Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 20:48
Static task
static1
Behavioral task
behavioral1
Sample
68946598c64968b6a12daf1ab00c6d1e_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
68946598c64968b6a12daf1ab00c6d1e_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
68946598c64968b6a12daf1ab00c6d1e_JaffaCakes118.html
-
Size
29KB
-
MD5
68946598c64968b6a12daf1ab00c6d1e
-
SHA1
b7d09582113e17353fbca09f70acb36e61ba5570
-
SHA256
030c4681ad4a22c6d0e98958f0ee73a6b4a74d5c7e3a12ca431227523be660ec
-
SHA512
bb2e93686bc54f627f84b73b60dbde92c69cbf196abcd25ae3f7b6c48e373f3e8c0a1f6afc6961d9658a308f6718d1bbf00978883d7921299aa62b53f49d3047
-
SSDEEP
768:9apTBacnEud8lKNOCvROtqI02SjN6iXpryXE:9apTBacnEud8lYvROtqI02SjN6iXpryU
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{4E0689CC-8DEA-4393-9909-EACC43A58770} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1456 msedge.exe 1456 msedge.exe 380 msedge.exe 380 msedge.exe 5764 msedge.exe 5764 msedge.exe 3128 identity_helper.exe 3128 identity_helper.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
Processes:
msedge.exepid process 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe 380 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 380 wrote to memory of 208 380 msedge.exe msedge.exe PID 380 wrote to memory of 208 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1036 380 msedge.exe msedge.exe PID 380 wrote to memory of 1456 380 msedge.exe msedge.exe PID 380 wrote to memory of 1456 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe PID 380 wrote to memory of 2432 380 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68946598c64968b6a12daf1ab00c6d1e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd077646f8,0x7ffd07764708,0x7ffd077647182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6544 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6676 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7932 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7932 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7748 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506Filesize
330B
MD5ae1bc6145db3cf395d8f440349d3798a
SHA10c3a6c8a1cf91d088439fefdaa601306c526ce7a
SHA256faba340001c554365e62f91f07dc9b3fe5f80707cfc99d195bb8414ec4f57812
SHA5120c04352c814e49e2246c42e77c6b208b46b45aa38f1336ef8a3f88a7767ea3f4d53576928c41ca18f8e53f72f5b9b26ba4e3c1444f2b8d66b5ae6d19a23870ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5b51498a577f8748a4feec47a5a67e90d
SHA14af46bc3e1f3afd646c8b905de95f2129ac2d097
SHA256bd371b91b4981c81b8dd686abf0b3d08854bc37cfe36d514696c1d8d8a315e18
SHA512fa78ad7eee830ccccb4ac4cd529f9870c1259ba34de879c25a89302288d1dabb06e1c7e575d04d2c5bcd0901cef6d6ef016f3c2aa598899d215105df8c165cbe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD52a1134572affe61d822c594dcb40a9e2
SHA171a0c1d1e8ec8742df46abb03a1ca214fe4fef56
SHA256a8755cb3ef588f7a8041b7a7e322faf36dfb3d1a08302dcc59cad40b8e166c95
SHA5124d40fc52bcdbbe4c9dc82f241bdf6a65fb6769c55ec4761b8a44bd4f5aa593adb3aa0cd7551361f9578dd2c30215d3fbe293f5e6259eaac8b68b4a4e39d5a2e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
6KB
MD50c2d0f6500f9790ff332ca7c5cfb5c63
SHA1c13a69cac36ac2ae6fa5a97614dba5bee8d67bb8
SHA2567a3b2b5fd0d627297d495b2d3521084d8efee3763eb503d8030eea076d1e8035
SHA5126861606a380990588bd910cc09216de602a9b09b235aa2f4098c662979af7d8f3016ca23834468a6df851182714acd3ebefad6e23e0e89761b6d9332577fa4b5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD51d448c459a631b4ca1827d05d8c35069
SHA113596402bfc556ad22890447923f493aad211bdf
SHA256c1be5dc166a47c6b8d3a9c788aab114b01065ad289e420c8ce542a984f6cfd8d
SHA512ed7cad0b3c82c193326dd9b29be3074fbe0cb4fcd3622f91aa8d6ede15fb629558c35ea83b006766c94b6cd247fe245551c54afea98c482f8b57944fee406a06
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5be28e3c2987a062dc7d2a20efe410c68
SHA1024eed548dc601f3c40ee17a330b4eb60f77823f
SHA2562500189c92e70a2bdf314537e1ff5746a3665f8df9015bb8407d74bcdda4ff4d
SHA5123e6b9be0c5687ac94b9dee598291cd56566de0197e8dcdd18ed54c6189c5352481ac7dd4895c42f4671fb424c50d128365e7975b54d60ad346e2404a64331b8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD531e9c445a6028f37c1d1a1a7d0d13809
SHA1d8977b9f72e54ad6adfcf2453e37c6cd901f7419
SHA256f75447aee72be8e0f2d8b8b2295cf4072ae6b488bca868a9f88c48f0995bf0fb
SHA51243fd38fbd790bb4e703a8a32e54af629320735a19d940130388bbc35bfc3c9de4a442bdb7e7a7c035f9d25a4e0f2ebb28e7ed9b6467037ad0517c8d364e7553f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5a00ed4ac1ed46c0e7b4071889f04eeaf
SHA1dec072f936e419780657f8b191115310c327c951
SHA256127c957956096d2199e060de49e1e688de04eca14c2c7ee3a61ac480164c57f8
SHA512838ca53078ce8975b5192edbc18590bf335cc067876127d6310dc76577153c7c49e11895cd0e08a86191c6078fa3aee9cce0d1cff88e74d8ef5762ec0f44072f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
240B
MD5ebb44f00a28155f25b5027f7f67c2863
SHA1841a4eba2e68ad8dbd9667457093df087b7d710b
SHA25622c219eaa4634dae6e3cd3319266af0c007b5fac0a2f61c75854bca026b2afc7
SHA512a17df3f9fa67d040d481d5d47fa808ef564a45d2770277acb1a1cf55661b39dc89daada690980d527453b8b1eaad06f88cc906d51ceb70604ebd592a60f8b95f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d0cd.TMPFilesize
48B
MD5ab24ecdfedd702ff0b8ff995b48a51c4
SHA115b1186e24475d9fc2782df0a25406da9b9b94e4
SHA256d21bdedc028750f443584c29d726717b454a38f50466f7c1b68ac3ea03b6776a
SHA512114d134356f44d2d976ee159dc9d9569b8da652a44e4236f9d48b8fd5743bcf5849d8235faa63f29d9b423da7ed5e5c2e3e91188c01b23499c4d05ab7ac4473d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
8KB
MD5c4059ab373641a045e3aedbaa7066c00
SHA1f2f1b11546d2600a60764178bf9322677d212d0f
SHA256a0f1984feadda801b7f67b540bd2ddc21ffdbad96ce7cdc5162a2e54f540986a
SHA51253b1b54a66faaecc6f8535491c2afd8f4443615a7a7b7275af54f53499d08bb59a1e1f944c21fbe017bff1ac99479b4382320005a1e7c9c021db22ce9c63528f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a642.TMPFilesize
6KB
MD598199be85ee34b2aaf864513ada50ec3
SHA150b353256f49a6c935b76b3871a771e1a03bce71
SHA256dc67240c80db1ce0839c4d5abb0df297fa067b203e4da39c6ce51ef8ec66f1cf
SHA5124974f8a95412c8df4966a3c4d79ef54980bfac69c84fd92c82979b2f642ed9b9aa4904343cdece6fa436b2741fffb3b19821cd2c67ac5567b9b09fc93e4016e6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD571a957a2ab5b170f666f935b3c590253
SHA1af8511c3bc0a0b8f33a5f601deccc549d7e97360
SHA256ab3069eadfa46c5c213a17cdaa234632a630114e015d57ae8925e7a0abbb3a28
SHA512442ee7005538cb1ef6ad33938af2750eeae98975665962624a65ec832d442e2dbe16e3f06c6c485c779df9a8b3d98467f0152797bd5e207dece98fe6c1af0ffd
-
\??\pipe\LOCAL\crashpad_380_EVDGBKNGUDBSYSADMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e