Overview
overview
3Static
static
1flash/新�...��.url
windows7-x64
1flash/新�...��.url
windows10-2004-x64
1upload/Scr...ent.js
windows7-x64
3upload/Scr...ent.js
windows10-2004-x64
3upload/blo...ex.htm
windows7-x64
3upload/blo...ex.htm
windows10-2004-x64
3upload/dbq...ex.htm
windows7-x64
3upload/dbq...ex.htm
windows10-2004-x64
3upload/dbq...age.js
windows7-x64
3upload/dbq...age.js
windows10-2004-x64
3upload/fee...ex.htm
windows7-x64
3upload/fee...ex.htm
windows10-2004-x64
3upload/fee...age.js
windows7-x64
3upload/fee...age.js
windows10-2004-x64
3upload/por...rt.ps1
windows7-x64
3upload/por...rt.ps1
windows10-2004-x64
3upload/por...ass.js
windows7-x64
3upload/por...ass.js
windows10-2004-x64
3upload/por...ex.ps1
windows7-x64
3upload/por...ex.ps1
windows10-2004-x64
3upload/por...ex.htm
windows7-x64
3upload/por...ex.htm
windows10-2004-x64
3upload/por...ent.js
windows7-x64
3upload/por...ent.js
windows10-2004-x64
3upload/por...ent.js
windows7-x64
3upload/por...ent.js
windows10-2004-x64
3upload/por...eld.js
windows7-x64
3upload/por...eld.js
windows10-2004-x64
3upload/por...el.ps1
windows7-x64
3upload/por...el.ps1
windows10-2004-x64
3upload/por...age.js
windows7-x64
3upload/por...age.js
windows10-2004-x64
3Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2024 10:07
Static task
static1
Behavioral task
behavioral1
Sample
flash/新云软件.url
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
flash/新云软件.url
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
upload/Scripts/AC_RunActiveContent.js
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
upload/Scripts/AC_RunActiveContent.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
upload/block/language/index.htm
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
upload/block/language/index.htm
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
upload/dbquery/language/index.htm
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
upload/dbquery/language/index.htm
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
upload/dbquery/manage.js
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
upload/dbquery/manage.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
upload/feedback/language/index.htm
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
upload/feedback/language/index.htm
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
upload/feedback/manage.js
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
upload/feedback/manage.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
upload/portal/cart.ps1
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
upload/portal/cart.ps1
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
upload/portal/core.class.js
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
upload/portal/core.class.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
upload/portal/index.ps1
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
upload/portal/index.ps1
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
upload/portal/language/index.htm
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
upload/portal/language/index.htm
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
upload/portal/manage.comment.js
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
upload/portal/manage.comment.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
upload/portal/manage.content.js
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
upload/portal/manage.content.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
upload/portal/manage.field.js
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
upload/portal/manage.field.js
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
upload/portal/manage.model.ps1
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
upload/portal/manage.model.ps1
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
upload/portal/manage.js
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
upload/portal/manage.js
Resource
win10v2004-20240709-en
General
-
Target
upload/portal/language/index.htm
-
Size
1B
-
MD5
7215ee9c7d9dc229d2921a40e899ec5f
-
SHA1
b858cb282617fb0956d960215c8e84d1ccf909c6
-
SHA256
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
-
SHA512
f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4328 msedge.exe 4328 msedge.exe 3080 msedge.exe 3080 msedge.exe 2316 identity_helper.exe 2316 identity_helper.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe 3080 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3080 wrote to memory of 3680 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3680 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 228 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4328 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 4328 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe PID 3080 wrote to memory of 3776 3080 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\upload\portal\language\index.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8763d46f8,0x7ff8763d4708,0x7ff8763d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,1785407772490209893,17794118818525362327,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51f9d180c0bcf71b48e7bc8302f85c28f
SHA1ade94a8e51c446383dc0a45edf5aad5fa20edf3c
SHA256a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc
SHA512282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD560ead4145eb78b972baf6c6270ae6d72
SHA1e71f4507bea5b518d9ee9fb2d523c5a11adea842
SHA256b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7
SHA5128cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD59e3984e17fd82f1734883911b37c0f75
SHA19b5611f5129f68b74d0f63bc03e1a78d69c714c6
SHA256b183c7e6aedb28a75c21a32d79f47eb9b4bb8e06c42f6de2806632be2cc28f30
SHA512550e8836d1f759be69d5f47b96b6719a66943e8ff21c22b27112dd2160379ef8c19af2d5a3f74bdab874cd497fab32fc1af5e65a5ac002ae6ef7bbfaaeea617d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59d234dd0596ef06825da35b5a0fbb1a0
SHA1f5a3d4f558456b78e3e765ba8fcbca66060fe02b
SHA256eda181127c25afbb4e40b96f68914db1ce918c93f75c21065bc14192e8262e2d
SHA51224d05ff7a0bdb509092031b134a824dc3273202344663fe7b0c442b3caf361f2c0cdd300651f78d9203b44d34803478d43f08b38804c5325dbe228b1e52b7fb9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD55f637759b69e8d892a473ef8d6af87c0
SHA1f862f6f8f514cbc1fd2a0859c5b889d488e13f40
SHA256d0f76a2f56153f92bb48b779da1f6c302dfc1a30c93f4b774a599bd74e9f69dc
SHA51291744a602e0eaf76f5fcc154d4228d4140ee7286861a14f3872be9ba72253274f9f2f055766798c88bda74a610824eb2df8db2e3ea62fd78567a031823a17dad
-
\??\pipe\LOCAL\crashpad_3080_QXLIIPMKAOIGCFGLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e