Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 00:18
Static task
static1
Behavioral task
behavioral1
Sample
691e53217550a77859690e4213e79c9b_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
691e53217550a77859690e4213e79c9b_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
691e53217550a77859690e4213e79c9b_JaffaCakes118.html
-
Size
91KB
-
MD5
691e53217550a77859690e4213e79c9b
-
SHA1
5b0a3e4ead43826e32ebdecaece6804b34149670
-
SHA256
d7476bf61e881402f85198420556b1035252d21fc112ee2a31f59e9e7ad0c6e7
-
SHA512
50215b06c1d96f3e9a753fa1c916377bef517bea96de2f819c091ed18b2562dd148658e800b6757f5e9982dacb68935d445740f5756e6c04516ba9f816929133
-
SSDEEP
1536:bdBHv7ynvCT7WhOjapypM9t1m/yIqKMtOV:ZBHTGCTqgjapypM9t1XKMtOV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3216 msedge.exe 3216 msedge.exe 2540 msedge.exe 2540 msedge.exe 4152 identity_helper.exe 4152 identity_helper.exe 2788 msedge.exe 2788 msedge.exe 2788 msedge.exe 2788 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exepid process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe 2540 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2540 wrote to memory of 2996 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 2996 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 532 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 3216 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 3216 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe PID 2540 wrote to memory of 4524 2540 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\691e53217550a77859690e4213e79c9b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b8947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5320 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000dFilesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
240B
MD5c7b874076d29fd5680a4d26123c4cd4a
SHA1eb8759ff6770e931e99be531e2008e653fc43bd7
SHA2564b7f5d139cd309cc455bb22f828246b2510b414b8f032239f03f5a1da8f84e34
SHA5120abd8df00bfabc2fc7d2408c79eb9c9904c8d9c6098ad4e4866b105cf03e9df4454a33782b73d1c8338bb0e3715b41f0f701bd2f27cc25188ea795246b057319
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
216B
MD5e64f0ba004722ca9394402ec5fc19ec9
SHA103fd9eab9405a431432869017d6efc3607ab74df
SHA2563414b79e3512a0d9f240ee31caca400f55cfec0b59d7a66399a7edc7470344ef
SHA512cc8ec40eabe26580e02fc59a5cbd592e58096f1fb06701f5cece689535dbd74ffe98c20152ed6ae24b719fe0327b3ee55721e5669a48710bb573b043edd30702
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD50e9dbbab0e785eb6addbc5115400c51a
SHA16b6e3d104fd8a1318c9b141414c2819e1f86055f
SHA256b1c061d7391aef1c21efb783b1368c8f7cc9958a7093966510aa137ce2379bb6
SHA512c7012767204f04d80bf6cd2a3193198ca3f8fc321815ed8a242186dbd5cc316bb3ed00d6f4af3e93503e6a0a3c0138c0bfdce36b744200265dc6e257e07f9112
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5266b6b59a8b0e50641f28e414c4806cd
SHA1d205226b4f414973f32f10d788b671f8c0d9b950
SHA256ba859a01ae8cb39b2438f9dee211499846f36ef0efe92d9a91aff16ea57cd226
SHA512b0229a6226afd495bfe7b41e03db6352b726e6e016992dc618d48aa5367d1f529c384ec722a504f52416de48a23c32257e647a5fd24b0597b27d533fb9356647
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD59a70311e82fd1aea99a71f81f149c0b0
SHA1a5acd993534567639635b619e72efa95caa10b78
SHA25676fbaf12aac45c9de2532dff13cac39ec82b3af70ccff051d87129312bec3195
SHA512a85d690a061bfc4a9571ade595afa369b85a3db1ca4c6e55d74513f7c240f4c7070611054c22d23648679b88745a85d3adc6c56c9137b49651272fe62308f9a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD579be16fdb0e5a232020d3d3ae4960d82
SHA15f7d32b51e1df1dda0f03b856744ee22eb537c16
SHA25649ec81c85f1a51bec0b7576a4f6ddca3986dc82ed495f7fa917cc9089367e32d
SHA512dcdb06d47660fe089413bc74e2936b88f0546a492244244f465aa2673395e69a2bc0d42d2884597fdb92d48fcbbd18910733ebb5ddec107dd9c4faec0c1b4abd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD58696148e38499f7b75cd66cf1246bc0b
SHA170f7e3b26e6db9133fe257a6c1f42815a157b81c
SHA256b8dbbdad9ad1fcf2d19556a9ec7c57a66d918c0d0b374ddffd236ee537f9bbad
SHA512ef884c5136faa36bc49d781b0f332f9f2938218e3305cc29bbaf069dd154c0a7e72286982f40a44b24ccf1372e05d926473eced4f7ccc821e12e518c5c1dca2d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD570f40da775bb9c96be8de353be885851
SHA1c175eed9a6273abc730dc39810eb8b7cce4dae66
SHA256d5ed2a220142fdb4eaf963b513d6d1aab211be9bab7114572cc63fcf0d3c4f8a
SHA51241396d987437d789901c74422318adccea94338fb370e78a583c00c7f5b356c60455211ec4ecbd14499de1e67c3d4c19ed9a995aa91e9b8fcb75281e11633ebd
-
\??\pipe\LOCAL\crashpad_2540_RWJTJJCWKHXQGHMOMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e