Overview
overview
3Static
static
3Domain.zip
windows10-2004-x64
1Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/.gi...sample
windows10-2004-x64
3Domain/bin...11.pyc
windows10-2004-x64
3Domain/bin...12.pyc
windows10-2004-x64
3Domain/bin...11.pyc
windows10-2004-x64
3Domain/bin...12.pyc
windows10-2004-x64
3Domain/bin...11.pyc
windows10-2004-x64
3Domain/bin...12.pyc
windows10-2004-x64
3Domain/bin...i.html
windows10-2004-x64
1Domain/bin...api.py
windows10-2004-x64
3Domain/bin...d-p.py
windows10-2004-x64
3Domain/bin...end.py
windows10-2004-x64
3Domain/bin/octal.py
windows10-2004-x64
3Domain/bin...le.exe
windows10-2004-x64
1Domain/domain.py
windows10-2004-x64
3Analysis
-
max time kernel
600s -
max time network
485s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
22-07-2024 14:57
Static task
static1
Behavioral task
behavioral1
Sample
Domain.zip
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
Domain/.git/hooks/applypatch-msg.sample
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
Domain/.git/hooks/commit-msg.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral4
Sample
Domain/.git/hooks/fsmonitor-watchman.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Domain/.git/hooks/post-update.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral6
Sample
Domain/.git/hooks/pre-applypatch.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
Domain/.git/hooks/pre-commit.sample
Resource
win10v2004-20240704-en
Behavioral task
behavioral8
Sample
Domain/.git/hooks/pre-merge-commit.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
Domain/.git/hooks/pre-push.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral10
Sample
Domain/.git/hooks/pre-rebase.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
Domain/.git/hooks/pre-receive.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral12
Sample
Domain/.git/hooks/prepare-commit-msg.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
Domain/.git/hooks/push-to-checkout.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral14
Sample
Domain/.git/hooks/update.sample
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
Domain/bin/__pycache__/domainapi.cpython-311.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral16
Sample
Domain/bin/__pycache__/domainapi.cpython-312.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
Domain/bin/__pycache__/domainbackend.cpython-311.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral18
Sample
Domain/bin/__pycache__/domainbackend.cpython-312.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
Domain/bin/__pycache__/octal.cpython-311.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral20
Sample
Domain/bin/__pycache__/octal.cpython-312.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
Domain/bin/assets/ui.html
Resource
win10v2004-20240709-en
Behavioral task
behavioral22
Sample
Domain/bin/domainapi.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
Domain/bin/domainbackend-p.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral24
Sample
Domain/bin/domainbackend.py
Resource
win10v2004-20240704-en
Behavioral task
behavioral25
Sample
Domain/bin/octal.py
Resource
win10v2004-20240709-en
Behavioral task
behavioral26
Sample
Domain/bin/rbxcompile.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
Domain/domain.py
Resource
win10v2004-20240709-en
General
-
Target
Domain/bin/assets/ui.html
-
Size
4KB
-
MD5
6f8f041c68e7bc0067d7e6e4c3e9b824
-
SHA1
550b684e7e03154f5424271e97a33c1ada49d5db
-
SHA256
fbe5a564a1d50db2341cfd339f7feed965024c18ffb916fa77aae4651fa0e5ea
-
SHA512
88ae8526d6874f7480224672ae4a7e2557699f0423ef6f32dbcc68f0207a2ec0fca70af60e1bc8ba19c100f46d0f93d19b203b63a03543ee3289857a1e9dca3c
-
SSDEEP
96:HMA5Xrg16dLUWUU1MmUtJ9zYz50yZ5am7ZCpvMAEHIVzaGOc:HMA57g2LU9UamU/hkVZ5EpvMAEoVuGOc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 212 msedge.exe 212 msedge.exe 2388 msedge.exe 2388 msedge.exe 3132 identity_helper.exe 3132 identity_helper.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe 4128 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2388 wrote to memory of 4340 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 4340 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1264 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 212 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 212 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe PID 2388 wrote to memory of 1936 2388 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Domain\bin\assets\ui.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2388 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb29f46f8,0x7fffb29f4708,0x7fffb29f47182⤵PID:4340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:1264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:212 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:82⤵PID:1936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:4844
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵PID:3840
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3132 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:2644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:2260
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:4200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:3540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4396379001579466064,14597378947772845310,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2368 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2792
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4784
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d406f3135e11b0a0829109c1090a41dc
SHA1810f00e803c17274f9af074fc6c47849ad6e873e
SHA25691f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4
SHA5122b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57f37f119665df6beaa925337bbff0e84
SHA1c2601d11f8aa77e12ab3508479cbf20c27cbd865
SHA2561073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027
SHA5128e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
674B
MD53746bbccf358b0d0a0c2448b0b88b8ad
SHA1abb7db47a29a0d0e4eef28fb00caa6f6aa4f74c3
SHA2562bf6a83dec29f84510656a31e751adeac1593ac9462fec9a1cd5c9f7ee3db4f5
SHA512f07dd6bf911ad27e85788f6e120d587c5bc8337c9f4dff5fffa86969a97d151c6a33007b6646302a910083d8eba0c9f4577d8e50c087ca489f79c54a3e244933
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD533e14e233dd70c2b34dfe8788ff2d381
SHA1a447ca23936540918d1634504ffa922e061c53c7
SHA25623769298df8a6360dc3e8c1bc8b16b2cec8f787367a7585d59956ac57423f20e
SHA512754fecb56f32ea23fff780175f85340b305569179694894d7450ff838b5e7d2325894f7270f1d3b6670844806163cb6bbf779abd908d836d2d706bbb218ff402
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD51368daa97c6460327c75618cf262fa6e
SHA1b3c97ef73ef29f2b3d50a7e4ea464f639b20fc1b
SHA25621ac17261543df3aa8ab21d0a87b880e23c92ea41189263d2429ef950ec9dfc0
SHA5124187871599adf192cac0a91c349db119caaaf9cb260b92aa9372408547795b9e5687c370b656179ac318100a8dac24ef986d0ec35ec4c45a346804cc4a1f83f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5717f90c182568bb2e2709d5ddf09cb34
SHA1b2e18b6dd7915d2345818f2114ca24d4fcf55a06
SHA2567186198c27546c21f01c5508e87a99f3531482fd1e84a9b50990b92887aff54f
SHA5120e7b7bb20f65503c713e54165cdd00fbe6280f28ffffaed88702d5c13f004d3a47b74529ff36a6314fa07f1d15cb9e0152359ec968f62078a62ad0aa827c11af
-
\??\pipe\LOCAL\crashpad_2388_YUDNVYVDRLSMOGJPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e