Overview
overview
3Static
static
1readme/新...��.url
windows7-x64
1readme/新...��.url
windows10-2004-x64
1upload/dat...x.html
windows7-x64
3upload/dat...x.html
windows10-2004-x64
3upload/dat...x.html
windows7-x64
3upload/dat...x.html
windows10-2004-x64
3upload/dat...x.html
windows7-x64
3upload/dat...x.html
windows10-2004-x64
3upload/dat...x.html
windows7-x64
3upload/dat...x.html
windows10-2004-x64
1upload/dat...x.html
windows7-x64
3upload/dat...x.html
windows10-2004-x64
3upload/dat...x.html
windows7-x64
3upload/dat...x.html
windows10-2004-x64
3upload/dat...x.html
windows7-x64
3upload/dat...x.html
windows10-2004-x64
3upload/dat...x.html
windows7-x64
3upload/dat...x.html
windows10-2004-x64
3upload/dat...x.html
windows7-x64
3upload/dat...x.html
windows10-2004-x64
3upload/dat...x.html
windows7-x64
3upload/dat...x.html
windows10-2004-x64
3upload/dat...x.html
windows7-x64
3upload/dat...x.html
windows10-2004-x64
3upload/ded...it.vbs
windows7-x64
1upload/ded...it.vbs
windows10-2004-x64
1upload/ded...dd.ps1
windows7-x64
3upload/ded...dd.ps1
windows10-2004-x64
3upload/ded...do.ps1
windows7-x64
3upload/ded...do.ps1
windows10-2004-x64
3upload/ded...it.ps1
windows7-x64
3upload/ded...it.ps1
windows10-2004-x64
3Analysis
-
max time kernel
145s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19-08-2024 02:19
Static task
static1
Behavioral task
behavioral1
Sample
readme/新云软件.url
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
readme/新云软件.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
upload/data/admin/index.html
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
upload/data/admin/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
upload/data/backupdata/index.html
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
upload/data/backupdata/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
upload/data/cache/index.html
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
upload/data/cache/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
upload/data/index.html
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
upload/data/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
upload/data/js/index.html
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
upload/data/js/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
upload/data/mark/index.html
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
upload/data/mark/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
upload/data/rss/index.html
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
upload/data/rss/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
upload/data/sessions/index.html
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
upload/data/sessions/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
upload/data/textdata/index.html
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
upload/data/textdata/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
upload/data/tplcache/index.html
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
upload/data/tplcache/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
upload/data/ziptmp/index.html
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
upload/data/ziptmp/index.html
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
upload/dede/ad_edit.vbs
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
upload/dede/ad_edit.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
upload/dede/archives_add.ps1
Resource
win7-20240729-en
Behavioral task
behavioral28
Sample
upload/dede/archives_add.ps1
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
upload/dede/archives_do.ps1
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
upload/dede/archives_do.ps1
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
upload/dede/archives_edit.ps1
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
upload/dede/archives_edit.ps1
Resource
win10v2004-20240802-en
General
-
Target
upload/data/rss/index.html
-
Size
3B
-
MD5
736007832d2167baaae763fd3a3f3cf1
-
SHA1
7ee737c83ee689c96ef37d3a029068c390ebc8f8
-
SHA256
2b64c6d9afd8a34ed0dbf35f7de171a8825a50d9f42f05e98fe2b1addf00ab44
-
SHA512
6beba489cd62566c108b652b7143cb97e007396a0b16ce250d2d0ac6e51ed999e41e96eb497b29efa99d2a15f276d6d531aa9ead15e2c13d77b3846ee45f64ac
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 364 msedge.exe 364 msedge.exe 3528 msedge.exe 3528 msedge.exe 4636 identity_helper.exe 4636 identity_helper.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3528 wrote to memory of 4944 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 4944 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 3544 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 364 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 364 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe PID 3528 wrote to memory of 1216 3528 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\upload\data\rss\index.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81fac46f8,0x7ff81fac4708,0x7ff81fac47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17057638394805713613,16077838636856455257,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1896 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5102e24b39f689a43101c9bef2abe7d84
SHA1cd298b515030c84a39f6f982595715abef6f7b9a
SHA2563291411529e7ef63020d91fdce248216daa6a9bf5524c5a512759de7ef6b120e
SHA5120fd1d006c1228391367f97c3b60a36b45f48d7d35fe8e2f9f63012747ea51b1e1004ae18199f83ebb98bb4db2cdd814b56a53eadd078198e7e5d31140eb2f8db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a627e86c9bd35b7e2866f9be563c095c
SHA198eb3b514307b474087c96dc8f9ba7bc89aed29b
SHA256df7347b0811001cdeba89cce764d52caff535f69352ab244b47385501cedc73d
SHA5122b94f3a4c255511f07c347f797e30ba4341db671bacfa5e9ed271bd8b797ef8ab309eb1085d106f5357946f11f690ff28d9f0ad1931cdb14882b4a34616508b5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD53876f8f65880ab701d180f6407541eb1
SHA1c560bc68c189f07bb1089112d180899c6cce2b5d
SHA2562abe83e68b5ae579465be38b03e6a5b09a25e7fdf82927920fcece5cc65e2225
SHA5121deb474ea320668810f38ad768d099c8262c1805694fd8b57d6480a5a65102ac1c8117d394788af401983bc9cf8647c34465aaa9f99674036047205475b36246
-
\??\pipe\LOCAL\crashpad_3528_GPNMFFESWWSPYOVQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e