Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 03:48
Static task
static1
Behavioral task
behavioral1
Sample
65e69f5921f310c1ba9555834bee7249_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
65e69f5921f310c1ba9555834bee7249_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
65e69f5921f310c1ba9555834bee7249_JaffaCakes118.html
-
Size
175KB
-
MD5
65e69f5921f310c1ba9555834bee7249
-
SHA1
eb9df4db64b5f8335c1c6ffdca70abd9e64a5d93
-
SHA256
3685eb4d5556bdc3c84446420dd2b3055d8eac4025f434d74c1a69ec749399cd
-
SHA512
0e2f4de940dc7162034393da08c8531a9ec87e6260f2a92fda04facad9c1f028477586c862fe92b4cbdff646598999d5b9ccb9b35e2a65a04b4e7ae5145d4832
-
SSDEEP
1536:SqtO8gd8Wu8pI8Cd8hd8dQgbH//WoS3RGNkF8YfBCJiZP+aeTH+WK/Lf1/hpnVSV:SaCT3R/FZBCJi2B
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2720 msedge.exe 2720 msedge.exe 1324 msedge.exe 1324 msedge.exe 1168 identity_helper.exe 1168 identity_helper.exe 6048 msedge.exe 6048 msedge.exe 6048 msedge.exe 6048 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe 2720 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2720 wrote to memory of 3120 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 3120 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1600 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1324 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 1324 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe PID 2720 wrote to memory of 976 2720 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65e69f5921f310c1ba9555834bee7249_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe69fb46f8,0x7ffe69fb4708,0x7ffe69fb47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7250813319185909293,8388489056389574376,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6092 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001Filesize
46KB
MD577e80163afc68a70c09233f24c52f560
SHA103cfd9726d36b43c3b139ebcbe95c5a28ba5a953
SHA256acd729fdd132db79dc7a270cd50e19f5b7504b880936c2e77c20e5caeaec06a5
SHA512fe3456727a5d66fe47c89532141af464a14b3c0985c843c33018a2cde9b81bc1debd5cc201ce4dfaeaeb754236a258f45d666d9c905479c8f30df45b286462d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
360B
MD5c136d5b4a23f1bea7826ca31509ee1c2
SHA11da6f34c183dad2a4467cb953eaa95bc516a5ff8
SHA2561dea93af03b114fdcf57eaf1c69db26065c5223ed97099495e14ea3162dafff5
SHA5128a3fa7b47692504821507262163e63af0e4ac6bd9077174033f035eab92079b009274dc81946ac82f212f01216ce31ba7d74356b86b1b290ae2b195729f51abf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5efc6e33489aaa65f2dced5e080b0594e
SHA18af0d8bf1cf7c290329234f62f75bc19bce50e8e
SHA256b7c903f58242a1e6c98f75fb9032ddf3f0c1e48506a3177e04363027c5e01355
SHA5123ee40de6fdb5fe777121288b33e67afda6467917f304363bacec8cf1c8bb4d841d7e765b2c2c98bb3af3ac487745fd05c5b674eb9100a8bddcfdccfb72a77238
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5ebaa954703782042503791e8c0a2af3b
SHA12b9884746b1c8c9c9e70d239d6cdc5c4f43b9f48
SHA256f2148c4047b91e59e3a603f02a60bd97e1a92d6eec28e8289f6e53d3faafd7c2
SHA51277429a529584d31c777129c29a3337381a1a9dbbf5705339c0379a3e86e29103f76e6d974b6ee34aa3636827559ea15eb49a6155b51e9e2e6a7e3804476dd31b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD58c9ae9019b83748c88042684a754bc5b
SHA120fef07d2cdaaff45f5792a39d14e08824506480
SHA256822598e8dbf19b06ca84bed47d2a553a494a6099ab85e36335d685d22df4cd93
SHA5123e54383c04b619bfaf221726013fe1b5df0637a1e67dde947e80a536f63cd5f83a1b3ec7fb58f899f00a484c0df8bdc734b4495040b28938c055c36d725da5c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD515e2b0d767b559e5e57aea75ed716e52
SHA10e33753b3b0d0e887ff273b3edf03a9a36d36687
SHA256f470fc873b466a9074d80c14a0004c52a5b2de04b19dca7ebaad686bed4117aa
SHA51245350ddd514ebe8116e83b9b272ed3efe9355bb1cb2ee54b1bdda3aaf479df897ca3e8f31fc33a8c478149b015cd7abf769b65ddd6c87023f2a96cf30492f4e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5be0a252c372e42087f88fdd369a0b2e9
SHA196f6e4c7080a1003643dafd788afb0ac61c557e3
SHA2563e6222a6b5af79da1c14d5053a3efbaf942dd0a2bcc6b49970b7511f7781cd21
SHA5129c37bd992ff5b56c3ff1edf7ad1c00efebf2d09f92447c0d91f7cb62d3e494eb397c36490f0bb0acd6f93e31db71684387c5407a8b83ec0b536db1627bf8eda0
-
\??\pipe\LOCAL\crashpad_2720_TNEAQDIEFIZXNAOKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e