Overview
overview
4Static
static
1URLScan
urlscan
1http://www.apponfly....
windows7-x64
1http://www.apponfly....
windows10-1703-x64
4http://www.apponfly....
windows10-2004-x64
1http://www.apponfly....
windows11-21h2-x64
1http://www.apponfly....
android-10-x64
1http://www.apponfly....
android-11-x64
1http://www.apponfly....
android-13-x64
1http://www.apponfly....
android-9-x86
1http://www.apponfly....
macos-10.15-amd64
http://www.apponfly....
debian-12-armhf
http://www.apponfly....
debian-12-mipsel
http://www.apponfly....
debian-9-armhf
http://www.apponfly....
debian-9-mips
http://www.apponfly....
debian-9-mipsel
http://www.apponfly....
ubuntu-18.04-amd64
3http://www.apponfly....
ubuntu-20.04-amd64
4http://www.apponfly....
ubuntu-22.04-amd64
3http://www.apponfly....
ubuntu-24.04-amd64
4Analysis
-
max time kernel
1680s -
max time network
1686s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
29-06-2024 18:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.apponfly.com/test?lang=fr
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
http://www.apponfly.com/test?lang=fr
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
http://www.apponfly.com/test?lang=fr
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
http://www.apponfly.com/test?lang=fr
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
http://www.apponfly.com/test?lang=fr
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
http://www.apponfly.com/test?lang=fr
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
http://www.apponfly.com/test?lang=fr
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral8
Sample
http://www.apponfly.com/test?lang=fr
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral9
Sample
http://www.apponfly.com/test?lang=fr
Resource
macos-20240611-en
Behavioral task
behavioral10
Sample
http://www.apponfly.com/test?lang=fr
Resource
debian12-armhf-20240418-en
Behavioral task
behavioral11
Sample
http://www.apponfly.com/test?lang=fr
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral12
Sample
http://www.apponfly.com/test?lang=fr
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
http://www.apponfly.com/test?lang=fr
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral14
Sample
http://www.apponfly.com/test?lang=fr
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral15
Sample
http://www.apponfly.com/test?lang=fr
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
http://www.apponfly.com/test?lang=fr
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral17
Sample
http://www.apponfly.com/test?lang=fr
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral18
Sample
http://www.apponfly.com/test?lang=fr
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
http://www.apponfly.com/test?lang=fr
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1284 msedge.exe 1284 msedge.exe 1412 msedge.exe 1412 msedge.exe 4536 identity_helper.exe 4536 identity_helper.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe 4328 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe 1412 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1412 wrote to memory of 1028 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 1028 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 5340 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 1284 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 1284 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe PID 1412 wrote to memory of 2984 1412 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.apponfly.com/test?lang=fr1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4fd346f8,0x7ffe4fd34708,0x7ffe4fd347182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,6256893130845745805,394431857312285842,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506Filesize
328B
MD55f98ba809389c17c601369c520a07c02
SHA171f086d50a6d8d603b3c7ddd78eb431e54f6263a
SHA25622d355dbfb107e88adf3292de171328d8ec4c54e09d50e4341a51e5ae2589fe0
SHA51229a3c791cdcfaef01662efd151ffe4ecce79243c07caabb53ba951e0bb07a48ca3ca172cb1a47fa28a955b0a0246c75458ccfa65e70b4e0052fd7cb009c51f6c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD50022d525932e170cae9461985f70bdf2
SHA1d42eb54561c42dc4bbe2be06f11ccfa5ddc064b8
SHA256a0861ecd0157c69980c7f32d1cd90ca4998bf4ca127d81b5834f40d41fb0bc93
SHA512886dc30c82971e4d84df193bd1af5e88210cfd438645dbfbe059c85c4ba2d8444a36263011c3eca9cb695e1107f44f8be107cf57843e2cc15df0bc3e8f0e9a5e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5aa9d879735e2044e78ebd7c8ce7e2cb9
SHA13ba5f04faf382610ea693790deacd88bd5218e88
SHA25676a174bbba4c6eae440af58c452d2be0d30a1b877c8e7c1b926584c98aebd219
SHA5125c276fc6154d0f52407b952ab5748f15459c5ad1bc1dc6953b5047de3b1a241fe517aa974433d37c94d86014da4eb87facf092fd3047d53debd53677e40e1e36
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD54f78841ead72a1a4e06826a95a8efd29
SHA10bc3e7da453f48631ba0242ffe249f4be4302193
SHA256a9a74890f686f94177ee4f1b6f3a5e9ca5d60d1a6b742d5324f00b6ba63a738b
SHA512e85f4297d94eedd44992a0b6126d1d23ed2f776106a32a19445a762fc04b56beb4e3c4808be5798bfb3db812352b319c6beb2e73928d6ab26a47afb98f5e3a3d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD50b86a7a3a9f76e8da112e43dc30f8bb7
SHA1f6527757ca3ff4efc7f28e9956d0ab09e5a26402
SHA256f1c2e1bf754c2b60d9fd20432b47bd114902e133cb6af7d70c2eb856d01c95b5
SHA512ff234f147ae2bb68456850365212b4e5ee67e90b7bc131f2d4e95dc3936495609aba348beb86aefa1e41da8af0b3368b7501deffc7680f89047aa46b13f1842b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5f2be188f03689a2d48adc69db36dc917
SHA16e4aa00ba397093b3121f1a15507396c02fffdfa
SHA2564916a38ea89e6a19acf1174a2b2291b9723f0d3e663d479b81307be35da33260
SHA5123133d9251de92c0ec794946abc3a150f87e4821e55c4a37b909b5d74e5923e4a50a0643641b01a90f8acb75ec544d7ccdeb481d3aa4e9b19542ddc323b016d16
-
\??\pipe\LOCAL\crashpad_1412_BWLGTRKJRVCKEOUZMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e