Overview
overview
10Static
static
321f13b750f...18.exe
windows7-x64
1021f13b750f...18.exe
windows10-2004-x64
7$1/$OUTDIR...er.exe
windows7-x64
7$1/$OUTDIR...er.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
31816850460.js
windows7-x64
31816850460.js
windows10-2004-x64
3211632070006.html
windows7-x64
1211632070006.html
windows10-2004-x64
1about.html
windows7-x64
1about.html
windows10-2004-x64
1api.js
windows7-x64
3api.js
windows10-2004-x64
3begin_pass...2.html
windows7-x64
1begin_pass...2.html
windows10-2004-x64
1begin_pass...8.html
windows7-x64
1begin_pass...8.html
windows10-2004-x64
1frame3.html
windows7-x64
1frame3.html
windows10-2004-x64
1gerenxinwe...6.html
windows7-x64
1gerenxinwe...6.html
windows10-2004-x64
1index1259653512.html
windows7-x64
1index1259653512.html
windows10-2004-x64
1jquery.pla...f95.js
windows7-x64
3jquery.pla...f95.js
windows10-2004-x64
3login390722190.html
windows7-x64
1login390722190.html
windows10-2004-x64
1lvyouhuodong.html
windows7-x64
1lvyouhuodong.html
windows10-2004-x64
1Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07-05-2024 22:13
Static task
static1
Behavioral task
behavioral1
Sample
21f13b750f2c71bb815816866eee55b9_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
21f13b750f2c71bb815816866eee55b9_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$1/$OUTDIR/sftp_plugin/tc_sftp_uninstaller.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$1/$OUTDIR/sftp_plugin/tc_sftp_uninstaller.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
1816850460.js
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
1816850460.js
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
211632070006.html
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
211632070006.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
about.html
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
about.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
api.js
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
api.js
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
begin_password_reset1581078162.html
Resource
win7-20240419-en
Behavioral task
behavioral18
Sample
begin_password_reset1581078162.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
begin_password_reset727114948.html
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
begin_password_reset727114948.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
frame3.html
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
frame3.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
gerenxinwen1732464246.html
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
gerenxinwen1732464246.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
index1259653512.html
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
index1259653512.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
jquery.placeholder-fd5cdc5d60cadb4e97cb85609e889f95.js
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
jquery.placeholder-fd5cdc5d60cadb4e97cb85609e889f95.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
login390722190.html
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
login390722190.html
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
lvyouhuodong.html
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
lvyouhuodong.html
Resource
win10v2004-20240419-en
General
-
Target
index1259653512.html
-
Size
16KB
-
MD5
b9ce0e3d68e41c1158c12a1caa0388eb
-
SHA1
ad1a53b95b6c37093b653926b152cbe015738c17
-
SHA256
132d52105ddb52956f5bf1852cf45fb684f43848977cb2993ad6c0c9a882abc9
-
SHA512
0e123e7ed06ca28d776e184dc40fe244351a2e1d767488d5b26641f90140360e4d31d6febeaf8976aca3b99517cceb3228f9646086ed7a9065065d931e0c1e84
-
SSDEEP
192:KWcr3pxBmpo82jd3T/nhzBmKBUDBEmotzBWBE6syxtkUGgYyRjz1JDC708:KPDgo8253zZxCDlotk5syHpYyDJOj
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4492 msedge.exe 4492 msedge.exe 3220 msedge.exe 3220 msedge.exe 388 identity_helper.exe 388 identity_helper.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe 3220 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3220 wrote to memory of 3928 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 3928 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 680 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4492 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4492 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe PID 3220 wrote to memory of 4968 3220 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\index1259653512.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc84fb46f8,0x7ffc84fb4708,0x7ffc84fb47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6177508890561209384,4333122866065272095,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4080 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5764118c292d75a46526bbb6c3dd49d8e
SHA1c3de5c8bd5bbc2b82dcd47960fc2341c6611a95d
SHA256f0409da0cd73166ea5ff0ac2695dd8dd0200bf1ec67474ae6a538388698eeab1
SHA5120578152b8c3eb1020a59362ef9ef6db564407469d03ccb19da64247e314b03f288df758a1226b50f94fa6a4c99e4116db99a59647e95318b7035ef5e932d3bc9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a63e59ff225106926f4c40861fb1c82e
SHA1e61e109842662ef101ec0b4efe092db86f925140
SHA256aa62c995a914775c6b4741793776a01f07de6134573e1d48e11644ecbc5aeee8
SHA51262e18012a19cb1520a943e7017ae5ed69b8e5c4a74b75eb322af97872f347280bc06bc216845b7bea4dff4e3bfce45e41aec9301924786bd9b0bf31fb49fe1d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a73519766daa0aa32b2dbe9980cea25d
SHA146a82e381150b357a6c0374d06a222f444a6f3f0
SHA256b7a51790aa692a571aaf24802af6fe802262e97e33b9ef16fbf8cf98c7f0ae95
SHA512bd280399e45e2237a035314345f304191e9293a6be1e452abbdf25440eecd8ff2aa3a10a5d33f7dc2a508c69724343d99df246e58fb87bb05c1b7eaf01ab92d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5200448262836ad83d5ecd184a6c1cfff
SHA13c094df6192919516d5d03da05552119f83bf33f
SHA256da40a93edb547615e3ffa2b5aa83e0eb0a3ea2dd6b626ad7d74eb9dfae5364b8
SHA5123ac383d6ccac1e44e20bcf383484c19b64189f50d540784839586810ea19a98d536a6e86faacebb9182701a1edefa3f17abd6ee9ec406bf0bb92677c69720c44
-
\??\pipe\LOCAL\crashpad_3220_OLKMCQKQAVDBCZBLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e