Overview
overview
3Static
static
1docs/install.html
windows7-x64
3docs/install.html
windows10-2004-x64
3docs/license.htm
windows7-x64
3docs/license.htm
windows10-2004-x64
3docs/新云软件.url
windows7-x64
1docs/新云软件.url
windows10-2004-x64
1upload/art...jax.js
windows7-x64
3upload/art...jax.js
windows10-2004-x64
3upload/boo...ook.js
windows7-x64
3upload/boo...ook.js
windows10-2004-x64
3upload/cert/index.htm
windows7-x64
3upload/cert/index.htm
windows10-2004-x64
3upload/com...ent.js
windows7-x64
3upload/com...ent.js
windows10-2004-x64
3upload/dow...jax.js
windows7-x64
3upload/dow...jax.js
windows10-2004-x64
3upload/fck...mon.js
windows7-x64
3upload/fck...mon.js
windows10-2004-x64
3upload/fck...eld.js
windows7-x64
3upload/fck...eld.js
windows10-2004-x64
3upload/fck...t.html
windows7-x64
3upload/fck...t.html
windows10-2004-x64
3upload/fck...r.html
windows7-x64
3upload/fck...r.html
windows10-2004-x64
3upload/fck...n.html
windows7-x64
3upload/fck...n.html
windows10-2004-x64
3upload/fck...x.html
windows7-x64
3upload/fck...x.html
windows10-2004-x64
3upload/fck...r.html
windows7-x64
3upload/fck...r.html
windows10-2004-x64
3upload/fck...s.html
windows7-x64
3upload/fck...s.html
windows10-2004-x64
3Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system -
submitted
01-08-2024 08:07
Static task
static1
Behavioral task
behavioral1
Sample
docs/install.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
docs/install.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral3
Sample
docs/license.htm
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
docs/license.htm
Resource
win10v2004-20240730-en
Behavioral task
behavioral5
Sample
docs/新云软件.url
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
docs/新云软件.url
Resource
win10v2004-20240730-en
Behavioral task
behavioral7
Sample
upload/art/js/artajax.js
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
upload/art/js/artajax.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral9
Sample
upload/book/js/ftbook.js
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
upload/book/js/ftbook.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral11
Sample
upload/cert/index.htm
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
upload/cert/index.htm
Resource
win10v2004-20240730-en
Behavioral task
behavioral13
Sample
upload/comment/js/comment.js
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
upload/comment/js/comment.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral15
Sample
upload/down/js/downajax.js
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
upload/down/js/downajax.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral17
Sample
upload/fckeditor/editor/dialog/common/fck_dialog_common.js
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
upload/fckeditor/editor/dialog/common/fck_dialog_common.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral19
Sample
upload/fckeditor/editor/dialog/common/fcknumericfield.js
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
upload/fckeditor/editor/dialog/common/fcknumericfield.js
Resource
win10v2004-20240730-en
Behavioral task
behavioral21
Sample
upload/fckeditor/editor/dialog/fck_about.html
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
upload/fckeditor/editor/dialog/fck_about.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral23
Sample
upload/fckeditor/editor/dialog/fck_anchor.html
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
upload/fckeditor/editor/dialog/fck_anchor.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral25
Sample
upload/fckeditor/editor/dialog/fck_button.html
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
upload/fckeditor/editor/dialog/fck_button.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral27
Sample
upload/fckeditor/editor/dialog/fck_checkbox.html
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
upload/fckeditor/editor/dialog/fck_checkbox.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral29
Sample
upload/fckeditor/editor/dialog/fck_colorselector.html
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
upload/fckeditor/editor/dialog/fck_colorselector.html
Resource
win10v2004-20240730-en
Behavioral task
behavioral31
Sample
upload/fckeditor/editor/dialog/fck_docprops.html
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
upload/fckeditor/editor/dialog/fck_docprops.html
Resource
win10v2004-20240730-en
General
-
Target
upload/fckeditor/editor/dialog/fck_colorselector.html
-
Size
5KB
-
MD5
bf9b03f5294b4e5b308da75379c81b64
-
SHA1
1481348f47a1d3a1aeb70338e1eaed8da055be76
-
SHA256
a28cc32211d7c3fc05c048463b89f6d3c1f0ba8a068e4b78d2b2e0c27dca1fb1
-
SHA512
abd28e6713ce0e2f38d16a3b7210f3305a5a3058ddc472e2f79c8b0c72100a8993738fe5bda89eb18da65ad6876179be655f6605eda1fea07a72884cc602ff00
-
SSDEEP
96:9QxgqzqhoIqqPVTkGKLZjJZg984DsWy5vltrLVCfCfNEvy91VxrUVLJ0I1SDgpYX:OGhBeLZjJZl4Ds7R8fCfNj91voPTDpYX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4500 msedge.exe 4500 msedge.exe 2136 msedge.exe 2136 msedge.exe 3484 identity_helper.exe 3484 identity_helper.exe 1772 msedge.exe 1772 msedge.exe 1772 msedge.exe 1772 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe 2136 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2136 wrote to memory of 3016 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3016 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3828 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 4500 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 4500 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe PID 2136 wrote to memory of 3700 2136 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\upload\fckeditor\editor\dialog\fck_colorselector.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaa9e46f8,0x7fffaa9e4708,0x7fffaa9e47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2360 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2352,17073482390197326418,10070417517956646061,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=180 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD523b6e2531d39ba76e0604a4685249f2d
SHA15f396f68bd58b4141a3a0927d0a93d5ef2c8172f
SHA2564a486d7be440ddf2909be2c2b41e55f0666b02670bbf077ac435e3cddc55a15e
SHA512a1a7fef086526e65184f60b61d483848183ef7c98cf09f05ac9e5b11504696406120ab01da8ed7f35e3145aa5fc54307c9397770681e4d10feea64113e7a57cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD56ffd468ded3255ce35ba13e5d87c985a
SHA109f11746553fd82f0a0ddef4994dc3605f39ccec
SHA25633103b1e4da1933459575d2e0441b8693ba1ede4695a3d924e2d74e72becabd8
SHA5125d5530c57faa4711f51e4baef0d1f556937a5db1e2a54ee376c3556c01db0ddf628856f346057d3849baa5db35603b96a0a9894f3c65a80c947085eb640348ee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5cd0d2416a06cb536af1bc5fcf112e5a5
SHA14fe0832fab2f3652110374216ee9c7fa258aabfc
SHA2561f6c59c76fb8849b9c9ad68be9c51f895707803297cbd9c4a022ba1419643ec4
SHA512a00da8596546c3e44a01ef4db8141d88e00f74e3d41b1809d5d2c22a5a834292f0d8de24471d60d342e71edec1cea328dfa699c9da1375113b27d37ddaa3e8e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5cd3b6fec6263a3b33a6d5f42756d2268
SHA151df7870ca59a401f8d6aa61cef6b14cd075c7d5
SHA256cf32a3f9e2e9f0037a46839060cd61f6aeff5b8ea2842718fec13daa3d0659df
SHA512d9a0d7dff529f4abf4fa722b0d6282c42ae44e51769ffd6cf8c678b84c05e6c3c8de7f4059ac4b8e0521eb8f646c0a7b1af3870159e92e91d34d930c7d5ec20e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5b9463fa4d3a1b0bc6b431cec342e8619
SHA11664626f5a8a4a43f4c26a255958cd04c5183bbc
SHA2561ed2e30082c3e4d88bff9b13770565b576e608162d73f8f1458e0a776e88388b
SHA512aa4244cb8167794b535d352fdb6bc3ec03e17334a702515e5c9ddf2f301867e699bc59fffb2db796e17aebda6b03259ce13b1f5ede65c540dcbef86bf3d0bb48
-
\??\pipe\LOCAL\crashpad_2136_ZUVZBLUBDGUGIPVPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e