Overview
overview
3Static
static
3Domain.zip
windows10-2004-x64
1Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/bin...11.pyc
windows10-2004-x64
3Domain/bin...12.pyc
windows10-2004-x64
3Domain/bin...11.pyc
windows10-2004-x64
3Domain/bin...12.pyc
windows10-2004-x64
3Domain/bin...11.pyc
windows10-2004-x64
3Domain/bin...12.pyc
windows10-2004-x64
3Domain/bin...i.html
windows10-2004-x64
1Domain/bin...api.py
windows10-2004-x64
3Domain/bin...d-p.py
windows10-2004-x64
3Domain/bin...end.py
windows10-2004-x64
3Domain/bin/octal.py
windows10-2004-x64
3Domain/bin...le.exe
windows10-2004-x64
1Domain/domain.py
windows10-2004-x64
3Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
22-07-2024 14:56
Static task
static1
Behavioral task
behavioral1
Sample
Domain.zip
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
Domain/.git/hooks/applypatch-msg.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Domain/.git/hooks/commit-msg.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral4
Sample
Domain/.git/hooks/fsmonitor-watchman.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Domain/.git/hooks/post-update.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral6
Sample
Domain/.git/hooks/pre-applypatch.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
Domain/.git/hooks/pre-commit.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral8
Sample
Domain/.git/hooks/pre-merge-commit.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
Domain/.git/hooks/pre-push.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral10
Sample
Domain/.git/hooks/pre-rebase.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
Domain/.git/hooks/pre-receive.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral12
Sample
Domain/.git/hooks/prepare-commit-msg.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
Domain/.git/hooks/push-to-checkout.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral14
Sample
Domain/.git/hooks/update.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
Domain/bin/__pycache__/domainapi.cpython-311.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral16
Sample
Domain/bin/__pycache__/domainapi.cpython-312.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
Domain/bin/__pycache__/domainbackend.cpython-311.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral18
Sample
Domain/bin/__pycache__/domainbackend.cpython-312.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
Domain/bin/__pycache__/octal.cpython-311.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral20
Sample
Domain/bin/__pycache__/octal.cpython-312.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
Domain/bin/assets/ui.html
Resource
win10v2004-20240709-en
Behavioral task
behavioral22
Sample
Domain/bin/domainapi.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
Domain/bin/domainbackend-p.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral24
Sample
Domain/bin/domainbackend.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
Domain/bin/octal.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral26
Sample
Domain/bin/rbxcompile.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
Domain/domain.py
Resource
win10v2004-20240709-en
General
-
Target
Domain/bin/assets/ui.html
-
Size
4KB
-
MD5
6f8f041c68e7bc0067d7e6e4c3e9b824
-
SHA1
550b684e7e03154f5424271e97a33c1ada49d5db
-
SHA256
fbe5a564a1d50db2341cfd339f7feed965024c18ffb916fa77aae4651fa0e5ea
-
SHA512
88ae8526d6874f7480224672ae4a7e2557699f0423ef6f32dbcc68f0207a2ec0fca70af60e1bc8ba19c100f46d0f93d19b203b63a03543ee3289857a1e9dca3c
-
SSDEEP
96:HMA5Xrg16dLUWUU1MmUtJ9zYz50yZ5am7ZCpvMAEHIVzaGOc:HMA57g2LU9UamU/hkVZ5EpvMAEoVuGOc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3156 msedge.exe 3156 msedge.exe 1936 msedge.exe 1936 msedge.exe 552 identity_helper.exe 552 identity_helper.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe 1936 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1936 wrote to memory of 3468 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 3468 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 4144 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 3156 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 3156 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe PID 1936 wrote to memory of 2952 1936 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Domain\bin\assets\ui.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3e6046f8,0x7ffc3e604708,0x7ffc3e6047182⤵PID:3468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:4144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3156 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:2952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2088
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵PID:1560
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:552 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:1848
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:4904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:2272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:3488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14581561611103357703,13438281213885147939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1656
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1052
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5584971c8ba88c824fd51a05dddb45a98
SHA1b7c9489b4427652a9cdd754d1c1b6ac4034be421
SHA256e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307
SHA5125dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b28ef7d9f6d74f055cc49876767c886c
SHA1d6b3267f36c340979f8fc3e012fdd02c468740bf
SHA256fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37
SHA512491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
673B
MD5b0840c069f27438c9fb9175c793b5088
SHA197624f9f49b6112f0b53939d90a6a52bcd4c95ac
SHA256a414782d6a8b55476458788b53549033ba33070032aa42d5061111d62496faca
SHA512fc85a11066fdb5c7575c2529045096fe92548d7114b5d2bb69dec5f9196a937d97e799f9ade3bb5545f4cd008f4f06660789f87b0e9c27f5a34856f35d7bc106
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD528d4a893562ee5a89931670b275cd2b7
SHA1cf124594a39f2049b1238c3a26316143de1535f1
SHA2569567ab67091fdbd767708ab46fb35bbb849cbbf8c46c75c1cab2d9b8bcde4ae4
SHA51264ed13ab89fd8c58c6c2cd3efadbc01628b0e5a6c94bd53df82e1ae4cef4b5d1b2b3792ddb7e4ef18654eaa764f046beef75f01d691099b7a491397025afd658
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5220d4b70aacd9c8c5a39e5b54f807405
SHA1194adcbcdedab32d56d9d2e1d8e566d8271d5555
SHA256fefe49f7cb4ecd2f928e6d48d9e4958b9495eecf050038a08807b0797ac0db8b
SHA5120129c053a0a057dd5d75b32e18e04e35b41e6572d5b872c09999d2cf9a7f596759d5c7a2fdd9f248239712c67924cbcbb737ea8adbda32cf7f86913f037f24c8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50fd72b16073e9a7879abd41fa14af5c0
SHA15abefb57f721582d1b92981a501e921c41553761
SHA256d87ff7ef12e45165c736561bfa059b90134d2d14ae6ea8d7172a921f8787d3ba
SHA512f0ea1975e13492065b503a7d8bf0453afc8bd41f9756e89acfe176be74738ee54950ad47c50c4c434f6c18300bc2f5ee03fc09b7a671876574f627aed0c50486
-
\??\pipe\LOCAL\crashpad_1936_QLHDRKOFIQYMEVGPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e