Resubmissions
30-04-2024 05:29
240430-f6xncade75 1011-04-2024 13:06
240411-qb4taafb9w 1011-04-2024 12:33
240411-pq9seaeg2z 10Analysis
-
max time kernel
1745s -
max time network
1749s -
platform
windows11-21h2_x64 -
resource
win11-20240214-en -
resource tags
-
submitted
11-04-2024 13:06
General
-
Target
ed6e7169456ef1f41f6a45812dda7d98_JaffaCakes118.dll
-
Size
56KB
-
MD5
ed6e7169456ef1f41f6a45812dda7d98
-
SHA1
c82733e2d394b272db6cbf49aa8a1207c8d9fb87
-
SHA256
85b53edb2e3476bdb29f98bd19c56baa0205e6620917e654cbe81c9745d6193d
-
SHA512
0e7d3dbe68de4301501df68b1eeb36bf68ca3ea61091710352f68f09f8f9b8b96888ccb2419330b2fbd7b592bd98b583aaea818345c87d591b9b0a96845b8d87
-
SSDEEP
768:65h+QW4yKs5INTjabOSQwrPG12nFb5GnVWs6k:63XWNKQ2jnSQyNnFbgN
Malware Config
Signatures
-
MountLocker Ransomware
Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 24 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed6e7169456ef1f41f6a45812dda7d98_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed6e7169456ef1f41f6a45812dda7d98_JaffaCakes118.dll,#12⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\\0E57703E.bat" "C:\Users\Admin\AppData\Local\Temp\ed6e7169456ef1f41f6a45812dda7d98_JaffaCakes118.dll""3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib -s -r -h "C:\Users\Admin\AppData\Local\Temp\ed6e7169456ef1f41f6a45812dda7d98_JaffaCakes118.dll"4⤵
- Views/modifies file attributes
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exe"explorer.exe" RecoveryManual.html1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RecoveryManual.html2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea5b93cb8,0x7ffea5b93cc8,0x7ffea5b93cd83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7436 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,18398526303744310459,8995226487912169525,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2872 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\RecoveryManual.htmlFilesize
2KB
MD58cb3c62991fadb310f541c44adc77321
SHA1698b4ffbe757a1cfac80eff1ef3c70fbf99b7024
SHA256a35d583b16ef8f7fb2c1f59b0034dbc0c3112886ac53028f05c00fdb8ad8c83f
SHA512e007ef243b9335d7433ada241697b2e836b6526e65ce74f690015a0dd37bed42e79d6e65d5007550312637c63357ad8af81997d74f35f9da1ba037387ac7af3a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ba1c5b9adde1c63093e16360c36d5ec8
SHA1f701c2984b3c76b6fa7c4e10689bb2cf5c1de3fa
SHA256e38528af753eee5c8ebab6bc0758b95b59b532a905657709c440e332dcd3f49b
SHA512912efca5a576792c9f668a65c4a427a7045ced04e91736b61e2fd3bc35d64d4b0720d8ad13457bf052e2582fad71637e48daa39ce7ce2ac26c2199aa29de79b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5beb8cd349a8d874a2a757857b4b2525c
SHA1e309aad4d5b5f43651e08500ca6ce6bbf1765d3a
SHA256f307c80780521bb0ca2e8debd908ddf9e566cd162c630a69f70e8528e29822b0
SHA5128f5dd0be927defe5aaf0e5fdc0c0cf22fdfb9e5d4966eaf00e54e56c76395f35eae187ccc3fb74c93d70f74cce8bf2d4f2c1583273f432bd8d5087b29da24f65
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD528737a876e5de68abaf2eb678f8eb05a
SHA1eaa2f6b6014ecd9e0bb48a9bf13ec4d98e9a360f
SHA256ccc3fa35c8bc0502a0950ff4aa41c6a6f278c9389582d17b9bea1bce1c0c0cac
SHA512b10de513c5ddf9fdf1aa1629877b886e24446b10708e04593b8225c892d869a9897c9f6f17714ec738627193aabeda55a1887de81261230aa3eb640f7dfcf6ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\throttle_store.datFilesize
20B
MD59e4e94633b73f4a7680240a0ffd6cd2c
SHA1e68e02453ce22736169a56fdb59043d33668368f
SHA25641c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\52acc10d-d656-47be-9815-a003129803b1.tmpFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0Filesize
44KB
MD51bdfe28ca4dc0a541860c640ef53ff11
SHA11f081c6ecc8dd31182d32b38971c11515428881f
SHA25625808d516b3afeed46630ed0fb34000a4978c8e800942c296d2e5d7d06dda625
SHA51215a7b5fbe1e4013c38e3cb160bfebde3d9050226b03456043e2d3d3fbcc91ab032265d174908b5000c4a41adfecff4c95f6ac641de4fdf82649cc6af01d2bf5c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD5ca0a5d545bee31bb82bb242e0f79a665
SHA109e17cb109dfe68e3778e79a8a1e45dcefa5a255
SHA256172c8ad77b374395199395fa432bbee14ef5a3da74fd4ddbcdc48e46eab19a08
SHA512429d9e5052817e271db67e7e3874ea2af119c54a1bcf02c60e739b545805adfabaa366af28603e40bb997b684b00bbfbc973a182e0fe41d84e3f703bcdeb105d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD5777758347084bcb42123e65808e4487c
SHA147da1943bcb9b45d00909dcf68a722c96a4c6ddc
SHA25646cf0369812b5804841ff0e15b83a11f35262b8db87fcf1288f6f1337052ce94
SHA5129773b442a635f6c689656cdc96e1d78a2b868b953e517b73ba780d418b0206875b9818a1655a3c38992d51c37be0dcce20bfa3d66f04fed19a00825e2125e2f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD519fc9ec722fc3656a4cc0a5ccf70fca8
SHA1e2e74a940a5a38bf2bd1b248179a75536b57455b
SHA2561300102a40b5dab33a7fb8da20f3cc0dac29708c55e1e96c410c0f693cd6ce56
SHA512017501d9e3ab2d4fc104b7c051b8568fd7b5a6946646d31df5e7023a98c3e3b12ac54738800a7055145de1e7ed64811cf431d20119c9e0dd3b20b50f2ef2ef9a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
26KB
MD5f7814f4a61d8972df089d6affdfb5f85
SHA1ac54c437efc794c005206205364f68ae184f8651
SHA2561a2234e052a9534739a0790ec601eb45507f800697c37610421fe3231105637f
SHA512b6fcf79d27455c6a7a8cb073034b5f300482cced779b77d6fb11c0776495b1253060eff4403339cb1c8bb7145b7f954aeafeafa20455513e0122000ea5970f2e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RFe5860c8.TMPFilesize
25KB
MD5542ad2a945a70cde0e63f344e1163dbb
SHA133d3f0d370fc6c243b79c39d76975a534a849673
SHA256e1e26dc36fe80df3792c399fa916d16dc56f8033c305dfb65dba1e33b3664998
SHA512a3b2911c5a01a3becb12e600ad0f22e8be4f337447d935dffc89b6648370583538f2ff86bb159449c902d95bd5debaa5fe1c433e43f5abed8d053f8897c536e7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e4acb7a7-6711-49b0-bbd9-06130c83089c.tmpFilesize
4KB
MD5d21ee6b7a7e5a4d02c31db9fdf5ee985
SHA163c8a46b72b14f101c0ba297d0e5a479a56bb3c2
SHA256e9d0484c49a3f190fd52d22f3ada81d4155b05ad92aa43f6b2df0974303c3f7b
SHA512937bbd4b372e60b8faad3d1ba973c771028cbf055c9ec38cc0913a12e7fa22d87f7133aa003d69cd10d0e062a5c99e6acb1fbedffddbbd193480c8cf1719ca7d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5f9d74c648b03c2b542a85eacf557dbf7
SHA1641c1208687050edcd9c89ad6f40764ab81500ed
SHA25612d0f2782e15fbc2363ce55446cbf97968f5fa6daa9fba7522fc9ba136c82586
SHA512ad2581e4f031f60f38a18e1c96f66a56e66a57782d383aa09ee255cf9045986ce688fe22fdb63fcaa96e860e06c7705e6863aa407e1aee74894b6b19844140eb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State~RFe588548.TMPFilesize
9KB
MD5da33b1dd137fcfb4beb21a46724711ba
SHA1dce860200090b94d79168e2faf6411e2bed0af7a
SHA256422f32b0de3397b8f5d9cb3d2bfc9f9c98db8860d8db8369595430938b8ff49e
SHA512349690a3994898f52af2b0557d4136cf5a296b899f5e323c6de52dc504c72db2abf4cabf66a90e726b60d44977b44bf9ad20b4d6e7b1b31bef3554238717adde
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
11KB
MD5e3b6a0110df2c31bfea0b9c962b5931d
SHA1dd63409db214a27374a41e3e5966e3768e991488
SHA256a32cf451972383871afd3a27103036c96f29848612e39436441e023fdd22c28d
SHA5129e55495ac0c179cf30cc0b563958bda98e15dde4eeeb61f600a59a09ef3fbc8eec959bc7792f876bce43ac0e252f9b3a83360e503c1cf012d795243a21134161
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
11KB
MD53c0b1b1f6326a3e62d45ca5721f8ff7d
SHA17eb8620130617d3efaab96ee505d1cfa3252e4b6
SHA256f5dad65983772d2e7732adf38262d3ebd1ec0bc0fa8b284fc37c0be671496d69
SHA512802b390c1888f9192a6256c399aef5602c0b7eed264355ee302206ec51c64d5d1bd60743f213572c2f946cc03ed873fe614988f4e583c0ba563ca705f75399dd
-
C:\Users\Admin\AppData\Local\Temp\0E57703E.batFilesize
65B
MD5348cae913e496198548854f5ff2f6d1e
SHA1a07655b9020205bd47084afd62a8bb22b48c0cdc
SHA256c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506
SHA512799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611
-
\??\pipe\LOCAL\crashpad_1932_KTNYBWMYYOLMRNMZMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e