Overview
overview
10Static
static
321f13b750f...18.exe
windows7-x64
1021f13b750f...18.exe
windows10-2004-x64
7$1/$OUTDIR...er.exe
windows7-x64
7$1/$OUTDIR...er.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
31816850460.js
windows7-x64
31816850460.js
windows10-2004-x64
3211632070006.html
windows7-x64
1211632070006.html
windows10-2004-x64
1about.html
windows7-x64
1about.html
windows10-2004-x64
1api.js
windows7-x64
3api.js
windows10-2004-x64
3begin_pass...2.html
windows7-x64
1begin_pass...2.html
windows10-2004-x64
1begin_pass...8.html
windows7-x64
1begin_pass...8.html
windows10-2004-x64
1frame3.html
windows7-x64
1frame3.html
windows10-2004-x64
1gerenxinwe...6.html
windows7-x64
1gerenxinwe...6.html
windows10-2004-x64
1index1259653512.html
windows7-x64
1index1259653512.html
windows10-2004-x64
1jquery.pla...f95.js
windows7-x64
3jquery.pla...f95.js
windows10-2004-x64
3login390722190.html
windows7-x64
1login390722190.html
windows10-2004-x64
1lvyouhuodong.html
windows7-x64
1lvyouhuodong.html
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
07-05-2024 22:13
Static task
static1
Behavioral task
behavioral1
Sample
21f13b750f2c71bb815816866eee55b9_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
21f13b750f2c71bb815816866eee55b9_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$1/$OUTDIR/sftp_plugin/tc_sftp_uninstaller.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$1/$OUTDIR/sftp_plugin/tc_sftp_uninstaller.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
1816850460.js
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
1816850460.js
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
211632070006.html
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
211632070006.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
about.html
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
about.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
api.js
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
api.js
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
begin_password_reset1581078162.html
Resource
win7-20240419-en
Behavioral task
behavioral18
Sample
begin_password_reset1581078162.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
begin_password_reset727114948.html
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
begin_password_reset727114948.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
frame3.html
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
frame3.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
gerenxinwen1732464246.html
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
gerenxinwen1732464246.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
index1259653512.html
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
index1259653512.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
jquery.placeholder-fd5cdc5d60cadb4e97cb85609e889f95.js
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
jquery.placeholder-fd5cdc5d60cadb4e97cb85609e889f95.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
login390722190.html
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
login390722190.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
lvyouhuodong.html
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
lvyouhuodong.html
Resource
win10v2004-20240419-en
General
-
Target
211632070006.html
-
Size
3KB
-
MD5
32d52e3fce4462284f430d34b393d971
-
SHA1
6da72d1a754114866ea6c9650f9774d3d2d28e7b
-
SHA256
1f8401ab343e7b13e74cef90b4862d55cf8d56772b5a2564a68abbb872bc2bd7
-
SHA512
db8cc8541cc3aac04f97e1944651cbe7dbf7b6383465c3571ef224d4c445bc6e42fff079c87fea9c7a865a987e8aa02e353f78d0c10e0f1638e4884657c48126
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4448 msedge.exe 4448 msedge.exe 4384 msedge.exe 4384 msedge.exe 3920 identity_helper.exe 3920 identity_helper.exe 424 msedge.exe 424 msedge.exe 424 msedge.exe 424 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4384 wrote to memory of 964 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 964 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 3756 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 4448 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 4448 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe PID 4384 wrote to memory of 5020 4384 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\211632070006.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab30c46f8,0x7ffab30c4708,0x7ffab30c47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,1514102364831219639,11154843817045254501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59a74e0c5986578470fcdd521ccacbd0d
SHA1712799c283f0fd00ecfe2003519c8cc4ad54a7d5
SHA256d44fd506364ca38a288ffaf9b9da1bed51f8db3db9939079a288d963cfd3430e
SHA512ff2b5cec966faff01748cac6db73cc0231f30e29ffc0c93ce03ba4cf2e4b5a97a791d733981f34893a60a10d6b34a6bab620005545b5265d0084e731afe5bae9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59d613111c1eafc1ef846b057551eea93
SHA193b084c12647d906c0e6a2c0004e27289461b2a3
SHA256f4d077aab79748f185ec7ffb01c37a1cb134b05f590ed981d6f1fa88030b3ac8
SHA512348bc9eac840aa83d75da3eab366d86840c2e940a714c59fe2ae3a46b0d9c22cf426e6858a1f3c6a7a305b4057284c4d37a2780e968b05ab7a37fe0496a882d6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5969e945731ab9c2c6c1e0253c19e337a
SHA1c5592f18a8015f91518a4baa21d244da374a9fa6
SHA2567f2eff662df2910793eca82d60be565fd75e09a61ec6b36ae78d500d561858a7
SHA51202e8ae07f5cec125d06b0e8e78307597260bc018e756d275085dcf057c49d73ffbe41438c3b8b27459c5b6d561f334e49f72a06ccf1a6f26cdd488167961391b
-
\??\pipe\LOCAL\crashpad_4384_WXOLNFVJOXZAZAIAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e