-174-0x0000000000000000-mapping.dmp
-
memory/3956-175-0x0000000000000000-mapping.dmp
-
memory/4040-133-0x0000000000000000-mapping.dmp
-
memory/4168-155-0x0000000000000000-mapping.dmp
-
memory/4468-145-0x0000000000000000-mapping.dmp
-
memory/4488-157-0x0000000000000000-mapping.dmp
-
memory/4724-169-0x0000000000000000-mapping.dmp
-
memory/4792-177-0x0000000000000000-mapping.dmp
-
memory/4816-136-0x0000000000000000-mapping.dmp
-
memory/4948-140-0x0000000000000000-mapping.dmp
-
memory/5092-166-0x0000000000000000-mapping.dmp