Analysis
-
max time kernel
138s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20-04-2024 04:41
Static task
static1
Behavioral task
behavioral1
Sample
fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
-
Size
716KB
-
MD5
fbf2edf34178226895115d926e7a7c67
-
SHA1
22ed7e2f8d8e45fda6ff5c2c0a702a27bb1a50c3
-
SHA256
31f81f616e422425c76b1d45360901a162d619d61cf6e2828c7d7767faf9461c
-
SHA512
2587b9e034835aeb83316e963443378b89a50fe91a9e1e7eaaa528543506d61dcb6f6e7508cf46225594e5b6cab1cc234368a6d7aef6eb7eedc5ef7c2783e49d
-
SSDEEP
12288:SEHlhuGsHl5KGuyGFRu3dcxH0qlPiJiC7ZVhS:zHqhl0GuyGFygPiJz7E
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exedescription pid process target process PID 4268 set thread context of 1036 4268 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4500 msedge.exe 4500 msedge.exe 4752 msedge.exe 4752 msedge.exe 4828 identity_helper.exe 4828 identity_helper.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exepid process 4268 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exefbf2edf34178226895115d926e7a7c67_JaffaCakes118.exemsedge.exedescription pid process target process PID 4268 wrote to memory of 1036 4268 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe PID 4268 wrote to memory of 1036 4268 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe PID 4268 wrote to memory of 1036 4268 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe PID 4268 wrote to memory of 1036 4268 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe PID 4268 wrote to memory of 1036 4268 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe PID 4268 wrote to memory of 1036 4268 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe PID 4268 wrote to memory of 1036 4268 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe PID 4268 wrote to memory of 1036 4268 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe PID 1036 wrote to memory of 4752 1036 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe msedge.exe PID 1036 wrote to memory of 4752 1036 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe msedge.exe PID 4752 wrote to memory of 3448 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 3448 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 2348 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 4500 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 4500 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 1756 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 1756 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 1756 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 1756 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 1756 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 1756 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 1756 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 1756 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 1756 4752 msedge.exe msedge.exe PID 4752 wrote to memory of 1756 4752 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exeC:\Users\Admin\AppData\Local\Temp\fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.03⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d1246f8,0x7ff84d124708,0x7ff84d1247184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4220 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.03⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d1246f8,0x7ff84d124708,0x7ff84d1247184⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD564836d9ed0fa36504e81806dfddba79d
SHA1ce09ebf37aebaf90664fcf7f20d9361c7473a372
SHA256ca4ff89e62d8fa19b959aee20a3eb90a032317329e392dc4e455dc7720651cb3
SHA51299debdc52571e358b1da6c4086d085f818d5a27b8cddecf68aeff0aa4600d9952277d4578c5d411d4cc4024c54704f5f4583d2b8d2146aef00c031b1ebad412e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f89eacc173016441580a1298f148d46e
SHA17e27c79728f54be41984235f7bfdd8a0bdcd3a54
SHA25668bc2993e25bb9f44bdd514acb1ad122806ffba33f21730a201ccc347f496625
SHA5128c966c08f3decb560b58816dcc8115f927eb58b96e3acfc2b7cc512654479fda45a3de77f9d4639713c8bbce65f202696613bdc66bb33444e9b5451f6cd7481b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
264B
MD590a7e2dc6ac13e34f17ae57983d3682d
SHA1fc2edb891b77c408b29af9ccceec0bd3cefb171b
SHA256fe58d2141bf5bb3ded002f9fc331f1e3ee8b34083512503144360691df051afa
SHA512fdd80f93eb671ae6284e74bbea95ac8793dc35173e39999305c13ea39e8e35f4588eb7ef4bced3f72456da2c97ad64fce4c206af88461170499580f820fdf9df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
437B
MD505592d6b429a6209d372dba7629ce97c
SHA1b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA2563aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD598ed9064da8ff932f59955b546a953a0
SHA1b83e77c72f601d01b408dd7c5864b6042af2b5ae
SHA2567d0128dc9a89d79dbee82cf755d67f5c406ad60a48970a4bb3b2f312b3508a1b
SHA51215297ef1a1d1130fda07b1a24989a733ad2b35004ab65bd48d89a54fb2b47110f15b36537959bd6316ee22de2f40f4a29c48a15d1fddc77fcce4418f9548c39d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD539450ab3da95e2988d02c7603bcb27cd
SHA111d4fd2ad468bfaad1c95a8f04b1eb28fa28d8e8
SHA2565902e29c048b91615a651825790d932255ab9b9376060df8c67eaa64c448fc35
SHA5127800c9b0bd39bb329f20554d5a6241b1cb54f0e1ddae3853e8e00299ba6adf4189cd5acb074e4d0c760200f3fa3174efc91f42df8a5eb6630d0bc786cff98847
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD503e7185d3ab97038a7400fbae0df8e0a
SHA10a76326d493cfa98474e3da0db42888253e3555c
SHA2565c55fa8f4cf9e791d6dab0f1f3b10feb39a7bf1561f315b8705ffa753d990b9c
SHA512f2d65d806ddd5e57304cf0aec491a0134ea61a1144c993ef1d455c8bf6c3297a7ad59f941f2727470faf9013f2d18f5e4e55c9ec36e38fa9b9600a47b3887693
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD55e5f9bd32aae6854212a031b6e300523
SHA1cc8669258e1434751286afd57da411a05c9998db
SHA25625750dcc8a27581ee9b900318146ab470cc1b7c57fb483eba9133cf44de6414d
SHA512c32061bf863417242b480540c28fcda97cca5cc0d16d72d2d1523a35a087a7479d74ef9f871ae0e328c378af07e58eb1a6d17aa3cd1c41d426a61bb6a02b27a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
371B
MD5302993d64c03e3208dc6fae5c4f20f24
SHA1e158fcbfa3605ba632be6f48ed5e0d437d5c5683
SHA256b691c19b49bdd6466a75d60bfc92d34b35d0e1b7db903a11806127122c58f947
SHA5124cd781e60b9df51bf511f9f648e519c42a5ae106d165c3f84836894afaa6b7c4b42831144419a4fe5436926d14c02d98da08ede035b33cc93c1bb5ac33966ef6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58409e.TMPFilesize
371B
MD5077a19d312e1bffabeb7c2c7af47ac3a
SHA18ba7e00f79f69d6b30bf7a044a497bf6111fa2d8
SHA256a24581138759adc52b87953666aba95617289ac9369defea247006a58b175be0
SHA51204d87bfa182f7f1fd7174e3b909d8c6bef1e841bfec1c76fbe726d80be2205ffc791af33728fc505ea5984617333c4980726b137a59eed51eba36e2186806d97
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5efad01b91053bbc7d2448393f5520dfe
SHA199af8bab33d0d80d0b4ff5a038762e29dd4c1455
SHA256dd19aa967e5c4a2aa07d7591a3a06ee7d96c67d52ca72be669cfb35b2f22413f
SHA512688e40912548cabd35f85b67bfd3050d65f607ac2535fd891bd80046c923547935d7923189b9f1c482668562d6493042986b57629fd75d86fa41280fc582ffe8
-
\??\pipe\LOCAL\crashpad_4752_ALFQONBKYLFBHPLZMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1036-2-0x0000000000400000-0x000000000040C000-memory.dmpFilesize
48KB