Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 00:23
Static task
static1
Behavioral task
behavioral1
Sample
6920d4a3cb10b6b0d61b2c852ccce1bb_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
6920d4a3cb10b6b0d61b2c852ccce1bb_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6920d4a3cb10b6b0d61b2c852ccce1bb_JaffaCakes118.html
-
Size
300KB
-
MD5
6920d4a3cb10b6b0d61b2c852ccce1bb
-
SHA1
a45b1685ed900fc2deb0351400b9244abd6d3931
-
SHA256
e964815b648c738edde20c120a60c986a59f0a42a7e206054c10eb4da6f691ff
-
SHA512
40cc2563e9b331b21b0d08c53f0bb521ed8f4f350bc01396bc5d538fdd0be0d77ed87525b0d7edb0f93f81474c2d236ce4afb7394f19062e4d781937e9d79845
-
SSDEEP
1536:THz0D+SbTTF1SjTLpEsNNkltM/jVII3IbIre09X9mD6o6Oo1Hxon0O+JLnvIW+cP:C+SbTTFqNItCVI2e9ccCiTCH
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1648 msedge.exe 1648 msedge.exe 4664 msedge.exe 4664 msedge.exe 1424 identity_helper.exe 1424 identity_helper.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe 4476 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe 4664 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4664 wrote to memory of 4520 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 4520 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1104 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1648 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1648 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe PID 4664 wrote to memory of 1308 4664 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6920d4a3cb10b6b0d61b2c852ccce1bb_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb2d46f8,0x7ffedb2d4708,0x7ffedb2d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3836 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
120B
MD5199210fb94f2b52c0f0e3804a691c6c5
SHA175e6c76550d9519f9e4d87aab58e50a4100fe651
SHA256303e314444e61d1572fb255393aae19331cfb87eaf5ccade34e8e8622e0e9fb6
SHA51211007d6048509eaf7e21269d6df6edf516c204e5d7b591de4d5a6a2d8f57814f6ccf71a01e0245201b4f831b6edad8b10d2ecae973df3f9672ba7f2ea5b79faf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
144B
MD5b6e69db273579e8f3bac56f9d03c4d6b
SHA157d0a0d49d31131134c9f5f1d0498b265f85f332
SHA256b5332f761cbfe8acbcbf44395ed5c306113d35c6efbc16b6e027cf805e85d165
SHA5127e5228088532865b87845ad4a190da66e49b56447eb34917d3498f706ffb8ff74b8c2b6e409e0fbfc7f18341342a6553afd2248a1fecadec8024011d94278682
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5a48f1525b8b05151165a2b2f254b7dc7
SHA1eb84a1de8111c5c80c2e28c4622ccbdfe80b79ba
SHA256f00af8c31bb541134a860fd3ad5dead07772c2d0bea44c655b5592c3eb55c7db
SHA512972da7c654dcdf5f13c62aff1bd3e07f5fd2ff0a22780d4883714dcdbef6ac5f8afa7468f92cc83f6a4e398cd620bc4fb4546271a5d5767680cf5081f0e89289
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5201bd14fda751a59d6a27aa5aa48880d
SHA1603f5c6d0aa3077d384ea20515745352918e8c12
SHA25600de87174c60422082cc9c3c9a166c09133d48fd818561f50aa8eb65ee074a2c
SHA51236c27dea3832885da6e572509734ff8aa909bf2e22de4f81d830a9ac77730acd937b2ec6c687bdc0806eb5f81d8afb0a069480de03fbd4c3643d81d8037a5cb7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b0839a4bb6e121d1c689122bf882f730
SHA1011f2f52aedbfec50cb515e7eb5340943d4b372a
SHA25609eb571bc270b5adf9205e3343e5882e70aba72ea13fd9dbaf5895b231f03bcf
SHA512aff795d63bf8de81cd93b2b827a61440c313b1526e5c4305e7a6dda60c8c73c544cdc3d8497b9729f649aa7a29716a99c8401b773fd012d4f4cf0b07da689f56
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f90d6db3c0842883d9505e347d2b9ce2
SHA131bed4aa8c74a90e94bd56120585e182ef699783
SHA2569f774d89190770c1fd400b081a5549c1102ef4f7ccf955d88279d1c884bbc88e
SHA512121ea3e765b3d1cb6bb28f741d7d2da5030ce7c35403882da9873235f31b1f32f13e69467c79a3a09bd75f8b9147485e7486bcc2638847b83cc6b8fadd088cad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD582f37aafca0468a46b14dc16484ce7d9
SHA1c25195ba814e5b72c101d8a43ad66276f4b88c70
SHA256bddd7ba63d12ed23bd08b481f78a22e441a8e6ee33809c798146cb34bf0b7852
SHA5129c287f7af965b5eb3bc16fe54b7f7308222319d70cfd1eef528828cb90d4ed480bcae908794137583154db1cdf2956ee3d2a51dd5ffce7bc76e2b9968b61298b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
704B
MD5777e314edf87738a59fcb11cb2c3e430
SHA1aa2e577b837a8ffbd208faf6cc28f1893bdef9aa
SHA256ff2385f9025cfe9dda4a52e10822193431a05aeb090fb457936e9b6d51302d10
SHA512192fe4a56028037950164b3523e66754a961b42c527b839439ba987545ca29d5da37684990d4c474d7d1630b6792b05bb23392030b14219395a5c70ecead01a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb5e.TMPFilesize
203B
MD59ef5e22fe6d2740ddf9a8a8ba63460f5
SHA1b6df3aa2f2d9c7a6b364fe74ee1b7488628e7665
SHA256f70c7076fdf52ba0a927293e52351660547c86bb223202828afddf99540eeda6
SHA512cf72f402349288353118dbe3355bdafd512ecb12b4179463d8701190d065fff4ab5bc8e8ed38f848f4a317e7219ebfec7c39c8116ef6a7c7d0761b8f76a68c68
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5599a7dbf3d17f3486710f4c2e678917d
SHA163d280c023c9baa9817729279a55e3c413aaa5c7
SHA25653fab9f01f38475c439e36e3811c060c9595594edac28502c7c9a280accf6a4a
SHA5127212f8594dac7568e42faa712b1c66abd17a8d6e120ba225956e8c860c52f257dd6a94f7293edf4d683671cbf8933a97e447cede6649db096b2c5f9dbda4e4a6
-
\??\pipe\LOCAL\crashpad_4664_CJZSQHJUHFFZUZMXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e