Overview
overview
10Static
static
10Debug/Crystal.exe
windows7-x64
10Debug/Crystal.exe
windows10-2004-x64
10Debug/Crys...re.dll
windows7-x64
1Debug/Crys...re.dll
windows10-2004-x64
1Debug/Crys...pet.js
windows7-x64
3Debug/Crys...pet.js
windows10-2004-x64
3Debug/Guna.UI2.dll
windows7-x64
1Debug/Guna.UI2.dll
windows10-2004-x64
1Debug/Micr...re.dll
windows7-x64
1Debug/Micr...re.dll
windows10-2004-x64
1Debug/Micr...ms.dll
windows7-x64
1Debug/Micr...ms.dll
windows10-2004-x64
1Debug/Micr...pf.dll
windows7-x64
1Debug/Micr...pf.dll
windows10-2004-x64
1Debug/Monaco/fgd.html
windows7-x64
1Debug/Monaco/fgd.html
windows10-2004-x64
6Debug/Mona...dex.js
windows7-x64
3Debug/Mona...dex.js
windows10-2004-x64
3Debug/Mona...n/mime
ubuntu-18.04-amd64
3Debug/Mona...n/mime
debian-9-armhf
1Debug/Mona...n/mime
debian-9-mips
Debug/Mona...n/mime
debian-9-mipsel
Debug/Mona...me.cmd
windows7-x64
1Debug/Mona...me.cmd
windows10-2004-x64
1Debug/Mona...me.ps1
ubuntu-18.04-amd64
1Debug/Mona...me.ps1
debian-9-armhf
1Debug/Mona...me.ps1
debian-9-mips
Debug/Mona...me.ps1
debian-9-mipsel
Debug/Mona...DME.js
windows7-x64
3Debug/Mona...DME.js
windows10-2004-x64
3Debug/Mona...dex.js
windows7-x64
3Debug/Mona...dex.js
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 18:42
Behavioral task
behavioral1
Sample
Debug/Crystal.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Debug/Crystal.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Debug/Crystal.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Debug/Crystal.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Debug/Crystal.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.52/adblock_snippet.js
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
Debug/Crystal.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.52/adblock_snippet.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Debug/Guna.UI2.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
Debug/Guna.UI2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Debug/Microsoft.Web.WebView2.Core.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
Debug/Microsoft.Web.WebView2.Core.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Debug/Microsoft.Web.WebView2.WinForms.dll
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
Debug/Microsoft.Web.WebView2.WinForms.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Debug/Microsoft.Web.WebView2.Wpf.dll
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
Debug/Microsoft.Web.WebView2.Wpf.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
Debug/Monaco/fgd.html
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Debug/Monaco/fgd.html
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
Debug/Monaco/fileaccess/index.js
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
Debug/Monaco/fileaccess/index.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral20
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral21
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral22
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral23
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.cmd
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.cmd
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral26
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral27
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral28
Sample
Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral29
Sample
Debug/Monaco/fileaccess/node_modules/accepts/README.js
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Debug/Monaco/fileaccess/node_modules/accepts/README.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Debug/Monaco/fileaccess/node_modules/accepts/index.js
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
Debug/Monaco/fileaccess/node_modules/accepts/index.js
Resource
win10v2004-20240508-en
General
-
Target
Debug/Monaco/fgd.html
-
Size
18KB
-
MD5
a1416c1fe209f7687ff79ab44301b3d3
-
SHA1
3ba3ff0027a98128edad78f5561cef53c4236791
-
SHA256
a6897302dba619dd3c156d57fc4b706662bff4df582975c33478b7878b060d2c
-
SHA512
ce8a9aaf7ba903dfb25df53e04addfedae7ee4fcd07dffd42abf3f275a75b14cb26bb64c9320fd425003c73618b2967bb7be2cfb849050d50dd5308e69842f79
-
SSDEEP
384:fihTARA5Lmwl1qPeVvW4NVtabVBJjVBd+TI6noaQLR7:fihTjoy+StabVBJ/kkgoaQLR7
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3256 msedge.exe 3256 msedge.exe 1136 msedge.exe 1136 msedge.exe 3788 identity_helper.exe 3788 identity_helper.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1136 wrote to memory of 2488 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2488 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 1992 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 3256 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 3256 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe PID 1136 wrote to memory of 2316 1136 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fgd.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1136 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceb7246f8,0x7ffceb724708,0x7ffceb7247182⤵PID:2488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:1992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3256 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵PID:2316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:4804
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:1320
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵PID:5000
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3788 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:1968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:3008
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:2480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:3556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4444
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4584
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1072
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
746B
MD5670a6e0419be3cd9bdbe92f571150fd7
SHA1f816db19160027a5b9a539cd9c589c041fb5f410
SHA256cf9fbdcf62547e079526a3cd6c5233f9a5fa790ab415694bbb43de5000f87df9
SHA5129693c2418ae4919ec7b632a63f7756527771f4b2a6da59485c76b684ab4ebed0f437f9fbe04df99eb8f15b547864fc139586c64a9a093e8f3d1f7223ec84f462
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD570698e796d567173de2c8ba253d02267
SHA139514ea2322e18c4e2bb837083e500921aadbee6
SHA2560ffbac14a8ce07073c6b475e2f68bf9ab40713747841ae7b008364b2733f6b4f
SHA512b371323682c3633d6c034e792a114d9378e1103258840327354196ec57ac10cec2a0646c5759fb764c2c8cf47edb8dc3f3476f53b66227a2f802ba1b8ca57c90
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD56403a4bb876f23e6f368fa37e406e556
SHA10a960108fbba10d94324ae06a4ff357c79fe960d
SHA256c78863c719916d17abc0385ff01b5f9636deb0ceda8bed37ebcc1c2285baed4c
SHA512ebe08b9ea584abacc0126a1d0976d9101742ab1b42725183f137fbc982f224cbc238cc5d1acadb9f5019c4d0840585bfe995df39bb2a6b1f94c490b789188643
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD52fd395f502de5bdfb6747858a7476790
SHA1476e628b7128f565c53c79052ef0d20205c53052
SHA25669c877b2931349421785e77caac2f1d323f2ec76ad528266d34b00edffed969e
SHA5122b4d7ca28112a42e81da06c418e8b551ba9ddf03d7d09e3857f56e95e2eafcb3f8167845e8c0144427f8e5f7d8bccd33d4fb9859ba8f91d5be5d8fe2bb4125d1
-
\??\pipe\LOCAL\crashpad_1136_GLUGOWCMAIMATJKNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e