Overview
overview
10Static
static
10ed03f8136c...18.exe
windows7-x64
7ed03f8136c...18.exe
windows10-2004-x64
7$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...om.dll
windows7-x64
7$PLUGINSDI...om.dll
windows10-2004-x64
7$PLUGINSDI...ry.dll
windows7-x64
3$PLUGINSDI...ry.dll
windows10-2004-x64
3$TEMP/v.vbs
windows7-x64
3$TEMP/v.vbs
windows10-2004-x64
3$TEMP/xcmd.exe
windows7-x64
9$TEMP/xcmd.exe
windows10-2004-x64
9$_48_/$APP...md.exe
windows7-x64
9$_48_/$APP...md.exe
windows10-2004-x64
9$_48_/1.html
windows7-x64
6$_48_/1.html
windows10-2004-x64
1$_48_/3.bat
windows7-x64
1$_48_/3.bat
windows10-2004-x64
1$_48_/3.vbs
windows7-x64
4$_48_/3.vbs
windows10-2004-x64
7$_48_/qq.vbs
windows7-x64
3$_48_/qq.vbs
windows10-2004-x64
7Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11-04-2024 08:42
Behavioral task
behavioral1
Sample
ed03f8136c974575f1995a02588027fd_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ed03f8136c974575f1995a02588027fd_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/MakeDll.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/MakeDll.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/registry.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/registry.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
$TEMP/v.vbs
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$TEMP/v.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
$TEMP/xcmd.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$TEMP/xcmd.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
$_48_/$APPDATA/xcmd.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
$_48_/$APPDATA/xcmd.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
$_48_/1.html
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
$_48_/1.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
$_48_/3.bat
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
$_48_/3.bat
Resource
win10v2004-20240319-en
Behavioral task
behavioral29
Sample
$_48_/3.vbs
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
$_48_/3.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
$_48_/qq.vbs
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
$_48_/qq.vbs
Resource
win10v2004-20240226-en
General
-
Target
$_48_/1.html
-
Size
321B
-
MD5
a0238afd1edbd480243061ba3a1469fc
-
SHA1
40a15406c5deb21f6ad07b6da337f549257840c8
-
SHA256
0fd737d043eadbdd0ad65e03ffd45c6b010b302a0be68ba2c8d5994bae3ef835
-
SHA512
721dd8d512797677f46d7da349f2d47edc8581ffa1481883423b04d41eb09c36aa30e5bc8348b17ec5981cec8ad81dfc7e19977b7b0f46a439690d95f088d7ed
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1140 msedge.exe 1140 msedge.exe 5060 msedge.exe 5060 msedge.exe 1640 identity_helper.exe 1640 identity_helper.exe 3620 msedge.exe 3620 msedge.exe 3620 msedge.exe 3620 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 5060 wrote to memory of 1656 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1656 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 2332 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1140 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1140 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 1196 5060 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\$_48_\1.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf63d46f8,0x7ffdf63d4708,0x7ffdf63d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,8877515609758252557,5731531436441266711,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3196 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57c6136bc98a5aedca2ea3004e9fbe67d
SHA174318d997f4c9c351eef86d040bc9b085ce1ad4f
SHA25650c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2
SHA5122d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55c6aef82e50d05ffc0cf52a6c6d69c91
SHA1c203efe5b45b0630fee7bd364fe7d63b769e2351
SHA256d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32
SHA51277ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b69dae14b70df9c51cbbc93e3c47a01c
SHA1567fd77a592ab55a18bb56558b03fca17574c2a1
SHA256467d2c644a3195e881147219467be5aac780d10e127b2d944a586c23fe43c751
SHA51212f80a7ca1fb78e8c90fc32d9f25bd7b76c46ca966d85fed56d3ce3c28b340cf01bd922985b66b08dd4f72faa8aae8538b29f205fefe645e59927068fcc81463
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5bc8e87a74f94c1122e12e46fe1149c1a
SHA18c6d9f0bccaa9548ef97e03dee8b3b4716275aba
SHA256b85a576d392e24ff94d24641b909070d77412e5209e8e26684ecbca3cbba2799
SHA512ffae25eeacc60fa5267660546b008600ccf946b51d0c8fe6dd4a582e704875151b76c25110c9c7e304b8ee7647afa4c2fc9789b5714c38351fda097bf8cbf9d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD543760388f2bf22cc6947f194b736dda7
SHA11ca7ccb7fce26210152e35a778052e4a9704f239
SHA256e026e339b834df1ecac8008f44dd1c75e049a5b127f2b91004a41e8fae721399
SHA5120b0179438096720565143d356932ab3ef4984b80839c46503dfa6065cc4901e912eb81b1e0d49f22814adf3f0c10028de55585624b413117735914261def9bf3
-
\??\pipe\LOCAL\crashpad_5060_PYUZXRTPIQEZMFWKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e