Resubmissions
26-05-2024 14:07
240526-re128sha21 1026-05-2024 14:07
240526-reyl4sha2z 126-05-2024 14:06
240526-res2mahg52 126-05-2024 14:06
240526-reqw9shg48 126-05-2024 14:05
240526-rd5n2agh9s 126-05-2024 14:05
240526-rd2blshg35 126-05-2024 14:05
240526-rdxnesgh8v 126-05-2024 14:05
240526-rdt8asgh71 126-05-2024 14:04
240526-rdpykshg28 126-05-2024 14:04
240526-rdlwxsgh7w 1Analysis
-
max time kernel
1779s -
max time network
1763s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2024 14:06
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ
Resource
win10v2004-20240426-en
General
-
Target
https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1604 msedge.exe 1604 msedge.exe 5016 msedge.exe 5016 msedge.exe 1672 identity_helper.exe 1672 identity_helper.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe 776 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe 5016 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 5016 wrote to memory of 2760 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 2760 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 5048 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 1604 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 1604 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe PID 5016 wrote to memory of 392 5016 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/ylcXkL4D#OYrzXbo7t_dGAzkttfOi1S8O--PmvaR-5c0w6_6UhJQ1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fad346f8,0x7ff9fad34708,0x7ff9fad347182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11127012615009681036,13674915820341316602,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD50acfedb153933da64a94cef4c070c533
SHA127e4cb1868af5c45c068256a75f354211aabc761
SHA256bdac0377ff27332ce96966da26f9b0fb1208ce3c8fb1727f976cc5f8e987643a
SHA512d228f3596337e37ef35f4a6a98a9c3751f62d505e2fd8022f54017600428295f58036d116f8678a01da4ea0e297aada1eb852587294aad5878cf14dc09ee8436
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
188B
MD5008114e1a1a614b35e8a7515da0f3783
SHA13c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA2567301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD571d8cb2a5c87dc781ef77d7e153b3132
SHA1a0354c8692289da4b7c8b4b56a60fcae259e9715
SHA256cdfa713d7136852442713a4f6a201cc326f703d4266b9480a411537dfcadd793
SHA512590567b1e1486a0632b81bfc79be5f06e89253f646b0c90444830e47d083d39af951c5007787d644612511ef9bde54adb05f9f71622d53ca38ddfd406775f226
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD500394720ffd31c27c92492e9e67c6680
SHA13bb9f0f013a7a5966f78cd917c696167bf30c4bd
SHA256cf39eda679dcb8c3b8767ad14c92623429e86612bea38bbdab4f02da1c46f293
SHA51255ba86433da83289c23943c28a56b4087026516e4c3bc01715ee4c2a98a467a4759cd90ff3abbff0213f6b59aae39deb58690760ea4203395439ff4240dd2084
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD55c87370fb5c214e3fd83d1bf38af9cbd
SHA1ff16b7d46dcf69a32a552bcad4745486bcd93bae
SHA256bf8271411f0364745300cefc6cbc69b3530d70c1d9003b571878da75c4f8a007
SHA512c9f84323c480b374db00a3a664ff29765ca034718ab194c92187feb382e58a4923138eec524403da8bcd4274fc2a9c0a8d1eb9f2e510dc25670a8d6d6f66273f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57abc1.TMPFilesize
48B
MD5c9bb614ca7129475a0e9546345bb6add
SHA1e0baeb5c2bfa5b594b9beb148794e5572bc8b7e9
SHA2569068a1b546e7d6c639546cba862a4f4d744f4f137adfbb67b2b90c2be643b01b
SHA512682247d81d3d44057b842800c0d594a5964784f52bc07f963bac3cf7403ff6de078a3f4d2228e1ae0c9443dd308ef13ce853b1d182e95bbee3175847ffdc05cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD54d80c6378f947d479fb678b696141b73
SHA12da09324c79405e74b09dff47ac0e2e456f73e2c
SHA2562c776980c46284f5ec34d21650c9e6446a5a9c8f0815b49b8015d7cb7dcd2e75
SHA512cc3b94321a72deed937b02736c6232d49d7af2cd3d076da1237170a30a32e9c7c6df0b10bec73a5594b86a75ac0fa0cb074dcb68d92ec0b0004748ca3b0e0cd1
-
\??\pipe\LOCAL\crashpad_5016_ERWMDFSAXNSVGBPYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e