Overview
overview
3Static
static
1flash/新�...��.url
windows7-x64
1flash/新�...��.url
windows10-2004-x64
1upload/Scr...ent.js
windows7-x64
3upload/Scr...ent.js
windows10-2004-x64
3upload/blo...ex.htm
windows7-x64
3upload/blo...ex.htm
windows10-2004-x64
3upload/dbq...ex.htm
windows7-x64
3upload/dbq...ex.htm
windows10-2004-x64
3upload/dbq...age.js
windows7-x64
3upload/dbq...age.js
windows10-2004-x64
3upload/fee...ex.htm
windows7-x64
3upload/fee...ex.htm
windows10-2004-x64
3upload/fee...age.js
windows7-x64
3upload/fee...age.js
windows10-2004-x64
3upload/por...rt.ps1
windows7-x64
3upload/por...rt.ps1
windows10-2004-x64
3upload/por...ass.js
windows7-x64
3upload/por...ass.js
windows10-2004-x64
3upload/por...ex.ps1
windows7-x64
3upload/por...ex.ps1
windows10-2004-x64
3upload/por...ex.htm
windows7-x64
3upload/por...ex.htm
windows10-2004-x64
3upload/por...ent.js
windows7-x64
3upload/por...ent.js
windows10-2004-x64
3upload/por...ent.js
windows7-x64
3upload/por...ent.js
windows10-2004-x64
3upload/por...eld.js
windows7-x64
3upload/por...eld.js
windows10-2004-x64
3upload/por...el.ps1
windows7-x64
3upload/por...el.ps1
windows10-2004-x64
3upload/por...age.js
windows7-x64
3upload/por...age.js
windows10-2004-x64
3Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2024 10:07
Static task
static1
Behavioral task
behavioral1
Sample
flash/新云软件.url
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
flash/新云软件.url
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
upload/Scripts/AC_RunActiveContent.js
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
upload/Scripts/AC_RunActiveContent.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
upload/block/language/index.htm
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
upload/block/language/index.htm
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
upload/dbquery/language/index.htm
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
upload/dbquery/language/index.htm
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
upload/dbquery/manage.js
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
upload/dbquery/manage.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
upload/feedback/language/index.htm
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
upload/feedback/language/index.htm
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
upload/feedback/manage.js
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
upload/feedback/manage.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
upload/portal/cart.ps1
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
upload/portal/cart.ps1
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
upload/portal/core.class.js
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
upload/portal/core.class.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
upload/portal/index.ps1
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
upload/portal/index.ps1
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
upload/portal/language/index.htm
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
upload/portal/language/index.htm
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
upload/portal/manage.comment.js
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
upload/portal/manage.comment.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
upload/portal/manage.content.js
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
upload/portal/manage.content.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
upload/portal/manage.field.js
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
upload/portal/manage.field.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
upload/portal/manage.model.ps1
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
upload/portal/manage.model.ps1
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
upload/portal/manage.js
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
upload/portal/manage.js
Resource
win10v2004-20240709-en
General
-
Target
upload/feedback/language/index.htm
-
Size
1B
-
MD5
7215ee9c7d9dc229d2921a40e899ec5f
-
SHA1
b858cb282617fb0956d960215c8e84d1ccf909c6
-
SHA256
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
-
SHA512
f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4256 msedge.exe 4256 msedge.exe 4020 msedge.exe 4020 msedge.exe 1016 identity_helper.exe 1016 identity_helper.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe 848 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe 4020 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4020 wrote to memory of 2060 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 2060 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1068 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 4256 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 4256 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe PID 4020 wrote to memory of 1148 4020 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\upload\feedback\language\index.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce14b46f8,0x7ffce14b4708,0x7ffce14b47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4667558772329673056,2327433538005799282,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3180 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD504b60a51907d399f3685e03094b603cb
SHA1228d18888782f4e66ca207c1a073560e0a4cc6e7
SHA25687a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3
SHA5122a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59622e603d436ca747f3a4407a6ca952e
SHA1297d9aed5337a8a7290ea436b61458c372b1d497
SHA256ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261
SHA512f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5328ff8ccdc7186287553e2ce1c468608
SHA14afd56217f3d8a9db9e0e61788e469860af2fd62
SHA256206e269a350ee78d01834f42dec526a56c12be0627a2ceeec4e9c0d2a8d5d59a
SHA512c352835edfad1f3c286e4fec50b2883fedf01e2b0405374a37489c4b0a7a55b07039b96440af8fc3a0ed19c92d1c2db57d451f7826ad3acfa4fe6f64ad2ec112
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5acdafb07bee4f257aacce62d5480edd4
SHA1998865cdef5f12c167b6b2d8f16c7075b2109018
SHA25637a94ba2314571ee80265c46b54557979c906c7766696949528c249d858469c7
SHA512d32a9e92c689eb437ff08e7e6f1a6783ca88388b79ac4959551566572970970aacfd6ec54d202aa277e97ab0c44bc5cd45a83f4b9ed40a03a514f55a9d4b44da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5d97a40be5a66ca0ed643dc828fa6675f
SHA1b25b5e8b4075b81b7c1f7fd51f08fb6d184e5fe5
SHA256b71dcdbb454b627d82d0d4aa3f7018907a4d2d6b89a5aa4d3fc9453beba59dbf
SHA512ff08752907819850f6260e6214b118ef695176970a46538560974f9dd24ca83e8539aa4fd8e5a2ae2367c545417c8d3469c33830fd81d5090191bc9c618520c6
-
\??\pipe\LOCAL\crashpad_4020_JPPZPSCXVDJQXXPBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e