Overview
overview
7Static
static
1URLScan
urlscan
1https://www.1337x.to...
windows10-1703-x64
4https://www.1337x.to...
windows7-x64
1https://www.1337x.to...
windows10-1703-x64
4https://www.1337x.to...
windows10-2004-x64
1https://www.1337x.to...
windows11-21h2-x64
1https://www.1337x.to...
android-13-x64
7https://www.1337x.to...
android-10-x64
7https://www.1337x.to...
android-11-x64
7https://www.1337x.to...
android-13-x64
7https://www.1337x.to...
android-9-x86
7https://www.1337x.to...
macos-10.15-amd64
4https://www.1337x.to...
macos-10.15-amd64
4https://www.1337x.to...
debian-12-mipsel
https://www.1337x.to...
debian-12-armhf
https://www.1337x.to...
debian-12-mipsel
https://www.1337x.to...
debian-9-armhf
https://www.1337x.to...
debian-9-mips
https://www.1337x.to...
debian-9-mipsel
https://www.1337x.to...
ubuntu-18.04-amd64
7https://www.1337x.to...
ubuntu-20.04-amd64
7Analysis
-
max time kernel
26s -
max time network
34s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
18-04-2024 13:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
win11-20240412-en
Behavioral task
behavioral6
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
android-33-x64-arm64-20240229-en
Behavioral task
behavioral7
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
android-x64-20240221-en
Behavioral task
behavioral8
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral9
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
android-33-x64-arm64-20240229-en
Behavioral task
behavioral10
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral11
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
macos-20240410-en
Behavioral task
behavioral12
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
macos-20240410-en
Behavioral task
behavioral13
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral14
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral15
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral16
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral17
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral18
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral19
Sample
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Resource
ubuntu1804-amd64-20240226-en
General
-
Target
https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1104 msedge.exe 1104 msedge.exe 2848 msedge.exe 2848 msedge.exe 1732 identity_helper.exe 1732 identity_helper.exe 1476 msedge.exe 1476 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe 2848 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2848 wrote to memory of 1520 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1520 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 2904 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1104 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1104 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe PID 2848 wrote to memory of 1984 2848 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.1337x.to/torrent/1306606/Left-4-Dead-2-v2-1-4-0-AutoUpdate-Multilanguage-No-Steam-OrangeBox/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc22213cb8,0x7ffc22213cc8,0x7ffc22213cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,1957451648820204123,17901244911311654993,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,1957451648820204123,17901244911311654993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,1957451648820204123,17901244911311654993,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1957451648820204123,17901244911311654993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1957451648820204123,17901244911311654993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1957451648820204123,17901244911311654993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1957451648820204123,17901244911311654993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,1957451648820204123,17901244911311654993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1957451648820204123,17901244911311654993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1957451648820204123,17901244911311654993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,1957451648820204123,17901244911311654993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5db6f3e04e8d0e847b83d778e43552540
SHA16f58849131e27b05ba16d1e001fcab3db510af9a
SHA25674058d1dab7f6c19b598835bdc3050a9b8afa46b17095cc5bed4687ac2384948
SHA512b12bc4a12511611d35e426d17a0bc3e99f3045ad7246deacb4fd50aa74f5e2da3f336c972b52a8a48821f1fdc3f85ed12666f54ed1e11a61e23926285014bc1a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5dc3fe6b634c77522eec8ca4b8d4434ea
SHA1f8da22ca5d5f4788078f5ed52f7f12baef619b4b
SHA2560fe3ee7f209b5350c0876b6dc7c571c2af5db80964e37835b6e7279cd311d31a
SHA512c5cc2251985ae5aec6082a8a4e4dea1f1a8bf72c4ccf199ad4a3e17509a4f7152ae60b1bf84d77e843e4d7043bd2f0da63d620cbdb8ededa94fa4606d016ec69
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003Filesize
100KB
MD5f134fda98a277b1c8f20ab8fbe2fbd58
SHA1a922796190a1f5bbb3c410c6ec591502050df04e
SHA25627bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7
SHA5122b2e8338afb9b0ca9b5fa3d452dfd80368b5d17566120ae6351b6d03572e5a69cedb97f165fbc31ffb3addcc00506a3fc0761cf2404a5d9826a8448a7c4d9f17
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD5d837031b4c255c195cbd0ff127cc42d3
SHA1c89925f3b14ede6e546bce8c8c403fc1ef8f7fcb
SHA256b8d544e0ceb73a26f55a645ddfc2475b6e9351937b20491365a9232d185b2deb
SHA512b2ce52cf5544c213ed835fcde4296542a08199e760615a9c7b0b8b288d86ab29d96ee75f10b8008b35f5d1d842fd03a926b6b8dfa16c661538e88e04e15299c8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD559323949f4d728be923a25170963eb2c
SHA12fcef31910c0c264ff42dd175b87d1ba126f784c
SHA256f9c06790bfeb4819246e0645c56d802fc2fc26dabb55491c6422d9a20303cbee
SHA512c5eda955ab651d9cc2950e0d5450c6055683cf98d2e10a4c286127f2d306ef6513150da4367756d6441576f6079d07a97cf21f37adc39250dd5908e1f188cfd6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5bc9812579ba9fd71713e26366c6ccfdd
SHA161ccdc44048f004f1936f682112ab7fa090d0081
SHA2563e3a186fa872198fd24073e444b9fcffd438344f3b63d0fd63c56de038013daa
SHA51248e147ae22c78f3b860f80ae84acb1228d8323ddb462b5f0f2d34ae736b14d6f24d308eabae1e2f20435ecb6601acee0fc5a0137fcd817ba428b8f2542405de6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD539b44a6b893a32c2d596b8f64e32fd03
SHA101d41710269994f8b5b0b1f2849ddbb6ea0a6877
SHA25668464d902544cda4bd5c174a63802c66db8ed82343a407b820990e5e19521ccd
SHA512238205fb70e861568d64b97b112bb49cdf250b311db7667048ec7be58d49d2493bc2389ee538469e3aab08892be1ba7ca24176fd86e30c96a13211e2a344a42e
-
\??\pipe\LOCAL\crashpad_2848_HKLCIGJIZWKATUCDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e