Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25-03-2024 03:49
Static task
static1
Behavioral task
behavioral1
Sample
dd29a658cd39afb20d949aa90794a582.html
Resource
win7-20240221-en
General
-
Target
dd29a658cd39afb20d949aa90794a582.html
-
Size
45KB
-
MD5
dd29a658cd39afb20d949aa90794a582
-
SHA1
7d815a4dacf3087e7536e50d786b446ae9fcee24
-
SHA256
fc6c872dbddcc79224df2aa1dc2c085cd54b8cfb364de3eaa9dc9d3212b44f60
-
SHA512
64b471922b36aa69e13f842178a8b5cfe275f04e1f0aca9e2c4d8466a1186cf5257ba34bf9305c82c206c57d323b8bca40fc0061aca08a4ac3fedfbf84184824
-
SSDEEP
768:FYqjV1uY+evlrb15f984gJTb2HO6zQgh0dGH:ZjV1jvlrZlgJTb2HO6zQgh0dGH
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 92 https://jira.ops.aol.com/secure/attachment/688199/failwhale.html -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2952 msedge.exe 2952 msedge.exe 2376 msedge.exe 2376 msedge.exe 5708 identity_helper.exe 5708 identity_helper.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2376 wrote to memory of 4332 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 4332 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 920 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 2952 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 2952 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe PID 2376 wrote to memory of 3480 2376 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dd29a658cd39afb20d949aa90794a582.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa72b646f8,0x7ffa72b64708,0x7ffa72b647182⤵PID:4332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2952 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:3480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:4328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:12⤵PID:4844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:3032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵PID:4032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:4356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:1564
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:82⤵PID:5692
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5708 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:12⤵PID:5724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:12⤵PID:5732
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:12⤵PID:6020
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵PID:6028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4672
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2388
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4180
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
192B
MD511b2c9ec944e47c86cd1f1678c81d75c
SHA19d55de6a4be79441210924dd5ac120c593605f25
SHA25631b6562cd0c74fcaa73df5f635934b52e0517a365db1f32272e8d39e3fee82b4
SHA5127472378412d55a637399d50005897ddc65cb1a28eb4f663d1a30b162106141d25ff9b56299efa38967c2d8fca76349c5cee17f3d2b47dddb43cdd171dcfabd3d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5288d5e383fc492466626a049b30a489a
SHA1a5c2e03041f399c3a9e21cad3de8d637a163be6d
SHA256a18b9f6519e548231a38d1e2218e25efaeaad616a3e192b7854a07022b43e86c
SHA512a435a959248bfa33b8383fe52e80b559e982c15e55e4359c216d0ddb388a28558d07375cfc1baa4d832c1892dbb3b2aa2f144510ac4136f1ffc1e697dbf6e032
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c408f32edd263fa0ff34f01a321fb97e
SHA16a52ecd9baa296ac5cba8bb7244da928b04305c0
SHA256644f92c6fc222ea1d2077c316a4c469892e9c1694868306f5209035954d9f064
SHA51217a54eecc68f00c2b34d49ada3a65af2be893d36e88e3ec32bbd7937edee6d9215f61b344abb8fe4a56caed9497b19d3d246703ef6dc1878358fd9f13d968e3b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5c4b93925d99fe8b3c7a5b143cc5e1837
SHA171ea18a52bdfdc73670885f84f1683cf1b6fae32
SHA25636349a5c21978ff772a020e18fb0c7ee0602e2e4131885222569b2479561213f
SHA512dac6bf2ae936abefcdde8f7144dae9ae81f6ed1b3ec589f6f29c123f44c6797ef80f695262d527f892684eb48ef6a9210c22a33fb87bd0610d860b9cb611cac4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD59d3c78cebe2a2d02e4d663258f66100d
SHA15e39d0311bee8cb6eb0617ec144e42ef6619f5f3
SHA2563b800e2b6ffa34e762030ecb4bdb6c5d8d6ea1689b1c92d4b9e0c9cd202201b3
SHA512d22a8b9dcd5ce2ef7d5ae9786ef9832927cad32cd22f3bf25e7f687881cdb8328a064d92c89cb6fa4c2825a406068eb43400fe7df8b3896689c822523e6a1550
-
\??\pipe\LOCAL\crashpad_2376_BREIXJGHVQEANAXCMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e