Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08-04-2024 20:14
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3796 msedge.exe 3796 msedge.exe 1192 msedge.exe 1192 msedge.exe 1924 identity_helper.exe 1924 identity_helper.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe 4004 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe 1192 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1192 wrote to memory of 1848 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 1848 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 2428 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 3796 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 3796 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe PID 1192 wrote to memory of 4084 1192 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://na4.docusign.net/Signing/EmailStart.aspx?a=558c4fef-bf9a-4ff8-974d-6ec8ac2c977f&acct=ccd38c76-14d5-4dca-b6c5-f0116d3eb8f5&er=558bf40f-9a62-467c-8e76-aee3b9faa6ab1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8edba46f8,0x7ff8edba4708,0x7ff8edba47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7948976540185569259,14574260591352740840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
792B
MD545a8cbf616e253c5a5d95e6c03104c1e
SHA1c4916e9d45553c179f464930384956bb14f16ed6
SHA2566fef945a343e334e708276fab0e4ccf701c2ad3d345265de1263c4fe8ad6a624
SHA51258291db4611bac0dc0d5fd03a2944b5257cfc1b8b6748ea1a5a9edfa9e2d5a08a7a577696c8daf629904d6d7bd296a44a943a0f4587a50aa5f1f5ab3c7134a59
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
412B
MD5a02e7e96239ec00b405096af6359eaec
SHA11c6ee63d62a015a92e3d6442cbb3d8a33c0711de
SHA256789f9925f702339f5b7e2882518a4be877d6697ac662ff8b16e73dbb58705283
SHA51266b50764f0a0ca9d7afa5c39a4e334919022ee62b50d0c98649c8ead09e8175fe7ca8f5ee3388e028f824f8c6c5c49f73adddc5f08529a11ac61dc7ca4fea216
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f361d1feed0bbce5ebaf7dec9f1750b7
SHA10ffb690dc65e5ec2445a8031c232e2fa74a83a09
SHA25695daa71b8883faf46d0b8e29b6d7a2188a8864034c19929106e94c61c1aae22d
SHA512f38044aaf3b0b16db4e3a8db9a09b5c6fe2ea926c049512f3d5ff928b93732b670497d1322d019a7dc8e73ed296d6af63a3e73568c49a058fe2444b54149d53e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ffa71bd359e16f01caa9a37f600bdf31
SHA1107f72d3b87927cd9ea398dfa9cd56829f8eede5
SHA256922a891718c200012f97e0684f7b819b8b25643ebe6f97dfb8f5438394ae1f6e
SHA512f8d951beb8d01e3a84900142f23bd6cb9de9c1900caabcda62e1d2badf1c57e241d1865fcfe6d8b7d8591ca42ba88364394f85b008a512225b2b99f6ffa45579
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
538B
MD57201304cd5b558a7d88a8ecdfb7279b3
SHA1982ab3e8a34044b9e26a0b7aac5e25345d59830b
SHA25639fc40f80334484603fc0ab0ef8d452b662e52ac0126c46936f2f039fc46142f
SHA512b1c3c68ab44cc41dac40d301ddb7e2f909baa4dedd4b3d82c58f8b30b5d5c9658abc85cbd1ce55937a3a05c9cbcc739e05e5352e8425eb442b3a9c9281b7df36
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
538B
MD5eb576daa4b1a341ce7d520cf84beefb9
SHA1d58b52bd766e190384e2f42f4286597bf2921313
SHA256e7d02f1673d079699ee76c2d871e5f8799829e85e880203940d294f19600299d
SHA5127215c275ee498d59cfb3809907a790d2aaad97f3b7de5eb9c46f077e381cb4d7509ea75f16e4b7dd94048179688836febef5c8134cd919410449eca2bb7bff76
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
538B
MD51d97e1da7962d4c126145862244ca8a6
SHA10b538f40d218c3b4f68379bf5255b3795b9f7544
SHA256864380ae868bd77b51ccdb779995beb4db6dc82d6430d9e0691a38235dac4f77
SHA512d8dd5e125ebb883e549bb82ac714b723ff4c90d223662e596863de2ad927d8d553f407bebd11cfc22c6d71217dcb8e6c05c6fd9332f8f42ea6a62245bfb55fb1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
536B
MD57c4b87cf3514be93ad21856c01380a71
SHA1382653faa8b3ea20800aa0801097e64cd5af5cb6
SHA256868382d27fbcad84573bd651e1c049aeb04ae2293ff4cd76f33e7c5e9d794ca4
SHA512d57141cada4b41afef6d64f83fd19e06821c6e9554ca1953a3591de60a1aa87d3e4a4fb1ac312a90def6df61a293df74b586d0c8498d0945f1d772b8a60cd318
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
538B
MD58002d06395ca2b1a313f2767d6f70cea
SHA1ea468b63080fe8c7b1eaa01441d5a5a124c3c0fb
SHA2566ef107abd0f19b8eca51a26879324afa441636925e241ee5914befa133c93221
SHA51242e76ccb966002cc4affec5e4b27eceb390e4afba3f0824966fd4d451d64639004d59f306f225cad1f0d622aa81c4da86991ac67df302bdfea8520381f0e38fa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
538B
MD57eed5e319ee636bff1ce723db3c2ea5c
SHA13caf03bbd4ebf357944c6fbd4a3824689b1b0d5a
SHA256dc4caede0160e47b469e577e13c76965006a0b71d8395bff3f3e402e0c35414d
SHA5125b0acb26f83e74bcc548b7ec09190879f8b45a106d7c865ab64850f0132ac2ad75c1aaa6bec6920ce1556bfe047344e5ada05ebb30547bb76e1583757b5e7f01
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579318.TMPFilesize
538B
MD5903be482be7df1e8f6afb6d1acf393f0
SHA160845f3b5fe8b4fc2d902fecaa923610142c00fe
SHA256021a4eefb3fbf076358ecdfd82cd9d13cc7f53f7ca1755b84ca816a031c9cc95
SHA5121da5694877943d469ba2edd7eb18fafb4283640f50623bffbfb25ee4c131365ba72cd7d6e0249457efec744f0b96ef6b15b702c6a32567b9cdb79929fe337b27
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD52b2b5ec28903b41963f85d6e618f4aaf
SHA18cfdb2d5cac15461f9b264159e678a68aa049fa5
SHA2569038aeb18b0d80ebac72acc65ba65ea61ccd379a363ade9afcc52af82b881c86
SHA512fe1eff1966b46b6bc3b2e383ff599cbf3996434a0f6fe51cca51a90c53ebd614e2cf0599092c00234254883960b1f700574240e6c810672ebedbb4a9cdaea92c
-
\??\pipe\LOCAL\crashpad_1192_OHUFKVZCGSRMCCIOMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e