Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
15-04-2024 21:35
General
-
Target
5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe
-
Size
896KB
-
MD5
e75bd457a2fb13fb20ebca1ed0794fa5
-
SHA1
804ffce3af6e77feac049cfd91e1fa527e23ae8d
-
SHA256
5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e
-
SHA512
222770617d0c62c774a7fbd8b58352f30a6e7eb0dcfb5bd67fb5124168d9f66586210c9542f363762156ccef153d9932e0017fbaa16de3e13db601ce7894e408
-
SSDEEP
12288:HqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaRTc:HqDEvCTbMWu7rQYlBQcBiT6rprG8alc
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of FindShellTrayWindow 28 IoCs
-
Suspicious use of SendNotifyMessage 27 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe"C:\Users\Admin\AppData\Local\Temp\5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1f9346f8,0x7ffb1f934708,0x7ffb1f9347183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1f9346f8,0x7ffb1f934708,0x7ffb1f9347183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1542681240405191674,11382346761563520007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1542681240405191674,11382346761563520007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffb1f9346f8,0x7ffb1f934708,0x7ffb1f9347183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17496648540989349477,3089267738781459468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5bc2edd0741d97ae237e9f00bf3244144
SHA17c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA51200f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5120a75f233314ba1fe34e9d6c09f30b9
SHA1a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA5123c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
984B
MD568c5a4bed32762580f2d9868bb11e6ed
SHA154487fccef4d51ec18b00e4b93bca1ba754df446
SHA256533c401d119dcfeea3c999180d7523b1190f998fad5a8e6624f5fbda44035733
SHA512afa9fb0b349487a46c3b3106935466aec386e95a877bb1b9705fc381afd6256ba4838a65bcbce854733142932615043dff566b48123217008ba757ea889e0638
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5cd200da3a244b800bc2cda6dc437fd66
SHA11c9aa2fd9d43d063a33ca6a7d464eb99e1cec017
SHA25600ed7dec05420ec1d7cba9610b3208dde24480107e31beff1aa3b7310e2fdd54
SHA512f5eccea865181309580741336fe7031351c5fb44630dc292925a95f9f7639a740cc6fe3f9c3c0ecb1071ac591f593d89a7419273d36496fdd4b87438b79e282b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD561265c9a3b734b47d03fcc7a3756531d
SHA17c6ffd21f3f8ca66d9ea77aec097c0701a9b4bba
SHA256118359152ce4fa6128e582a4cda5a506a1e8a7650434f622091fbcadc7b0ca28
SHA5121b7a25248517a0205638c354d3f7a39054aff2ab71b14972eb1ee9ef56b60659157aa6d81545358600da08e4b59f7ee1d0e73a179828b1c87c01ed0792d5beae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5f8bd1c383a18585f4e1fbac9c0edd239
SHA1582aaee9af0becb4b782912df74f00e045d4d4e5
SHA256a6d0e41e9d2f13c6ba482e14f7d96375690a81617c7421bc8b61af5a100b937d
SHA5127875cbed59a89685331ce2f4a7565a00005df703dcb82393b8138d6e05aeaf5d5c5269fc98bce0bd194c8648b982ed5f07509d094ca155a1b33a1c02b62494f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59e1b1cbacb178c8ff28ee0e7882545ce
SHA128ec8b622e0e669f474bccc10c00da4eb82ae2bc
SHA256b68b12a0c0392310431af7e38e60e9de78a29cfa01d54debb2c93e19a80a362c
SHA5123a691672b0447d7c0580844329409b7976f1852636c02d9e8c6b66b4ee449a2310265ddbceff08c14f40b654724e8839eb23060c26cb06fc94c2a343419cd1ee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD54888badd7dd57bec710a152686298434
SHA12dbbbfbb1da19a685f39ae6f74eff51404b2e866
SHA256629940bfeeea29742b3db173f28a5f67b1bf69c7e3d8b6e1a47ba6a7f663cf77
SHA512e8535d80c055e594ef45db5740c6420fcc32b276d322bcbd56a771a83bb628d8c437c47bf76d097a72cfef03eb62c7f5b5525367d8d7a5e28f1a8a828bea1b0e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD5112e49877875712de59dc9582ed14e6f
SHA15c646c7dfbb1c8a716e888389841c42e67bc4749
SHA256b31e4f4e72f011e64375efd8388c7c64709bf10d2507d3854b272cb4113a2d74
SHA5125fcefbd3dc09bf5ff38b40f7b5e84f75210bf17f56f2936d1cf3876c44cb0fd9b5f7985e94e78c0981ede824dbc082479a671bf70610963eeea87e0c45f747a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD564eb42d8b6b28a4d81644927a6cf0796
SHA1f0d66bf713028b2bddc1b07f57f0b7d0958487b6
SHA2569e3a25d1fb508fc31a28d1d229928f68776112a7fdce3d78028cd03dc585ea93
SHA512a3844e2b7221318185d86aff4db17c5abc4511d5488ae977d220b1ab6b75241e5ab9af697ed095706484d6f6c02270fea3ad0a00ca319822a7ac0bc21acfee24
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD58801edeaf80f9592b0e43a84c98c5b54
SHA1f9582f7eb68ec9b491144a94f5d922fabd7359ab
SHA25649c8f0d3ddb843cad22cab586c9b9338b7bcf48ffa504634f42636eab6e54a05
SHA5125972b959a8ccb17efb87cb91232a1c34affc03ef80100bf155fb90151ecac2c10bc7797d09c0d31f111ab806eff0443adc904edeffc0f5c2d48b834004dd5e4f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c92c.TMPFilesize
707B
MD55de443dd25ee0829aed9bc7f798db1f8
SHA19b59f776d0c278c2a488b20067c3c29d146c04d0
SHA256372094e294bf64ba3e1ae016a68dccad3e7edf1580c30c11d27864b59dbd423b
SHA51216a54912489d5e08ba3972f190f16c456f998d442686bc161a2315d171abe75974abc7ed53beb1f1d89a59cc249d3c53d05cb1c3577a8d8f86497d34eb829d21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5cb0cd93a7e90a5cb0d85aa842bc30cf1
SHA10dffeadae62f7546c461cd6ae8b581c588b1423a
SHA2565115f3d09edcca084e190e1ae583eb29d11687d37c76ad086bd8cd3a587185e9
SHA51201e79922f04494855248b411acf1d381b4a3c22443bb58e503db4230574dabe088bb4b2cce7b1604975a5165bfd2952d872c04916f9e4017820296ccb002f297
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD5576497fd6e773709e042e5ecaa7c8820
SHA11153156f953489cda84e6109b8ff7544469617c5
SHA25635f8714e0bd1a8b476f78eaf4abe76570cf5ad1ca4f53ed0030c363f9ab7674c
SHA512caf3d597a99c8fc8c457bde06fe4abd40c7a5238cb45257ed021851d68cd0100a70530587b5e752229cfa941ac81531bdb1804ff7258b49b7f3ecb126204f208
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD501e8ea13f7cb2b59519223c8d51997a6
SHA1a0fda7a184fe41a80463b6d9468417527e0d95dd
SHA25685108a2aeafd1e58eb428466f4db2ef55c1160ccb975b811188c00d765a2cf94
SHA512fd06a8f98a271955325220f1d0e7afe7f30977805159e52286f7483e3159e9ffff9993061a9d068a1fa28712fc34546251b501eb296be70789fdbd9a3328ddd9
-
\??\pipe\LOCAL\crashpad_692_DELIZSIWYADBASRPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e