Overview
overview
4Static
static
1URLScan
urlscan
1http://115.48.133.62...
windows10-1703-x64
4http://115.48.133.62...
windows7-x64
1http://115.48.133.62...
windows10-2004-x64
1http://115.48.133.62...
windows11-21h2-x64
1http://115.48.133.62...
android-10-x64
1http://115.48.133.62...
android-11-x64
1http://115.48.133.62...
android-13-x64
1http://115.48.133.62...
android-9-x86
1http://115.48.133.62...
macos-10.15-amd64
4http://115.48.133.62...
debian-12-armhf
http://115.48.133.62...
debian-12-mipsel
http://115.48.133.62...
debian-9-armhf
http://115.48.133.62...
debian-9-mips
http://115.48.133.62...
debian-9-mipsel
http://115.48.133.62...
ubuntu-18.04-amd64
3http://115.48.133.62...
ubuntu-20.04-amd64
4http://115.48.133.62...
ubuntu-22.04-amd64
3http://115.48.133.62...
ubuntu-24.04-amd64
4Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
28-06-2024 20:27
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://115.48.133.62:37712/bin.sh
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
http://115.48.133.62:37712/bin.sh
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
http://115.48.133.62:37712/bin.sh
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
http://115.48.133.62:37712/bin.sh
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
http://115.48.133.62:37712/bin.sh
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
http://115.48.133.62:37712/bin.sh
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
http://115.48.133.62:37712/bin.sh
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral8
Sample
http://115.48.133.62:37712/bin.sh
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral9
Sample
http://115.48.133.62:37712/bin.sh
Resource
macos-20240611-en
Behavioral task
behavioral10
Sample
http://115.48.133.62:37712/bin.sh
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral11
Sample
http://115.48.133.62:37712/bin.sh
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral12
Sample
http://115.48.133.62:37712/bin.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
http://115.48.133.62:37712/bin.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral14
Sample
http://115.48.133.62:37712/bin.sh
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral15
Sample
http://115.48.133.62:37712/bin.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
http://115.48.133.62:37712/bin.sh
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral17
Sample
http://115.48.133.62:37712/bin.sh
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral18
Sample
http://115.48.133.62:37712/bin.sh
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
http://115.48.133.62:37712/bin.sh
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4568 msedge.exe 4568 msedge.exe 3348 msedge.exe 3348 msedge.exe 1600 msedge.exe 1600 msedge.exe 3032 identity_helper.exe 3032 identity_helper.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe 684 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
Processes:
msedge.exepid process 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe -
Suspicious use of SendNotifyMessage 14 IoCs
Processes:
msedge.exepid process 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe 3348 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3348 wrote to memory of 4188 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4188 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4036 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4568 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4568 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe PID 3348 wrote to memory of 4260 3348 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://115.48.133.62:37712/bin.sh1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd3ed73cb8,0x7ffd3ed73cc8,0x7ffd3ed73cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,425338901863316601,5441444948158895951,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2428 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5390187670cb1e0eb022f4f7735263e82
SHA1ea1401ccf6bf54e688a0dc9e6946eae7353b26f1
SHA2563e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947
SHA512602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58294f1821fd3419c0a42b389d19ecfc6
SHA1cd4982751377c2904a1d3c58e801fa013ea27533
SHA25692a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a
SHA512372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD576fae8b0bafba3e6dfffd66b807d2f61
SHA12d813562b6d8951f9050e9850e614f5ee950784a
SHA256beb6fdd355fc00b8e5b0e97989346f23b4206a660d6aebd95edf2607b503729b
SHA5120a38f353a7c88a56ecd8f63f64c6608df7446e82114cefa75146786d8dbca9f370d347985a0b3bc87cb9cb0e2a7f4e955172fcca618ec010eec17b4a0f7b7d88
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5797e7ebeaf953a1a0996a6649a031441
SHA187ea648d0d64c0ff76f3f59edb1268537b424848
SHA256ad072e9e63005f7431b19d9741fe4abcc23d173c98ca29d0048959626c281bc0
SHA512614548aeefc888a58371f91c238d9560036c34844fd7b16024b7b08007aa9fcdcd25d03578fe414666467cb7ad9cdc587b6dc0cdb91fc0ab2688cd4dda43deb7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD570f601c778b5c158c2972c49d7f5e0c1
SHA118347d5e9104d219334f33cbd60d967ccffbe74f
SHA256aa5f9dfe73a1d505837136561b712eb27d3f7266899b2d1ad01012db83a5630e
SHA51298053f2fcdd8292c59e922137ab4662a3195fa607ab33e90620ee6377ab8127ed9adc9ad9568139ed09ecea2507a4ffc0ced0ab4138a9ca4fa1c6da3998eaab6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5a2af303b0f47af773ee1486729aab5e9
SHA1d2baacd4ccbc436bab87a4cd4fc18c742825df39
SHA256c49b6b810dabab7825ffd79de46ee067ec985fae3a0400d58a98c97358004d6d
SHA512198f0e9326123d57b9c8721de0d1ec4e8c0a52fd50903328d84364cccbfb0f146213b4c0087b9b6b9b73dc9c97827d6a51d4bf5a5267a2bccbceca7957703733
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD59cd27c7356402b06dd5c21225c384af5
SHA16c7a73b392373717dbc3db6517275d055835824a
SHA25673a5f59319c2b3f74a54bfbfd7546dff3f2f7402b749ee55e671e61e8b936003
SHA512b0316d7dcc6b2b9fb366edfbd25ce2e0435a32eacfd054ceea797d832a8d203061e1926e362f0d8fa3d238f4e3b6a5eb3933f50db1f0f95481ee43920a9c1a2b
-
\??\pipe\LOCAL\crashpad_3348_WVMJENUTSZDQFBGAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e