Overview
overview
4Static
static
1URLScan
urlscan
1http://www.apponfly....
windows7-x64
1http://www.apponfly....
windows10-1703-x64
4http://www.apponfly....
windows10-2004-x64
1http://www.apponfly....
windows11-21h2-x64
1http://www.apponfly....
android-10-x64
1http://www.apponfly....
android-11-x64
1http://www.apponfly....
android-13-x64
1http://www.apponfly....
android-9-x86
1http://www.apponfly....
macos-10.15-amd64
http://www.apponfly....
debian-12-armhf
http://www.apponfly....
debian-12-mipsel
http://www.apponfly....
debian-9-armhf
http://www.apponfly....
debian-9-mips
http://www.apponfly....
debian-9-mipsel
http://www.apponfly....
ubuntu-18.04-amd64
3http://www.apponfly....
ubuntu-20.04-amd64
4http://www.apponfly....
ubuntu-22.04-amd64
3http://www.apponfly....
ubuntu-24.04-amd64
4Analysis
-
max time kernel
1680s -
max time network
1685s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
29-06-2024 18:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.apponfly.com/test?lang=fr
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
http://www.apponfly.com/test?lang=fr
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
http://www.apponfly.com/test?lang=fr
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
http://www.apponfly.com/test?lang=fr
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
http://www.apponfly.com/test?lang=fr
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
http://www.apponfly.com/test?lang=fr
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
http://www.apponfly.com/test?lang=fr
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral8
Sample
http://www.apponfly.com/test?lang=fr
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral9
Sample
http://www.apponfly.com/test?lang=fr
Resource
macos-20240611-en
Behavioral task
behavioral10
Sample
http://www.apponfly.com/test?lang=fr
Resource
debian12-armhf-20240418-en
Behavioral task
behavioral11
Sample
http://www.apponfly.com/test?lang=fr
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral12
Sample
http://www.apponfly.com/test?lang=fr
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
http://www.apponfly.com/test?lang=fr
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral14
Sample
http://www.apponfly.com/test?lang=fr
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral15
Sample
http://www.apponfly.com/test?lang=fr
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
http://www.apponfly.com/test?lang=fr
Resource
ubuntu2004-amd64-20240508-en
Behavioral task
behavioral17
Sample
http://www.apponfly.com/test?lang=fr
Resource
ubuntu2204-amd64-20240611-en
Behavioral task
behavioral18
Sample
http://www.apponfly.com/test?lang=fr
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
http://www.apponfly.com/test?lang=fr
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3096 msedge.exe 3096 msedge.exe 1028 msedge.exe 1028 msedge.exe 4628 msedge.exe 4628 msedge.exe 876 identity_helper.exe 876 identity_helper.exe 560 msedge.exe 560 msedge.exe 560 msedge.exe 560 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe 1028 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1028 wrote to memory of 4836 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 4836 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 1068 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 3096 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 3096 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe PID 1028 wrote to memory of 2808 1028 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.apponfly.com/test?lang=fr1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff83ba23cb8,0x7ff83ba23cc8,0x7ff83ba23cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,18042931633196531986,14596729023427468802,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4592 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5390187670cb1e0eb022f4f7735263e82
SHA1ea1401ccf6bf54e688a0dc9e6946eae7353b26f1
SHA2563e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947
SHA512602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58294f1821fd3419c0a42b389d19ecfc6
SHA1cd4982751377c2904a1d3c58e801fa013ea27533
SHA25692a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a
SHA512372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD56d0ec9ec5e15dc304e6824f4b9989edf
SHA1e5f04d81c3dd5ecf0e954db33c3066d290100dae
SHA2565bd522c377d3621a412e2a7260c2e01857a15581e83be56ba897373e51313441
SHA5128c78cb0930c28f7cdd60841798d23ef3ae8f7bf56ec2587dc17a48341483978103c6e916ac72d2a2920b80ed5dbe73296976117e55c14da8a28cf6c4a13cfb0e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5ac4d5b4f42b6a352ef71f872b1cbbbe8
SHA1c4ee5e052b727fe199346155d96d43675add2935
SHA25624a0cba7d18866059d366cef7238ceadd5504bfe96b49fed4cf6bae1264d6cd7
SHA512fe338b7c267f4473a5e27818f197c6e50d2389b3dc0ac4e67a58e471f2f7324bab00ba6d953c672d0eba79e8b966d2e4e957ecef76ad1e5d671e73d6c11bcfa9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5813a6d8981f426767e8cf9df91c11a2a
SHA1d34e53a50583a8cb7f58ec63bf814eb3ea69c507
SHA256cae39e9094242ab72d5fecc1ce2099b4dbd7a521f13561588c811a9450f846fe
SHA5123b268c3108c99248afb68e7d0eeccf38c9b199790f47c2f6f7350d6c411baa0e33059dd0d9bb3122512a5861f654f53da9181a6909d0086695b345372d55d50b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f6cedb69f4a30fd13434eed1fc4c0a6e
SHA1e366245f1034360ba760e33d0055f81283764c60
SHA256bf570ea3d2bfdae168b42286c0a129f4bab39ee38d329a657b4983bf4bc61ced
SHA5123b3bc5bafc93901e27fdd2358f734e41e9486cc42c924f91aa37b82f2a7816277df4e3e897ef89a0ce13031ec20b1ccd63df92aec7681beaf4714edbfe155710
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD58b018d32fe53f6d44cb263912984e932
SHA1c89c72075fa0b0e126015ce7a840476d2904e1c8
SHA2562acfc86d13be92747c97286ce3ced8d59ffb36145abf312de00741460ba041ea
SHA512f9c8bfd86e3dbf8bde618bc7cce40454f691194932a73342e2162fd719250dc3248718a1d9c59e4db1dbcd9c5ce6cc85433cfbee89ad82902195f30690bd0c9c
-
\??\pipe\LOCAL\crashpad_1028_BCJTOOKLKIJODDEVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e