Analysis
-
max time kernel
142s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19-04-2024 15:46
Static task
static1
Behavioral task
behavioral1
Sample
faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe
-
Size
78KB
-
MD5
faa21909fafd0de6d6ceb7fa0227af70
-
SHA1
053b8d82db39eeadd3ccfd1f0374d017633f140d
-
SHA256
522265bc8033811b64b6c4967bb5e60d98749fe9228f0b194af51c85b25ad7a1
-
SHA512
bde3a1917b7c815704a2d288156b6832bcfabd534fa05fa07b797aa083bf0ce29f2ada25a512aff53fcda99ed280514e6a9034080edc941c06e07125d7e2320e
-
SSDEEP
1536:e4tHHuaJtVpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtf9/H1pQ:e4tH/3DJywQjDgTLopLwdCFJzf9/M
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3100 msedge.exe 3100 msedge.exe 3600 msedge.exe 3600 msedge.exe 2732 identity_helper.exe 2732 identity_helper.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe 3600 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exemsedge.exedescription pid process target process PID 4988 wrote to memory of 3600 4988 faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe msedge.exe PID 4988 wrote to memory of 3600 4988 faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe msedge.exe PID 3600 wrote to memory of 4732 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4732 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 4956 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 3100 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 3100 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe PID 3600 wrote to memory of 1668 3600 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c64546f8,0x7ff8c6454708,0x7ff8c64547183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c64546f8,0x7ff8c6454708,0x7ff8c64547183⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57b56675b54840d86d49bde5a1ff8af6a
SHA1fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811
SHA25686af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929
SHA51211fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD548cff1baabb24706967de3b0d6869906
SHA1b0cd54f587cd4c88e60556347930cb76991e6734
SHA256f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775
SHA512fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
264B
MD5b909f47d0164210c4cddc02b36f1a433
SHA14afa32e7e4261caff6f9924824d388b9191f79da
SHA25685f7354a5272f44591ceefd785765221b62b17059f9b2ecb668b4e41ca1c2a13
SHA5123d5e599e4464866d044c21b1e0b8dc3cce80d92337dbbc23d6956de242e27223bd552c07497b6ca659355dc94b5ce538b8668149de06261c2433583c128f7277
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
437B
MD505592d6b429a6209d372dba7629ce97c
SHA1b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA2563aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ea6a0b3f5b8d9e1573288096b83d3a5a
SHA13c3f8ad3006041377d063c4cb6675737fc76aaaa
SHA256393e8186b2fd3b32895cde693abba7163ec5573c6efbbebb27ce2479df69d272
SHA512390ad8324de98b31a532014a93d0299f4cb4cbdef2d417b63f6954997cfbee474587b2f5c31732a61ee44b6458139404dd51b47f016f12ec18b03ec4c06762aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5bd3a147d94ce90e84b574adae4473c73
SHA133782141f2279ce9e3314a2ac76f3d95dd50dc07
SHA2564f32c295b9e00625fceb7717b2a90bf7ac185934ec293f607f10f1b22f01419f
SHA5127cebfa65d6a9fd538572bd9c1211a9f6ae51cfdd0dbf2e4bab450a80d7fdc26abf527c358709bd7cbd172e21e705460f3e21dfcbbe7cc306fefb5dfc82829e69
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD56273d0da0d522ffaf42dfe49b0a5a895
SHA1b5d76a63a7b6dae6ff505dcb67e7333d2b75ef60
SHA256ee536eceb597b14873638d2947208ba18353eb9a22c8cde87e9f61e8da61e41f
SHA512e1d9ace6998eff36b767466693e39b1cd2ffeb4cfe078292dad53ddd162be29ab1dfa806f84100adfb82b1aaef5cd17794938b26f24872534bc10cada526ceb8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
371B
MD5ca1b15a7bb789ffc5bc5b4b876075605
SHA11c1cc06936f3b57c02b4a878e7e9a98f27fd48e5
SHA256f58b0e11672dcbaf49a0cb166da27411d77c812344108bb69058c9473d78673c
SHA5126c91a1e569b6e3f5d0cbd358de044ad33956df28c2c1d03937b6809c31e1ff74a34e42c3d050484aad751fd8fd9cf8588fb672776e88cfc857bede75bd017326
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
371B
MD52bf60e81e237d7895f67bc235f1693dc
SHA1aca0c264c330ef3cbc6c0f7bbeac40da7a38b871
SHA256022d3fb84cce45f9d0ea638f87bbe3c93d61657ee87f04d6e2e52c1fd0219c3a
SHA51215b65441fcc51d47620ae0f98708248b554609877dbfa02e52b4368706da7e4449f8ec05224016bac1a6ba26d02005c3f7ff92fa784cb7f6a67d53900827dde4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ab05.TMPFilesize
371B
MD57c087cef9346f7cffcbed1a4493fed6b
SHA1d883ac0ecda312fa9e5d7e9cca4eb28b9a282f0b
SHA256aa3ae2feb7ec9a8a2b89682f999d83544451f8e36bc1b6477f3bc54c56a52bdb
SHA512085314d809cdec87c12a34640ac6c6f36d17112530a43753528709ca2ae4dcd72266ba62dd7a08b216394b4c1780fdb465497cc605c90176354806e2071b37e4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5950a91a52f1b27d54685927f25a382ba
SHA1367833db89168312d195a73f838ecdab55ff5454
SHA256b7b5760d4d3a9c1fb880858f8f30c107627eb07d7a6c179d7dc887a4be013fd2
SHA5121f7eadbae93617b70972ef498956d74e7018401eb95e58313d5503613a185a968d480be5b05963d6eee90e11910bcb8f74c68a501f05b4c694c78dd8b72e509e
-
\??\pipe\LOCAL\crashpad_3600_SAHUZZQQRHSDAZFGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e