Resubmissions
28-04-2024 03:02
240428-dje4nsfa4z 1028-04-2024 03:01
240428-dhy56afa4v 1028-04-2024 03:00
240428-dhcxxsef55 128-04-2024 02:57
240428-df4mvsef39 128-04-2024 02:56
240428-dfjmpaef32 1Analysis
-
max time kernel
1680s -
max time network
1684s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
28-04-2024 03:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://envs.sh/hzj
Resource
win11-20240419-en
General
-
Target
https://envs.sh/hzj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
MiniSearchHost.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 384 msedge.exe 384 msedge.exe 3760 msedge.exe 3760 msedge.exe 1412 msedge.exe 1412 msedge.exe 1876 identity_helper.exe 1876 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
msedge.exepid process 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
Processes:
msedge.exepid process 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
MiniSearchHost.exepid process 4428 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3760 wrote to memory of 4088 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 4088 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 2932 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 384 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 384 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe PID 3760 wrote to memory of 3192 3760 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://envs.sh/hzj1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe71233cb8,0x7ffe71233cc8,0x7ffe71233cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1336 /prefetch:22⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD56e498afe43878690d3c18fab2dd375a5
SHA1b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd
SHA256beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78
SHA5123bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b8b53ef336be1e3589ad68ef93bbe3a7
SHA1dec5c310225cab7d871fe036a6ed0e7fc323cf56
SHA256fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1
SHA512a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD51d5b6bd59e6fb7ebd54d67aaf23afb69
SHA13f9980a5ddcdec4c8f76dfbc6121cffff9cf8883
SHA25685ff6fd4b7c3841df3e2a2dc8dd546efbf5ba6f5b22c7e9595ae57d707b8f74f
SHA512fb046b5919027599acab3e04a7555d6931cce4d09ec1fe1eb210bdc641b094ac4ac3908c38271e1b4fa330c9d7b413a0f9f3841de554e0ffb2d666779f26fd31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b9ba87c44c849018248bdfe0607c7f9e
SHA1cebeed35a3e0e0fd37fb8cfce804cc7180b25b25
SHA256918e7c4287bda7f8f2a3c78eee48b2e66df3610fa0f4b62c718ed4717ef5c7d1
SHA512a92cdae68287081faf608c0dbd9a2752b2bc062b75aecbf77d7ff258da875511ad9e55cc723250f9978452294f84c8962b00b55e0a697b6ff9629fe199b84d39
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD52a21554e5b118188b697c7154f9d45c6
SHA191f476ae30194e38020bff4261a9aff414896b07
SHA2564d8228e322c74aaa13391603f46522d36575207c31d9a0cdbe61b49ca5c92bea
SHA512b1194fb313e324ee88d82667ce16d3565c7f67b77a4a63b985aea1c84e3b859bbd35645e9d2279e7b18ed9225af19a5cd9123900da6a1d120f6cacfd93b43d39
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD53b54ac6ce0925f0eb62719ae787e356f
SHA10d9cbb340491f158730e9444f9c33e386be24e50
SHA256cd80464e0174dfb6363d09f510f36dada50a3bf6670e16d682125b0c5f5068a6
SHA512580db3bf2ffdc4a375e8db5fa68a9400a92eaf407373940901234033f664ae4c0954f642bf1dcd522782f32dea2f1ed24060020babc5c0243ecb24c7d3f09e53
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD52c82e3741c5c1367815769cd5b119762
SHA1975c558a8dd907deece1febd3a22b08d26be0342
SHA2568167677c4c9cf07968169a313b411add9049c94f30043853b4c055e462d94088
SHA512323559df0a089f8fce3df88da1f7164499a8e854894436a74451e7c8e9db747e138f171e29d3c41186dc28c8cd4656165e50c317836453d349dce6bbc03e4ece
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
10KB
MD52f686552f463dacb3a39e97d1a410c9d
SHA1e4fe9947c26763394b6cd14fa1df940c9af7de73
SHA2566cad84b8c5018d81884c058a9c3482291eaed55fe439371ccf677519652b51b6
SHA5129eb4a075437e51691420c8c25c32a905735c686f6ae2206a852405a3eae902fb6f66e23b8b817e724505257a78c8f174481bdd4b6f229d2c899983c77826a449
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
10KB
MD552b2c896bd2592cfba6006c70afb9c33
SHA185b5af5a859462eb5b9db12e9bdaf60063a098cf
SHA256899500eb02c81213d25e4d0b76cd212b00d1c846cc28e49d2817871bbd41f4b7
SHA512aa2e60992dcbe782d185517369e8dbc440d84b3f4ba098125907eaa416bfadf7fb5f0fdf72dcfaa2860756a6d861e4459245f87b6b02b37218bf19caf5d36bb8
-
\??\pipe\LOCAL\crashpad_3760_HONVYNMIOQEDUDSDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e