Overview
overview
6Static
static
1URLScan
urlscan
1http://google.com
windows7-x64
6http://google.com
windows10-1703-x64
4http://google.com
windows10-2004-x64
1http://google.com
windows11-21h2-x64
1http://google.com
android-10-x64
1http://google.com
android-11-x64
1http://google.com
android-13-x64
1http://google.com
android-9-x86
1http://google.com
macos-10.15-amd64
4http://google.com
debian-12-armhf
http://google.com
debian-12-mipsel
http://google.com
debian-9-armhf
http://google.com
debian-9-mips
http://google.com
debian-9-mipsel
http://google.com
ubuntu-18.04-amd64
3http://google.com
ubuntu-20.04-amd64
4http://google.com
ubuntu-22.04-amd64
1http://google.com
ubuntu-24.04-amd64
1Analysis
-
max time kernel
1800s -
max time network
1703s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
21-06-2024 11:43
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
http://google.com
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
http://google.com
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
http://google.com
Resource
win11-20240419-en
Behavioral task
behavioral5
Sample
http://google.com
Resource
android-x64-20240611.1-en
Behavioral task
behavioral6
Sample
http://google.com
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral7
Sample
http://google.com
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral8
Sample
http://google.com
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral9
Sample
http://google.com
Resource
macos-20240611-en
Behavioral task
behavioral10
Sample
http://google.com
Resource
debian12-armhf-20240418-en
Behavioral task
behavioral11
Sample
http://google.com
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral12
Sample
http://google.com
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral13
Sample
http://google.com
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral14
Sample
http://google.com
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral15
Sample
http://google.com
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
http://google.com
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral17
Sample
http://google.com
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral18
Sample
http://google.com
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 2684 msedge.exe 2684 msedge.exe 4224 msedge.exe 4224 msedge.exe 736 identity_helper.exe 736 identity_helper.exe 2336 msedge.exe 2336 msedge.exe 1300 msedge.exe 1300 msedge.exe 1300 msedge.exe 1300 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
Processes:
msedge.exepid process 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe 4224 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4224 wrote to memory of 5104 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 5104 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 1404 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2684 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2684 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe PID 4224 wrote to memory of 2320 4224 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffee79a3cb8,0x7ffee79a3cc8,0x7ffee79a3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6060 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,6898113739475462216,17031225882657132655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ade01a8cdbbf61f66497f88012a684d1
SHA19ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d0f84c55517d34a91f12cccf1d3af583
SHA152bd01e6ab1037d31106f8bf6e2552617c201cea
SHA2569a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA51294764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD56391b1b2249b8855df819fec54c41c3f
SHA1c84422edfe9d8af21a20e644ba4d3a4f5d71bed1
SHA256418752e5572c4c7dc6c368cf1fcf7e8be288fd71aa0c4428072eaf253a691b4d
SHA5126ef2142f58ed354a7aec9e0c50fabd86e973fc0b4d832720023276eec25244246f3b4eefed0d5fd14428a18ccbc1d168910d1f32dcef6067f988ae9b547ba095
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD5181837c1f6071f3b6031af30de98d015
SHA191392f9a1fe245abcd83b780dac82fdf30a735f1
SHA2566fe33a19c5a542c4ce03f4c45b5562766d3c3eac60a378088ca47b68b961f5a2
SHA512a724d4a4d49811fb14fd1b3311997ba7bb3cd1f2791a4df2e118fcb992fe47f14f9fcec0704ddee64128046cc210f40a3ef44c66cfd491c3ad8a5243005089e7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD51e4fa16e25e86c012d24a183f6e9fdea
SHA120b2f325a292c0bd5374ac3b3b794bb8b84b4589
SHA2568f3c5c839299cb4c51e2cac22f2501282f63bbbfd384cb463cab2958ec323e92
SHA512395bc650dd8e9fe102fe92f15cb02544fe66f8934e430286f84cf2540b762d5c2955b20f80364462793b2b83ed52ef2cfdaa3db1e5e23754cf0325eb483a6e89
-
\??\pipe\LOCAL\crashpad_4224_LAYZCVOSOJUPSGGUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e