Overview
overview
3Static
static
1docs/install.html
windows7-x64
3docs/install.html
windows10-2004-x64
3docs/license.htm
windows7-x64
3docs/license.htm
windows10-2004-x64
3docs/新云软件.url
windows7-x64
1docs/新云软件.url
windows10-2004-x64
1upload/art...jax.js
windows7-x64
3upload/art...jax.js
windows10-2004-x64
3upload/boo...ook.js
windows7-x64
3upload/boo...ook.js
windows10-2004-x64
3upload/cert/index.htm
windows7-x64
3upload/cert/index.htm
windows10-2004-x64
3upload/com...ent.js
windows7-x64
3upload/com...ent.js
windows10-2004-x64
3upload/dow...jax.js
windows7-x64
3upload/dow...jax.js
windows10-2004-x64
3upload/fck...mon.js
windows7-x64
3upload/fck...mon.js
windows10-2004-x64
3upload/fck...eld.js
windows7-x64
3upload/fck...eld.js
windows10-2004-x64
3upload/fck...t.html
windows7-x64
3upload/fck...t.html
windows10-2004-x64
3upload/fck...r.html
windows7-x64
3upload/fck...r.html
windows10-2004-x64
3upload/fck...n.html
windows7-x64
3upload/fck...n.html
windows10-2004-x64
3upload/fck...x.html
windows7-x64
3upload/fck...x.html
windows10-2004-x64
3upload/fck...r.html
windows7-x64
3upload/fck...r.html
windows10-2004-x64
3upload/fck...s.html
windows7-x64
3upload/fck...s.html
windows10-2004-x64
3Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system -
submitted
01-08-2024 08:07
Static task
static1
Behavioral task
behavioral1
Sample
docs/install.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
docs/install.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral3
Sample
docs/license.htm
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
docs/license.htm
Resource
win10v2004-20240730-en
Behavioral task
behavioral5
Sample
docs/新云软件.url
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
docs/新云软件.url
Resource
win10v2004-20240730-en
Behavioral task
behavioral7
Sample
upload/art/js/artajax.js
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
upload/art/js/artajax.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral9
Sample
upload/book/js/ftbook.js
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
upload/book/js/ftbook.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral11
Sample
upload/cert/index.htm
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
upload/cert/index.htm
Resource
win10v2004-20240730-en
Behavioral task
behavioral13
Sample
upload/comment/js/comment.js
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
upload/comment/js/comment.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral15
Sample
upload/down/js/downajax.js
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
upload/down/js/downajax.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral17
Sample
upload/fckeditor/editor/dialog/common/fck_dialog_common.js
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
upload/fckeditor/editor/dialog/common/fck_dialog_common.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral19
Sample
upload/fckeditor/editor/dialog/common/fcknumericfield.js
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
upload/fckeditor/editor/dialog/common/fcknumericfield.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral21
Sample
upload/fckeditor/editor/dialog/fck_about.html
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
upload/fckeditor/editor/dialog/fck_about.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral23
Sample
upload/fckeditor/editor/dialog/fck_anchor.html
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
upload/fckeditor/editor/dialog/fck_anchor.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral25
Sample
upload/fckeditor/editor/dialog/fck_button.html
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
upload/fckeditor/editor/dialog/fck_button.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral27
Sample
upload/fckeditor/editor/dialog/fck_checkbox.html
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
upload/fckeditor/editor/dialog/fck_checkbox.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral29
Sample
upload/fckeditor/editor/dialog/fck_colorselector.html
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
upload/fckeditor/editor/dialog/fck_colorselector.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral31
Sample
upload/fckeditor/editor/dialog/fck_docprops.html
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
upload/fckeditor/editor/dialog/fck_docprops.html
Resource
win10v2004-20240730-en
General
-
Target
upload/fckeditor/editor/dialog/fck_about.html
-
Size
5KB
-
MD5
73611171a38f0969dc99bbf69bd5fb3e
-
SHA1
90c8281d6b6b6d40cb9fc7e5686d74e86ae8cd24
-
SHA256
2e545533724856be7b9c4ae99ce64bf2fab1ea4081725d1b41929e8f2aecbce0
-
SHA512
02ff7e25118708bd207f3e0f338ef2c45264cf0c44fced79fc08f39065df6ec683612f9943685a10012ebd786cbcc54a927103593dc47d583c19b012fa1069c4
-
SSDEEP
96:jQxgqzqhoIqqPVEjUfWvFQf8E4rI2YeJdhCHC86kNHmeoIcohQzcDl:8GhBeIu9Qf89rI4LCi86kpmebmzcDl
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 812 msedge.exe 812 msedge.exe 1828 msedge.exe 1828 msedge.exe 4448 identity_helper.exe 4448 identity_helper.exe 1804 msedge.exe 1804 msedge.exe 1804 msedge.exe 1804 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe 1828 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1828 wrote to memory of 2104 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2104 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 2632 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 812 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 812 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe PID 1828 wrote to memory of 216 1828 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\upload\fckeditor\editor\dialog\fck_about.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbda8246f8,0x7ffbda824708,0x7ffbda8247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5512 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD554a5c07b53c4009779045b54c5fa2f4c
SHA1efa045dbe55278511fcf72160b6dc1ff61ac85a0
SHA256ff9aa521bb8c638f0703a5405919a7c195d42998bedc8e2000e67c97c9dbc39f
SHA5120276c6f10bb7f7c3da16d7226b4c7a2ab96744f106d3fea448faf6b52c05880fe65780683df75cca621e3b6fff0bd04defb395035a6c4024bb359c17e32be493
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d3901cd618f65d66fb0643258e3ef906
SHA1c9b42868c9119173ff2b1f871eeef5fa487c04f6
SHA2561f74c3d5f4d41c4d5358e63ad09f8cede236eb66957f9888f42abf98b238c086
SHA51289c122ea72ae3f26c94e34040e0f0a856506c8490ba36fce371a731b3f0588407c6356cca2ebea37ac829a67c2b398e298a64d5a72712172f69071264ca58e98
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\18bb70b4-c5ce-4512-b455-c662b0e38979.tmpFilesize
6KB
MD569bae0cb0c0d99275e87d3e4e13364ce
SHA1bb2fc24e9c3ce2e2c5e5821fe4d02d42bc8843d3
SHA2567f86b57f663e0ddb59f13f39205d93d7d5cde07d49a99f30303596c7f43d1595
SHA512fe752a52f2c333e80f8a258188e2bd87483291e5cb34425e49d8db4dc11c2e0e92b9c5c11b33efe441001687cd9121ddb891020c64705beba498a7e171f0a83e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51cc1ec42a347b5e313ec411f2deee56f
SHA1f707b840bc835fa77d550f2dbf08c49de703b3f2
SHA256622cf6f9c6e1a1fb5b0b7ef42d571171917d9dad9d7547430c8afbb38c602def
SHA5124f478afb98bfaa90dffc4d16f5592f7e9fca100543ed83bb26263afe9bb161080ab469324927d69dfc7fc5eb1caf9541cc37a64e26b89563ff77198c7e52641e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD561b661403965a8b0ed0573fcd0cffd0a
SHA11570404b7e69604c9c8bcb5ce39eff0a14b64f67
SHA25639174a49e3e5d50bae1e651da48ad67ac53881ff209aa7086a92b8fe0623aecb
SHA5123f3c70d46a1813a891f5f07ce9fe97847660189c464eb5479c49850ad4be29503ee2bc234f16e167620f6b9b1f55c6dd023158a1cee01965f0030fc89a61b735
-
\??\pipe\LOCAL\crashpad_1828_MMWWIKBSCIHNMNBOMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e