Overview
overview
7Static
static
1URLScan
urlscan
https://github.com/p...
windows10-1703-x64
4https://github.com/p...
windows7-x64
1https://github.com/p...
windows10-1703-x64
4https://github.com/p...
windows10-2004-x64
1https://github.com/p...
windows11-21h2-x64
1https://github.com/p...
android-10-x64
7https://github.com/p...
android-11-x64
1https://github.com/p...
android-13-x64
1https://github.com/p...
android-9-x86
1https://github.com/p...
macos-10.15-amd64
4https://github.com/p...
macos-10.15-amd64
4https://github.com/p...
debian-12-armhf
https://github.com/p...
debian-12-mipsel
https://github.com/p...
debian-9-armhf
https://github.com/p...
debian-9-mips
https://github.com/p...
debian-9-mipsel
https://github.com/p...
ubuntu-18.04-amd64
7https://github.com/p...
ubuntu-20.04-amd64
7Analysis
-
max time kernel
1768s -
max time network
1684s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28-03-2024 11:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
win7-20240319-en
Behavioral task
behavioral3
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
win10-20240221-en
Behavioral task
behavioral4
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
win11-20240221-en
Behavioral task
behavioral6
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
android-x64-20240221-en
Behavioral task
behavioral7
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral8
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
android-33-x64-arm64-20240229-en
Behavioral task
behavioral9
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral10
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
macos-20240214-en
Behavioral task
behavioral11
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
macos-20240214-en
Behavioral task
behavioral12
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral13
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral14
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral15
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral16
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral17
Sample
https://github.com/pankoza2-pl/malwaredatabase-old
Resource
ubuntu1804-amd64-20240226-en
General
-
Target
https://github.com/pankoza2-pl/malwaredatabase-old
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4496 msedge.exe 4496 msedge.exe 4012 msedge.exe 4012 msedge.exe 4228 identity_helper.exe 4228 identity_helper.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe 2888 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
svchost.exedescription pid process Token: SeManageVolumePrivilege 3580 svchost.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4012 wrote to memory of 4892 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4892 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4504 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4496 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 4496 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3464 4012 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/malwaredatabase-old1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbce1d46f8,0x7ffbce1d4708,0x7ffbce1d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4736034158062548526,9061082068828396641,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2784 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD547b2c6613360b818825d076d14c051f7
SHA17df7304568313a06540f490bf3305cb89bc03e5c
SHA25647a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac
SHA51208d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5e0811105475d528ab174dfdb69f935f3
SHA1dd9689f0f70a07b4e6fb29607e42d2d5faf1f516
SHA256c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c
SHA5128374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5c9c4ac5c7bb41b2832001aeba813a2f1
SHA1110752d0586cad773211493a6e56757a54eacdaa
SHA2567fe6ff29dfd9f4b1ffbbf3cb1312e5393918f20e4f8db09e32504ebf4473dd53
SHA5122b8a0b807c8ab8762d5ecdcc946d14d3d5ce17f771e0846176e3889dd917c183ddc7ba2f011ef40964eb787b1932810251adb28a8a5b54819d50404b82e2aec6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
496B
MD5c4897aa78d9edac4710b6abd9081210d
SHA182fff6d6a6c64af2e1e64a0a56c46cfc2a3470bf
SHA2561c2dbad9b7fe623f7907fe8875ae1df241de6ea09e8dbb063b885983420fc005
SHA512207439940f16c3a029f465c4f4b6d290f15deea00c5d46365d2bbe5a27c48371315a7a5e39366638a4d256c843470b6e9acd6fc7c0b85aac10dde6176aba026c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5095b2b822c251c7e40490209fa252798
SHA1a1e687da94f6cce0c6191aa438f149c3f5b096a9
SHA2563ca30ac5b7ee0a2dd0b10213b1e5140d3679dc08df5b1811c53b4e44937531b8
SHA512f295f7a6503c4c0e8c27957430016364c02b442a45616262766a2c9a875cdf589b07346ffe8c1436442aa550a7823c985ef0deecbe22ca455704fbf894503bc3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5fb808faca68da20043283d3a0ebe5d0f
SHA1f2dbd76e8a109c22d004f6d0302288af73245067
SHA256d51832b3cc73fd7bc22b246dd7937ee7c87b9d33d332cae18c91e8ae275fc255
SHA512588873ca7648008198955551e0853b4068d9f4b7c4d22a0c13240f0188076e035e9a895ba3b1cc74550dc28aa2efd4f03b2fedee923646615a6095441f112392
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5ada1efbec7ca060bf2451eb2d0cc8c2b
SHA1e1ef3d6a86cf962156905ab35ba715b870ada884
SHA25626438cedaec6a5f4838840d6e14ca9357a9d8ec5f8c0ddd007ac35131d91ce4c
SHA5124827fe6ecaa61509d2bbce1295db5add6e7d72ade3f47b15efbdd5eecd5b12ba76fb31be15ac41b8121950c5eddb6bdfa84a7cc95e8f64ff793878471f3c694a
-
\??\pipe\LOCAL\crashpad_4012_TYAKMEPCOLYSGCWNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3580-266-0x00000247911F0000-0x00000247911F1000-memory.dmpFilesize
4KB
-
memory/3580-272-0x00000247911F0000-0x00000247911F1000-memory.dmpFilesize
4KB
-
memory/3580-263-0x00000247911D0000-0x00000247911D1000-memory.dmpFilesize
4KB
-
memory/3580-264-0x00000247911F0000-0x00000247911F1000-memory.dmpFilesize
4KB
-
memory/3580-265-0x00000247911F0000-0x00000247911F1000-memory.dmpFilesize
4KB
-
memory/3580-231-0x0000024788B40000-0x0000024788B50000-memory.dmpFilesize
64KB
-
memory/3580-267-0x00000247911F0000-0x00000247911F1000-memory.dmpFilesize
4KB
-
memory/3580-268-0x00000247911F0000-0x00000247911F1000-memory.dmpFilesize
4KB
-
memory/3580-269-0x00000247911F0000-0x00000247911F1000-memory.dmpFilesize
4KB
-
memory/3580-270-0x00000247911F0000-0x00000247911F1000-memory.dmpFilesize
4KB
-
memory/3580-271-0x00000247911F0000-0x00000247911F1000-memory.dmpFilesize
4KB
-
memory/3580-247-0x0000024788C40000-0x0000024788C50000-memory.dmpFilesize
64KB
-
memory/3580-273-0x00000247911F0000-0x00000247911F1000-memory.dmpFilesize
4KB
-
memory/3580-274-0x0000024790E20000-0x0000024790E21000-memory.dmpFilesize
4KB
-
memory/3580-275-0x0000024790E10000-0x0000024790E11000-memory.dmpFilesize
4KB
-
memory/3580-277-0x0000024790E20000-0x0000024790E21000-memory.dmpFilesize
4KB
-
memory/3580-280-0x0000024790E10000-0x0000024790E11000-memory.dmpFilesize
4KB
-
memory/3580-283-0x0000024790D50000-0x0000024790D51000-memory.dmpFilesize
4KB
-
memory/3580-295-0x0000024790F50000-0x0000024790F51000-memory.dmpFilesize
4KB
-
memory/3580-297-0x0000024790F60000-0x0000024790F61000-memory.dmpFilesize
4KB
-
memory/3580-298-0x0000024790F60000-0x0000024790F61000-memory.dmpFilesize
4KB
-
memory/3580-299-0x0000024791070000-0x0000024791071000-memory.dmpFilesize
4KB