Overview
overview
10Static
static
321f13b750f...18.exe
windows7-x64
1021f13b750f...18.exe
windows10-2004-x64
7$1/$OUTDIR...er.exe
windows7-x64
7$1/$OUTDIR...er.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
31816850460.js
windows7-x64
31816850460.js
windows10-2004-x64
3211632070006.html
windows7-x64
1211632070006.html
windows10-2004-x64
1about.html
windows7-x64
1about.html
windows10-2004-x64
1api.js
windows7-x64
3api.js
windows10-2004-x64
3begin_pass...2.html
windows7-x64
1begin_pass...2.html
windows10-2004-x64
1begin_pass...8.html
windows7-x64
1begin_pass...8.html
windows10-2004-x64
1frame3.html
windows7-x64
1frame3.html
windows10-2004-x64
1gerenxinwe...6.html
windows7-x64
1gerenxinwe...6.html
windows10-2004-x64
1index1259653512.html
windows7-x64
1index1259653512.html
windows10-2004-x64
1jquery.pla...f95.js
windows7-x64
3jquery.pla...f95.js
windows10-2004-x64
3login390722190.html
windows7-x64
1login390722190.html
windows10-2004-x64
1lvyouhuodong.html
windows7-x64
1lvyouhuodong.html
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
07-05-2024 22:13
Static task
static1
Behavioral task
behavioral1
Sample
21f13b750f2c71bb815816866eee55b9_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
21f13b750f2c71bb815816866eee55b9_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$1/$OUTDIR/sftp_plugin/tc_sftp_uninstaller.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$1/$OUTDIR/sftp_plugin/tc_sftp_uninstaller.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
1816850460.js
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
1816850460.js
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
211632070006.html
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
211632070006.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
about.html
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
about.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
api.js
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
api.js
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
begin_password_reset1581078162.html
Resource
win7-20240419-en
Behavioral task
behavioral18
Sample
begin_password_reset1581078162.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
begin_password_reset727114948.html
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
begin_password_reset727114948.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
frame3.html
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
frame3.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
gerenxinwen1732464246.html
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
gerenxinwen1732464246.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
index1259653512.html
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
index1259653512.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
jquery.placeholder-fd5cdc5d60cadb4e97cb85609e889f95.js
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
jquery.placeholder-fd5cdc5d60cadb4e97cb85609e889f95.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
login390722190.html
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
login390722190.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
lvyouhuodong.html
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
lvyouhuodong.html
Resource
win10v2004-20240419-en
General
-
Target
begin_password_reset727114948.html
-
Size
10KB
-
MD5
098cb18bf918dd68d7e121c6bcb4e6fb
-
SHA1
2af7d81226a1ef3e60143428a112b37640e87436
-
SHA256
bd274e2a722a9ba2d86a00932d4039e3e110de551e3b6230cfc11a07542bcdd2
-
SHA512
eace8002bdb1274b6516d994463a8110f9e37c581447e0554b9e116ab186dc29f74a878642d65912bffac6571a280ae8421d09a69480512d5c8f37f6feb5f6c0
-
SSDEEP
192:ltJUWt9PyiovLOZHAzdhmXOvGl1SEnqHN:ltv3iQYweK1p0N
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1488 msedge.exe 1488 msedge.exe 4916 msedge.exe 4916 msedge.exe 3416 identity_helper.exe 3416 identity_helper.exe 4632 msedge.exe 4632 msedge.exe 4632 msedge.exe 4632 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4916 wrote to memory of 4924 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 4924 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 2504 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1488 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1488 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe PID 4916 wrote to memory of 1192 4916 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\begin_password_reset727114948.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3277100422781295619,14831501681706130003,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3748 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
254B
MD5450bd5128e1b233f24eb086e96db2990
SHA1bb10800f92bb19bf0fba6c8bf06063f78ca8e78d
SHA2566ea9e6ea880b036a0e79aa7dd29b7d59a8a5a1c10ae4d60ca971ae36476c2856
SHA51214deedb9a92e3cfe557b8b9c030aca5c00fa1735cc92e8c690242b90b457c58f42c6a610df5443ace100ea27ef35baacb29f548e3ec88c224704ea39df447f90
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a149ca4456b33ad5bde1bf5841e72645
SHA1924724692c53b69b7b90e24f5bee80ef582a0962
SHA256fa9303f632c941f59d1f381734d32a5c1fcd46797132bab72fa8c06ecfa06930
SHA51262d7f40e4a05382d6e32abe2ce33bf94e08db65591111194a52efa378c05a267906685ff6367b65be76da9cab3bfb11109510847636eea0083f80b14e1dfad4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5987c83b1d43e78c1b8364d9de10b5b8b
SHA13b8f2a3cf0091c543cd7171c53bd5aa54d176f4b
SHA2562900842e71148e1359f3e79b26c2c95aae9100c7bfd51dce891c43065fdb72e9
SHA5123c55286c2f6ef6be2b9c4344988cc1b871c47c64e2f290e7e62357ed98dc196115c499cb29dc921f880e1a1d6e0f7d4d22cafa345d16653e452cc9fa7d26cf84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d16b531d1700d22a8150b85e168b6c38
SHA15af5eabeb5b40059319b7ecfe07a83b93603d688
SHA256b8d192537e5c12fcedc25e87af03d27051972779515e89719ba11b243eb19819
SHA512a5dbc0d714f213a0d1da7cb9881dad91e5545e8823fc6a7c758bc4acf19d96af287323c1061a8e3111b0787c9bf29d6d288102a2af9cd8c409afeb6f6d1dfeec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
372B
MD59366025400fe09aa7fdf71a6b4a9358a
SHA19e31da5701561294a5ee444c1ce396c52430f344
SHA2567c4a47fc05e801d7a528dc3a2a775004a7c685a0b1ba441d68d969cf2d2d215f
SHA512ce70079291a7e795bf2f1290185d62ab2e12e3fec611a1947853f4383f1161b4677ad1b01c1ffdbe6ad8bf81d3793bb5c8b695186de6ebcf876570b489bc8164
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b650.TMPFilesize
204B
MD5bae6f50237b2afc5cef2665d06dcb316
SHA136b770c2bd6b27b8215bceae8643361e0e880086
SHA256a25e33b8e287259495361de727b8833e16ce31cee05a08388de05bb683453038
SHA512b168afb013559f51618c5f6d5a0ec495f81ebab6f4877c5cee9e476fefb3f10ae9926f9a663c8ae4d8e7a0f8ff0adb8e953ef6854e912f3b95274615bb2e4a54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD56ca4ba1de054a5d52b70b8f363ec0a95
SHA11af11073b17ad74ce4a3e537a72d9f42a53d34e9
SHA25686612e557c045786f929cbbe811db752fb50b8aa012cbd8938a9e5797b0ad880
SHA5128738cb8b9f2484fd9f43cce0ee3de27bf93b10d551f7d12f5b5c4caa737453f4c8ef3164cf8c8970d53421581215e5061e7139a5435a2ae44d96abaf1ba82245
-
\??\pipe\LOCAL\crashpad_4916_CEIKNSOOARJTTAEMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e