Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 14:41
Static task
static1
Behavioral task
behavioral1
Sample
63a768650061a7c68fb5651c0dc20cfe_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
63a768650061a7c68fb5651c0dc20cfe_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
63a768650061a7c68fb5651c0dc20cfe_JaffaCakes118.html
-
Size
64KB
-
MD5
63a768650061a7c68fb5651c0dc20cfe
-
SHA1
eaa44c3253e74b8098cf4d619d0c9554ed11c1b6
-
SHA256
477deba71a5189c10ef6003fdd61a9bdb581943c80da5f3871a9360857d2a5a7
-
SHA512
26962af58a18b0277bc370962fb3afd8eee403ff3611f4616c0e804ceedc38a2f171f8de15cfcb61955a8089719af442cd791ef57c277a07b3856897a450e4fc
-
SSDEEP
1536:bjCTupBPYOfUCYlKOyyPeodNhOHaQ5kfatwpbzK:HpBPyxyWeodNhOztwM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1584 msedge.exe 1584 msedge.exe 2348 msedge.exe 2348 msedge.exe 1132 identity_helper.exe 1132 identity_helper.exe 6068 msedge.exe 6068 msedge.exe 6068 msedge.exe 6068 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2348 wrote to memory of 2664 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2664 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 2548 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 1584 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 1584 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe PID 2348 wrote to memory of 4168 2348 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63a768650061a7c68fb5651c0dc20cfe_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
312B
MD5c13039c5945394ce10a6354c9073e211
SHA1dc9fe1d46e9b7efe877ff42c6ed6b4ab7f548d53
SHA256b664802965286a44273c9e317acfbb052b1944430e5b522913332869ac0845eb
SHA512cdbaaef9eccf998167906d74c1e2269539effccb52c6c84a354d8ec3663216427305a3298c730c8d38cd5840099d2e6a30c58917dbb590bfbafb1cc8a84de4f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD5f38e20a6ece0e89444c39f04d6b4f0ca
SHA1c6847fb6ff4a76cd8a2632c7da1ccf9889fd946e
SHA25609a6d04bd47bf86ca90fc8e6f1515fc936e932fd4f7d91fa336992bff918f53b
SHA5122cbaf0c52e32ce44f48a527de78757a88553e57711f615eb7a02eaff750dbfb090a92d3edd44ca7d8592fe4be86da16cd5a2263081aaf35cb5145f6f9b14b427
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
216B
MD594ec86aac7c97a3319ccfd3cd787139c
SHA1b3f66f324f4490b2bf1ef35c66946175d0f452de
SHA2561f07a359fdbd7ae2a584ea5361b24bbca59f56a05d6039e83447dc9595d68a10
SHA512923529085a753ff5a1d98362dba874bcf0b4cc775395125785deeb154851d1c8290eede8b9cbf7297b0afbd306e7049dcbb098929375bf7b2184f8ec118d5d4f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5f1e73b4fb14c73af545ba3e71098a500
SHA1f8e62f950501b6c8d465ba4a80135f7f7ddc7e67
SHA25686b06c05cd383d66b5e1edee0911e9ab79f4a20a4b13d134c2e26baadfee40e2
SHA51251eaf863eb7b2a564c58ea6206356f81ea060cf3171956553fc37f3533e80f2f4bf26a27ec25fdec74350eeb99c3e46011a4e3588a3e6058b7186105c20343e6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5ae8d80aa3cd2e2cf507dc734fe1fbc48
SHA17f68e260f867cc8b486ff9bf41a129bfd3368bba
SHA25677852a7ac0b9c86a933e59b17588f04d280f9fd762e6c0396bf41c65bd3846fd
SHA5120a75717b6a4ca21e6f81f0d1edf8a4f97d26168964753719466ea4e6b0eac02fbeb7489068a5deb4cf2527123c478843bed9727063551d338b441acb5a0c1670
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5f76772a6cf0866e697a72a4c129208d8
SHA1cc5e570a2714c56e00b6f5be962377dbf473bca1
SHA25662b063b27a47dd725540e384b2e594e4a135ccf992e42c89025724b5963015c8
SHA512ba7c6db734d9094fc768d075b39cdd95456f4ee2beb53dca3a6cc0b82bb06bb5102782e12eaa0ef95a3e01b9f5b9b5d29fd696ffab3b7ba47d27e5178a09fac3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD52a7de807068ff4ce892b91d96944d610
SHA191323bd5b3039f853ddf13f3098826a0944821a0
SHA256672a14182dd39ece0c607a954c64409b283d89f88f610b77cacf132c3d2545a5
SHA51294d0f1c836939427b1df5923f35559aebc7d90089b929ebdd55a1b1b9eb829365ed58adad00a75fc7fa9474d555aba31b6154a3b2871e966609d431e16614e7d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52484ad9320f1289de04dc457dbb93b21
SHA11a3a59b9ec75ea6582ac664cac5472c268de58a1
SHA2560328790dd6c430fa5895e86825b3551bab55c6d75f30d041e361deeaf2d11e57
SHA5121f80e532245b2d2643493c7acf90cf1e2bd904835763914e1b153581b7db5c7179f08d98fe3bd0921aee4f994a6ae217950cbc9a22b43f2d9a45fd49ac7b067d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
538B
MD5f492712d4505c8b9be11e710c270f1dd
SHA1c26000de491a59c344bd7b63521759709adf663d
SHA2564d61f2ecdf60b5477d1936d0c295995a025220621f7b244735bc7174afec4761
SHA5124a27e29f60c0dea167d1c11cdcdb0729476f29e5064ecb45fa1024d2f8dca9096a32aef70ea7a7ce1a8f01a3affa67a56457ac925d5a0ce96f13ea123aaa9d45
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581cf9.TMPFilesize
371B
MD5e6522526715bd7caf88318dc8ba07744
SHA1158fee41c4e47d78aac822c5360e289ed417348c
SHA256d3b3e37f94c9ccda47aa0fbbe9c40f3ba4405735c5f3a68daf5bf475e69a8413
SHA512e950c4e7d25cfff93a82555d7b94354dfebe2328ad5f1f94714bfa44bbec31327beaec20936f99b063a9fbb1945945715467032f510e9bc1cf7c3cf3ab6a2782
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5b31a490f1cbe169edeb6b287780d8d2a
SHA17f2ae5c286724065172544d007928acae843187b
SHA256f6d7daa43244ec89d3117b30237d6ba3746466a6b6b84f39cb010ce7bf80f776
SHA51218fef883d46b848f9df9b06e9476520906ee7047a59be3c004ac3e6e661706d917ffb9ea1fc3748d434aeaaac606935145ac21f65b77fd4bed98f47b06a9dcba
-
\??\pipe\LOCAL\crashpad_2348_YCZCKXZSNKQZBWFZMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e