Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 02:20
Static task
static1
Behavioral task
behavioral1
Sample
65aad4d6ba4e7668191d3806e006a629_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
65aad4d6ba4e7668191d3806e006a629_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
65aad4d6ba4e7668191d3806e006a629_JaffaCakes118.html
-
Size
92KB
-
MD5
65aad4d6ba4e7668191d3806e006a629
-
SHA1
935784914352d5bf43783212c4fb56d9d7ae1db5
-
SHA256
cc14d4a6ad739cf34276c8b1a79ffe9b543936ccf42c08b9cae752ccd56a5cca
-
SHA512
a11b17fefcfe5935de6785e7ce0f5279c89af2b53bf71b833862d60062fd2033f68edd5b1a0e7a8315d7030c207a4a1f8814bfe45d3607c242df87df37acb0ee
-
SSDEEP
1536:9nSElSsV2DVTbUnzw14qVUDDkbzhdG8+cFbecwcbcFcPUctRFc/cMq9OuFFVPh5w:9nNSsIDVPozwrJOu9zMmt2T
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4904 msedge.exe 4904 msedge.exe 440 msedge.exe 440 msedge.exe 1896 identity_helper.exe 1896 identity_helper.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe 440 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 440 wrote to memory of 464 440 msedge.exe msedge.exe PID 440 wrote to memory of 464 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 2528 440 msedge.exe msedge.exe PID 440 wrote to memory of 4904 440 msedge.exe msedge.exe PID 440 wrote to memory of 4904 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe PID 440 wrote to memory of 2184 440 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65aad4d6ba4e7668191d3806e006a629_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a1dd46f8,0x7ff9a1dd4708,0x7ff9a1dd47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,2288297743019449292,10788059753806455263,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000cFilesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
144B
MD550309175f9e080e990dfd44ede8edcbf
SHA1f7cb5ae3e2614f3e429b64dc30e2602ddab4110c
SHA256a34fc6eebda5021c57f05efecdf96c46048a3dd3d21539836cdcdd15f7fc7ca5
SHA5120db4dcfc44d1fd93de8f8420264d62e4e50d540f6b0c36ac7225b5161e86f7a9260fc80f801cc4e918e130d846fd252633b99b6659c511696653a3bc96304942
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
120B
MD5a5de87910f8ec4331a2f5ce2329338d3
SHA14c58434cc1d5d242b435e646f86a31e0db049143
SHA256ec34e3db8b0b30b1e0b82ff9954e2d437965eee0a5aa639ac9abf6e38dd183c1
SHA51262222f914ec6935aa7bf6beff91e45c17aa456e34818bcba084c91a560120e8bf1cfc5d9177dbc5127f76d48d3983cf0dc0dfd1ed406fae7fc7d9766608c826c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5dd9332fa49fcb251c6d751323b10648a
SHA16908f9cdbeb8ea91746b7ccfc347b4e0507ae9f9
SHA2561cf925253347836067559fadaf43a746551f5da1d040586ebcd4cdd123a6dd6d
SHA512792de6724ad5aa00e51b7074cbea615f18a2c36f138976f28aed7d8e66159202c7a31609e706782166a357a6f98298593d2edd03357067f5470392f6d88a25e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD561d40c80d381c2458e283dd9474bdffe
SHA1bee4dc9c2024735ded265cd9ab54d06354931a1b
SHA256471c33fa82228e0e857b05285717c3076b4acac50f9f7663794d1e46fbbec2b0
SHA512faf8523b5ae32bf5b2f8bc8ee4684b307d755974f7fa3e469eefb6adb183acc5752575dd6fd986d7dac5df9bf1e93ad9146838b30069ea2bb268f0d74a497460
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD593c570e0ef2f8c5613b690817f36fde6
SHA10f4d6a43ac71460af853b9384a6af5533c1ab665
SHA256acf900c925f550e2538f203088405a5deff30a0b2e2df4f283395c7f5d657edb
SHA512a7531624cb0939ad9d24e74c21dbd47f2da941be9328545c9a70a96c1154a164593437ffb9f25f21aad5fe74c1daaa08169c0d41736ba4b8af11b38a225242bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5e4b5a47793fb7cb181096d5075b525c3
SHA18214f30b20bf58b0a7a8ded05d258363ca121c0f
SHA256082c4430b8ecc2a24852ffe4002e09cc20693eccb30797844e0a1779ccb840ed
SHA512fe0f5fa45d58e73998c8fe7f23ea1b356fbace3b6466cc6fc166072142864120c53698446caaa40c4c502d16aeb41c8cf60f5b07a190dc579037885c3dd1d1b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5f4d4af204850860c4aafa1198ebdffcb
SHA12d7a2f268eb19f67ef13e3228ccf378f87f1dee2
SHA2561236f562eb4b5b0a0a2ad955bd969040e67cfed923b05ce70679b4d7ebe5c990
SHA5125de06c125630feda6415bba4400b2468a49e1f2e57c0782e159bf2b493cfd3ed7f284a005d1e625dd1acda9262287034eda9ad41530532a37e48fb857ed2a9f1
-
\??\pipe\LOCAL\crashpad_440_RXTZWUUJCYTCCWTKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e