Overview
overview
10Static
static
10kayflock-beta.rar
windows7-x64
7kayflock-beta.rar
windows10-2004-x64
3kayflock-b...I2.dll
windows7-x64
1kayflock-b...I2.dll
windows10-2004-x64
1kayflock-b...nt.dll
windows7-x64
1kayflock-b...nt.dll
windows10-2004-x64
1kayflock-b...on.exe
windows7-x64
1kayflock-b...on.exe
windows10-2004-x64
1kayflock-b...ck.exe
windows7-x64
1kayflock-b...ck.exe
windows10-2004-x64
7kayflock-b...us.dll
windows7-x64
1kayflock-b...us.dll
windows10-2004-x64
1kayflock-b...ne.exe
windows10-2004-x64
1kayflock-b...vc.exe
windows10-2004-x64
1kayflock-b...er.exe
windows10-2004-x64
1kayflock-b...ic.exe
windows7-x64
8kayflock-b...ic.exe
windows10-2004-x64
8kayflock-b...hh.exe
windows10-2004-x64
1kayflock-b...ad.exe
windows10-2004-x64
1kayflock-b...64.exe
windows10-2004-x64
1kayflock-b...32.dll
windows10-2004-x64
1kayflock-b...32.exe
windows10-2004-x64
1kayflock-b...te.exe
windows10-2004-x64
7kayflock-b...nt.dll
windows7-x64
1kayflock-b...nt.dll
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15-04-2024 06:42
Behavioral task
behavioral1
Sample
kayflock-beta.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
kayflock-beta.rar
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
kayflock-beta/Guna.UI2.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
kayflock-beta/Guna.UI2.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
kayflock-beta/System.Management.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
kayflock-beta/System.Management.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
kayflock-beta/byfron.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
kayflock-beta/byfron.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
kayflock-beta/kayflock.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
kayflock-beta/kayflock.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
kayflock-beta/nexus.dll
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
kayflock-beta/nexus.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
kayflock-beta/packages/ranks/HelpPane.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral14
Sample
kayflock-beta/packages/ranks/bfsvc.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
kayflock-beta/packages/ranks/explorer.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral16
Sample
kayflock-beta/packages/ranks/fullstack-magic.exe
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
kayflock-beta/packages/ranks/fullstack-magic.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral18
Sample
kayflock-beta/packages/ranks/hh.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
kayflock-beta/packages/ranks/notepad.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral20
Sample
kayflock-beta/packages/ranks/splwow64.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral21
Sample
kayflock-beta/packages/ranks/twain_32.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral22
Sample
kayflock-beta/packages/ranks/winhlp32.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral23
Sample
kayflock-beta/packages/ranks/write.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral24
Sample
kayflock-beta/runtimes/win/lib/net6.0/System.Management.dll
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
kayflock-beta/runtimes/win/lib/net6.0/System.Management.dll
Resource
win10v2004-20240412-en
General
-
Target
kayflock-beta/packages/ranks/winhlp32.exe
-
Size
11KB
-
MD5
0629e6d130f226c009ea9ab329f37acc
-
SHA1
1529c6cf3265311b690992dc975443b35177bc7c
-
SHA256
4fce997bdd3475c42ba856d8c288fd4f9f91fd1370075ad7e0b11b1e71ae69ce
-
SHA512
a36f25cd5b79891f0cc5a8e85636ce4ef10c91ec6d6c7c0f5c5b622d0af1f4f400c864d331caffaa8a51d9a2734777b5b9ce87cabb7667a9aceaf8837e88c847
-
SSDEEP
192:ZomhYgSgGvZx5qdoth1Pdk7WneHWGhh4j8q05:L67gGnP7q7WneHWGhh44q
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1516 msedge.exe 1516 msedge.exe 2796 msedge.exe 2796 msedge.exe 4356 identity_helper.exe 4356 identity_helper.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
helppane.exemsedge.exepid process 4844 helppane.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe 1516 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
helppane.exepid process 4844 helppane.exe 4844 helppane.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
helppane.exemsedge.exedescription pid process target process PID 4844 wrote to memory of 1516 4844 helppane.exe msedge.exe PID 4844 wrote to memory of 1516 4844 helppane.exe msedge.exe PID 1516 wrote to memory of 2820 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 2820 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 3500 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 2796 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 2796 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe PID 1516 wrote to memory of 528 1516 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\kayflock-beta\packages\ranks\winhlp32.exe"C:\Users\Admin\AppData\Local\Temp\kayflock-beta\packages\ranks\winhlp32.exe"1⤵
-
C:\Windows\helppane.exeC:\Windows\helppane.exe -Embedding1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=5288812⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc950646f8,0x7ffc95064708,0x7ffc950647183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9696010659802462239,8349682164559065388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5846ce533b9e20979bf1857f1afb61925
SHA14c6726618d10805940dba5e6cf849448b552bf68
SHA256b81574d678f49d36d874dc062a1291092ab94164b92f7e30d42d9c61cc0e77c3
SHA5128fb228fae89f063159dabc93871db205d836bdb4ec8f54a2f642bd0b1ac531eea0c21234a8ca75a0ae9a008d2399a9bf20a481f5d6a6eab53a533cd03aeaaa2c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5104aab1e178489256a1425b28119ec93
SHA10bcf8ad28df672c618cb832ba8de8f85bd858a6c
SHA256b92c19f079ef5948cb58654ce76f582a480a82cddc5083764ed7f1eac27b8d01
SHA512b4f930f87eb86497672f32eb7cc77548d8afb09ad9fdba0508f368d5710e3a75c44b1fd9f96c98c2f0bd08deb4afde28330b11cf23e456c92cc509d28677d2cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
480B
MD56545b0df9da2a983fa46cf9e526fd17a
SHA1bc53bfb82902230b43e1d7051334f584451478f0
SHA2561161da7e054eda43d685915f123c8e74803410828c12b8c0305896e41a39c708
SHA512e61f6edfec6dfe34d4aedf5eea13244447cc1dfb2e9811bb6d9c52b8dcfb85f6fe3df1197c5e6de525003a6bcfee6ec1e2fac544baf89dad75f1c4b6cd48be2a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5b222361ea398efad3c0d95ddebf34015
SHA1f5db1a8d4fa588466b9532c388a57aa8dfc6cb52
SHA256b8cbfa382952704077042d3ee0d97f9ac8566c709839ad1dca19904b32fd6a03
SHA512cac3045d7c554cf6f88e82f76a7c365c3c56da4e0f8250232a66fe17e68707fbf267b2cecbf4276418b50bd0f9be8f89b784a27e8d7895bb45d07c095c1ec3d6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD53023f54f23af718d6ed964bbcf6a8a81
SHA10b976b0cc50247257ca368f60f5ae931267dad24
SHA256308dda51a76cd0531d27c0dc01e7f13dad759d62b48736c31387532029c4b3a5
SHA5125215ef1ff7b3a449a18ca6c0a08945b8a9ee7546bfd17cdf31920e51123de5f5f474a628100e8229649ec4d89ccdffd9808350ff01b8c9bb3451f4e69d97a7d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51eb81f92356ecf8d03b07cc5f8440ca4
SHA159ddb71974048d8bb53c72478855563b18969829
SHA256f60bdbf1cbbfa05b2b556018445096d6e53eb9ab853a84484d634e10b8f0806e
SHA51213b09861fbacef1e6af094d7108b568d2e219c29af1b0cf71ea52f01b4ce8b1131658bde5d74e7bcc5facc8f8f92fb60cf06d791a5bf2a4e9d134c5a7033d1cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD56da580fa5fae6b2c9a1aa52041c80efd
SHA13a4dbd36dfa01881e15bd3ff952fcbcc1bbc4fcd
SHA25655a409b056d713ca12b8a5ee3cd24624d1996bb0a17274240b59208639574722
SHA512b307b2c3d9e1fd842019251c382684f21e2a13f93e8071a0f14ba57c750ddac2aace284ebd8a0925d118e0c1be6561c11b19765aebf856be6ebb1775d50f60fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bca9.TMPFilesize
1KB
MD5d50c6914f7883eb9ff879c64b9f42691
SHA1a036db865a22b1fa4ca0ea0dd378cf35fdf44d37
SHA2567586723009e1d9b86189f5a11d748443a4e637e66d23fb55470dc369baead267
SHA5124dac4b2784d764abd847861656636ccced20df44dd86a92b4334d06bbbb735b125fdca0291765261e93fa1deeea1becea100f25e983be4bce289c2c6c336e3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5d71de2d16be1d1ab01a2b235851aa374
SHA135b38236027abfac4cfc88e3c3398ba4d18c2503
SHA256c6ab092b50987903a81c255ac5c4133286e6724aa28873dd9a164224e3c04d56
SHA5120162effd3c130da1e9381742fc54179f3b18023b187f98570e439bc26b22bfc1a0c8db62bfbf3f986425af24bac411037cc533d237cbeb5a327e3b3b0ae14dca
-
\??\pipe\LOCAL\crashpad_1516_CYHOTXEDLFCAFEBAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e