Overview
overview
3Static
static
1Ad/Index_A.js
windows7-x64
3Ad/Index_A.js
windows10-2004-x64
3Ad/Top_3.js
windows7-x64
3Ad/Top_3.js
windows10-2004-x64
3Ad/ad6.htm
windows7-x64
3Ad/ad6.htm
windows10-2004-x64
3Ad/新云软件.url
windows7-x64
1Ad/新云软件.url
windows10-2004-x64
1Admin2000/...ss.vbs
windows7-x64
1Admin2000/...ss.vbs
windows10-2004-x64
1Admin2000/...ig.vbs
windows7-x64
1Admin2000/...ig.vbs
windows10-2004-x64
1Admin2000/...ta.vbs
windows7-x64
1Admin2000/...ta.vbs
windows10-2004-x64
1Admin2000/...he.vbs
windows7-x64
1Admin2000/...he.vbs
windows10-2004-x64
1Admin2000/...te.vbs
windows7-x64
1Admin2000/...te.vbs
windows10-2004-x64
1Admin2000/...le.vbs
windows7-x64
1Admin2000/...le.vbs
windows10-2004-x64
1Admin2000/...ML.vbs
windows7-x64
1Admin2000/...ML.vbs
windows10-2004-x64
1Admin2000/..._S.vbs
windows7-x64
1Admin2000/..._S.vbs
windows10-2004-x64
1Admin2000/...ex.vbs
windows7-x64
1Admin2000/...ex.vbs
windows10-2004-x64
1Admin2000/...ie.vbs
windows7-x64
1Admin2000/...ie.vbs
windows10-2004-x64
1Admin2000/...an.vbs
windows7-x64
1Admin2000/...an.vbs
windows10-2004-x64
1Admin2000/...el.vbs
windows7-x64
1Admin2000/...el.vbs
windows10-2004-x64
1Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28-08-2024 10:29
Static task
static1
Behavioral task
behavioral1
Sample
Ad/Index_A.js
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Ad/Index_A.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Ad/Top_3.js
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Ad/Top_3.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Ad/ad6.htm
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
Ad/ad6.htm
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Ad/新云软件.url
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
Ad/新云软件.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
Admin2000/Admin_Class.vbs
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
Admin2000/Admin_Class.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Admin2000/Admin_Config.vbs
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
Admin2000/Admin_Config.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Admin2000/Admin_Data.vbs
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
Admin2000/Admin_Data.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Admin2000/Admin_Delcache.vbs
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
Admin2000/Admin_Delcache.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
Admin2000/Admin_FriendSite.vbs
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
Admin2000/Admin_FriendSite.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Admin2000/Admin_FsoFile.vbs
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
Admin2000/Admin_FsoFile.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
Admin2000/Admin_HTML.vbs
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
Admin2000/Admin_HTML.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
Admin2000/Admin_HTML_S.vbs
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
Admin2000/Admin_HTML_S.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
Admin2000/Admin_Index.vbs
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
Admin2000/Admin_Index.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
Admin2000/Admin_Jie.vbs
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
Admin2000/Admin_Jie.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
Admin2000/Admin_Juan.vbs
Resource
win7-20240729-en
Behavioral task
behavioral30
Sample
Admin2000/Admin_Juan.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
Admin2000/Admin_Label.vbs
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
Admin2000/Admin_Label.vbs
Resource
win10v2004-20240802-en
General
-
Target
Ad/ad6.htm
-
Size
959B
-
MD5
09b6d6aca205272031fbe00bfe9ebc5d
-
SHA1
29014259dcd272312f45c5785339127b35420be1
-
SHA256
f29c48109dc280be1c6d4e666e6905019badfd91bbf264e9be2c99ebe5ab63af
-
SHA512
814e5d3a4eb5b9a11669f4d8118526f73d53f95198b9e94aeb7f11ce0600a96b1945e39dc5e3135b669949c3194a943806bddbe54a192f66f2b1401e97b393fe
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4696 msedge.exe 4696 msedge.exe 3148 msedge.exe 3148 msedge.exe 2256 identity_helper.exe 2256 identity_helper.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe 3492 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe 3148 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3148 wrote to memory of 212 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 212 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 224 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4696 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4696 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe PID 3148 wrote to memory of 4676 3148 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Ad\ad6.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8156b46f8,0x7ff8156b4708,0x7ff8156b47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4504119240488680646,7967408832226316542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3ae92320-8424-4ac8-a1a4-8ee737363670.tmpFilesize
184B
MD516478f7383be16eccdeac1cb97d5ecbb
SHA12f367117b322cb350c40061ebb57978572cc3255
SHA2562202a9394a570f9c3063b8cbe42b8244a3c4af354f0eca5ac0a95935c8dcfce1
SHA51206e981266fe549c65660625b52e27237a0a91dbc4bb9f5b28661dd66ebec05700a3180f0be74013ceb976bf9e7fe2bc639fe9bebfa1da9a3f074451f10fb973a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5ced363e9418382156f6c9aff87b2367a
SHA1bfc91aebcca0fb9e45c3735bdb37cfdaa361b6e0
SHA256ea57c1559ea837520609d7be54a46531e2af3dc2dc0e66f9f7884824621ec7ce
SHA512236aea3ef2da0c68f6b8b1d495057a14d696238ee0095632c68a1866193349ace61516dbd446970f7e41b55985a7047a3d4cde9a519d3de1282ba688dd6dfa76
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD57c423deb08c998a9625fedaafcbed2e6
SHA12d67bbc1027e3f8743428b1fab164ce1771e6b36
SHA256e58c77bdf3db06b2e67cd6348bbb72cd2aa277b02de464d683a4e03c7f05453d
SHA512f461b95af22a2fa60411765d1c43368dd7023b720d295564eae35bc3a48bea2e7589e5ff0aedc8762497e6345927900174f8dadcf07d1aa536cf6c6b6299f318
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5dec4c2fbdf62ad81747163c28551b004
SHA1b07a51da5b85f20a3819b80cda429200915c2fdd
SHA256f63917e5014f719406fbb37258668968cf228c24059f48042c41ab7d048dea2e
SHA5122d75a7f9830c1106626905cd21e29ae9954cd6b6805de7a9b6af7cabf59dcc7fa1b26e300ff7b00bbe613b236549da32895076a542796c28326b32f9fd491fd3
-
\??\pipe\LOCAL\crashpad_3148_RLTXCDNUFXNWTYPXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e