Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 01:18
Static task
static1
Behavioral task
behavioral1
Sample
6942cef37a941eab09a127e295d9bf02_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6942cef37a941eab09a127e295d9bf02_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6942cef37a941eab09a127e295d9bf02_JaffaCakes118.html
-
Size
71KB
-
MD5
6942cef37a941eab09a127e295d9bf02
-
SHA1
758b5709d1e17cc98fc2142eb1dff185d59d211b
-
SHA256
7ba14ee8db092b56d8174d7b8d5e235295f2efda15099ba0b4fd343aabe796f2
-
SHA512
fd30134a27d73a6c3751aa31e3e368e5d00984010ecf047a8311d39e7fd9afc54a1a3f0eb63dac3623405ca931c70d4f38f5a23d06ae5f92d0893aaca71f0e69
-
SSDEEP
1536:zl+S7HP2Jbz9dje0vefSe4qe6qeMqeeqecXgOVfNbCHrCeMoAMS3ISjo+:zcOHOJH97fhNbCHrCeqMIIyo+
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1576 msedge.exe 1576 msedge.exe 5044 msedge.exe 5044 msedge.exe 4280 identity_helper.exe 4280 identity_helper.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe 4848 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe 5044 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 5044 wrote to memory of 3252 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 3252 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 552 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1576 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1576 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe PID 5044 wrote to memory of 1160 5044 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6942cef37a941eab09a127e295d9bf02_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f40f46f8,0x7ff8f40f4708,0x7ff8f40f47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8535722829185487222,6775641523214574560,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD57d70b0a47172ea2675cc18bc85e9a009
SHA1e683111130c4ccd1c8855caef3d9751a29cf6cdf
SHA256a269a48d74dd566b96d57bcee214d3903812c1e1fea8e4301fa58f11b4897222
SHA5125cb58777e315e2b6404862f4cd59c79fe78a3e7c04986550456fd75e9a761499fe8e253c7ec6fe5d7e0275d68b7ed539d92bcab1e2d692fe21940ba4da1a1271
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
192B
MD5e147c86f6b21a036896a4bdd0e6596bf
SHA139a9a9020531c8b605b7e9a304dcff3a8665c963
SHA2561dd1d07991c9e7c10279270e3deb8dff4865cc0e56efafdf66f3879bf528a163
SHA5125220acb29c22efa68d3945e0b808b43bd1dc6d3cb3bd19aad986ee262485bf8111425355f65760dd9341af61ba98f7ca7adcfa31db619740d979bd5e8741f5e7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD55278b1047c30ef7fd2b0264a46b32329
SHA1d84b22b15a906ac204a3e08f3e019cae736c5c1f
SHA25627e01d068ed1b0b6c8311607ed3022c1469daa3aee39349ea6b50cdee2ea29d5
SHA512dd10009b73bfcaa0234039642479d58ec5b77f4b89d7514c3a3498f30313a9c73a7dcef61b18496f69061bdbc56e6a15bc75b530ea1ff32f4aae1e3e8448eb64
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD55eb474f4f912a8f32a1be439d5afb24b
SHA192ae85732566680f0b5248f90f17be8ab63dd53f
SHA25649a2fd308db5bc8c1292530ca526a0698946eb2c2eb6591b8904b87aedf29b1e
SHA5127d3f5add52e8b808eb02ddf751bc801e6de3dcd7516368af513f9354237309e3a212907fff9d69dc3e69c6bee8246b49088354200994e9b2afbc08034d0a8b9b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD54df6db96d15efbfb031eacbdf60867c6
SHA12f73b8cbc041ca0576219cc5983dcbc5cc2f32f8
SHA256c18283d137583ad7bdbdd6dbe7c9debea8f03d6f03becb0bff4cd9db05845130
SHA512687d744424a62071f9e588f5235dc9717488b263aa752ca4561e8fd9907d3de029802e942a786f0781c50d7c041636a003669e06e10d785fa440eaff8874b128
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5b2f0a97870427353473810ae5bc77c72
SHA19750f06c578bdd21e1ba2b34f3cc4980e2b01265
SHA2560a6fc12b34434444b776685aa73c9b885ddbaa3ab766528288b4ee38bd168dfc
SHA5127f16b8d0fc92955960696888d02c96960305999e480bab5d5bbf969e3a30d79e5015aa373aad1cea17be627eff61c44fcc61d6c5208efcc334aa7d0baa22838e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD598737951fff96f881bdac36829487397
SHA19d0615a52e4fd04ce3f860f739f73839c54454ba
SHA25637a6a12843a5f40988e3eb8af1e08f9a08321178216ef66d6048a9a11cf3dd78
SHA5124fd964304c71c3646ed44f37068b02e01f7bbf1a7db5c59e3556d74168e55b872bd1a14b79ce8adca5d6ba5c97a5d68a609e0db67bf789abc2734a6773d0b86e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
370B
MD513885d5c289591557abca60e61e59b1d
SHA10fbb574378abfcc147b23d1705e7834db6fa5688
SHA256806e678af29ed0bea4f8f3ceaac9c0d75cfb9dddb9181ae6360511c47483a725
SHA5121df36f39b015de1ceebaa81cea748518d202d7703b4fb2cb0a6c36104a388dbd635633938712c175ad35c3cf229e71b12d6c24b6028795e605423434ec01c251
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d4d4.TMPFilesize
203B
MD52b0207e39896e051a17da783e01051d3
SHA1c567583acf4d3b5c11ac376a8c43f81c606cef4c
SHA256586b5a56dc0edb6deced63f910ee37a1f61136dab85e7df20a9a564b121f0eb8
SHA512f959d493a8b5d775a4fdd5d4f0ed272bf87d58d18ecbb1d8290a8b97b00e38c8d08cbbb0c0c3eadade05e35079292295d2f63cafaa73cf457664bc7c51a9d960
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5025b88eb85b30597b6ffc9e85f54d73f
SHA150391bfedc591f9dfe0c7cd8cd8583bfc0e4dde7
SHA2561bd2fb7ec4f4555b260b3b60524cabe702cf8743a5335f3e899482dd22c28432
SHA5128e836e513b4a152461344b75333aa8c122e045e388141de8d603bff6f9ec97585f5aaab73705e533ec5e2561cb3af1639bf30cbf648388d37d083d5d59434548
-
\??\pipe\LOCAL\crashpad_5044_KOLWWMFCHRZPGIKPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e