Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 23:22
Static task
static1
Behavioral task
behavioral1
Sample
68fbdb6c4d63b0f1e1aacf5c57ca0056_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
68fbdb6c4d63b0f1e1aacf5c57ca0056_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
68fbdb6c4d63b0f1e1aacf5c57ca0056_JaffaCakes118.html
-
Size
62KB
-
MD5
68fbdb6c4d63b0f1e1aacf5c57ca0056
-
SHA1
a22f61f020ca641663b165196ad0d563140e7d53
-
SHA256
2fdc34f17d05d7f0cf6dae73545434de1f4945b937cd6561d769aa6a9b4ff934
-
SHA512
99ba69ef49d0ee252e76103db4315c04148987714bde3ebefa9487c2bd6a2c89bbccb6de2140d1802cdcfda2c82b5aa890ea36ddb7835358f99fc1d7b199dce5
-
SSDEEP
768:iawgOriWNcaSoagGjCqzajM9/9QOR9/aUIrU3TGf1tDwNQ07Vg299j+WE:P/VCqAOR95ZQiVA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2992 msedge.exe 2992 msedge.exe 3208 msedge.exe 3208 msedge.exe 3672 identity_helper.exe 3672 identity_helper.exe 4468 msedge.exe 4468 msedge.exe 4468 msedge.exe 4468 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe 3208 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3208 wrote to memory of 1668 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 1668 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 4016 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2992 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2992 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe PID 3208 wrote to memory of 2660 3208 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68fbdb6c4d63b0f1e1aacf5c57ca0056_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae94e46f8,0x7ffae94e4708,0x7ffae94e47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2348 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5528 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008Filesize
44KB
MD588477d32f888c2b8a3f3d98deb460b3d
SHA11fae9ac6c1082fc0426aebe4e683eea9b4ba898c
SHA2561b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8
SHA512e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
240B
MD521b199b4bb889b359d4805644fda1ad3
SHA1925e8a8ac5dbcbd72a772125445318d634175a85
SHA256e414d15b4f741f07ca04c7a52298cc7942d75a9f69935918fdc79accee73d562
SHA512ad68bbd020305cd04120736698c0a3ff2c46353bd2e9ab72021de302fb2e7cf42a78935985beb97361eeb6f46417679429af8e118e2172b0d7a8b1abe9723c0c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
216B
MD5ffb745d45033270212abf62cbfbed34b
SHA1e74f79495c4d4e876ef2995f63bcfc223229bd2a
SHA2562e686d0aa3f19c744d134867d9c321da79b4c09fd4df4c6389a4268f43e18bc3
SHA512ec7473cb8123241934178bdcc20e0083b96e4749930fb12f00f4706d79db27ededbeed932c94b1ffac8b066c99bde23042ac23cb2c377d06ab3df507b84efdb9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD59f42ba2e515fae9d136b893f79d2477e
SHA1986bd927c78d2e5e5fa0de14c6ba7d761c0e18da
SHA25678e42d531b5ea626409491cc663d8fdce12286fd93881973c6545042deb50d44
SHA512722d013cfe002ef03f54326392134141fa56e183d564b4970b5ffa0bdae061f109480d43b97fcf9d00ecc3d35e310f36b975616c31c5882eae9c97e5b4e7691e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5f32ed566d93be9a9ecb8b919535c6481
SHA124568d55b8f9d0664e25e45e88c1d57c66769095
SHA25641caee25dbffa7bd02f66638e1d187112d7c3f20f8a2df805479e6982b829a0d
SHA51295e7541a7bc9f0de905382c826f278476afe51999c80e89cd6ca5aeecdbb11953aaa4e47d5358dc7c7c1b288d723b9f97375ff96d7357c54348dcd825407a088
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5d5901500077713b5f4a699fdbfb6a3b5
SHA14e9d41ccc8d0e3abc712efe765060d44f002cca0
SHA256024b03bab581f1b2e2ae61100c7a916e572ea969b5973bbfefb78f2dfeb0771e
SHA512f6fd05773abf0a178ff60fe6345d8aec22a3c10e405b633a47652959fbeed2c79a4f66fc83eb0764190f8ecd43ef12ffb1272156743304f083f2bd823afa8be6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD551827b76fc0a0653b15a9124cd993be3
SHA1b79f9849b73df97b1a83219ac9f05bc21b2ba5f9
SHA256925b5a0a8449d34a8de63add213b3d36fd25a111714529f78f6fd6266dfed86f
SHA5127bb10d6a4c6e77643cb4631a30f29441c3676d4be9382962154e0be97d6ad485a363ddcbba72161a05198e6860e8f131d8db48d00657a9e9ea6361121dcf3d63
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e66b20a784cae5a5c8f0c8ee22dc2746
SHA1546dc216a2c54721553bbf6ddee31b3b1e3551eb
SHA256da89718a658dc7c25451c1646c280aac98d6e4d6287dc175ef46c7797c514a65
SHA512895c3186ade177a1046d4fc2c571f07e0dcbaffc98eb5c8ae9c582ae3dc99f6e42f62fdcc8831467060b6d434aa3fb4e8d42f0e2457be530df38b0532209ef2d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5499a4cf244f42fab987b2c3a0686264c
SHA1a706c615a8a7cca8def653c5a255222a9c806bed
SHA256624598b702773e66d296137f9a1ab5aeda5c552bd74d448a972defd7ce8b0f51
SHA5125804815dc7ef6ce92956fc87f038b93c146729d5d26a815637822e442385a227f7146aa12c6f95dabe1559b1f03cb0a79d5e65d27a35de4c5a6bd2e29729a529
-
\??\pipe\LOCAL\crashpad_3208_SFQZMFQBRKDHSVPKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e