Analysis
-
max time kernel
149s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 02:20
Static task
static1
Behavioral task
behavioral1
Sample
696d64b955d7b9034d5f173597f507f8_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
696d64b955d7b9034d5f173597f507f8_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
696d64b955d7b9034d5f173597f507f8_JaffaCakes118.html
-
Size
62KB
-
MD5
696d64b955d7b9034d5f173597f507f8
-
SHA1
3da1afee0c54b505a4381bbcd18aae0bd515ef2d
-
SHA256
f25d97ac3d1442bbffe0f5b1aea7deb91148776d3d0e6a9f40eedecce3a3398b
-
SHA512
d91d67ab340cc25471eb2ee4cce214f4de8ce30c49b22533c9073d8b2229e560b759967f9b09549fcbe228312938c272bf7e05e51fb8a1fe107a6722b2021232
-
SSDEEP
1536:grtx2542E1O2o4yUahK+njhT13afI8T7ZdzYzak:on001OjUag+jhT13gT7ZdzI
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3360 msedge.exe 3360 msedge.exe 4712 msedge.exe 4712 msedge.exe 3656 identity_helper.exe 3656 identity_helper.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe 1992 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
Processes:
msedge.exepid process 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe 4712 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4712 wrote to memory of 4728 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 4728 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 6040 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 3360 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 3360 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe PID 4712 wrote to memory of 5788 4712 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\696d64b955d7b9034d5f173597f507f8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa127d46f8,0x7ffa127d4708,0x7ffa127d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14721110516768186985,13927145236707090098,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4636 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
144B
MD5b3fb295e86aac068a056c072732ea9ff
SHA18afc6bc0d5968f68918cd47a4cb6d32d43e15434
SHA256e12e960f6171a430c2f61619609abbcd4eb71b2636b39b4052b700e7308a1c81
SHA51273d18401365ab3fa01284845c6f723f4c5b1c476e6936c5e29a50eaa403e4e2d0dd78b6b6faa8ad9ec883d081b719cfa1efe1e9a79ea7483b332c33e02e882a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5e5161f9b433ca9d232ccef17961f81ba
SHA15038c9ef020e4bfbdc4f1d3d0c9ffdc5be183d5e
SHA25645dbd87e7b17de39212aae56f11d099b32aa7bc33d1c5149cc3a1424011ecb86
SHA5127d786d94a258f9ce3cf7b528d3a1363905e87c41e8a37fbbeb11fdd29f4027e8be89b870ecfb5fb72a4f006e1cbe2399dd4462da2d271dd40e7ea37b0427a9d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5d76c1d0cab4c6353aa296adf52de4f1d
SHA1714674de99c4609ae15e2a1abd816f9696238b5a
SHA256d4ad8b4e748cf8766996921b12709cea1ff65ce8861b60ffe2a8711e7e93d817
SHA5123c16a3cd36b2496e2791e7c430aaa6f86dd14d6d62e4bdba5876a0ea47a7137d53d413622ab25f789f50307edb4431187789bbd57535d89e3697257180ff8f15
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d0254f107be6e89686d3fe4335d5ad35
SHA17834b989d13f8077300f0fa867114a0d40074d2b
SHA25659c1450bd527399cc585804e0d22d6f1489f19416fb4375e54959b5ec07123cf
SHA5122c076561fa24251b796f42e54eccf69e2170107dc22d26fcd8f0243d5ef4357a74fe94ea3d417a048f8e5dc348fcdca8a3fe9074714329aa4313a90faa0c04dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD574cb86404496b1ef11720ceae1bde0a4
SHA1d45a8544521fa41eebf852b27a612ed498ba1e26
SHA256df20e8c7fff4551c284e71a77adda60b225c886ab902122092a8e7700b2e61dc
SHA51238e7fb137196689622001da2d45a93a67736921aa830c36211d37b27a5c9f472b149848dae71cd33197ee496179793da97d4a8c8be63b9324495267886234614
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5f68df1681c0e72f27482a0dc65bfbb05
SHA1b470ce7dcde18a43605f24cc1b01a85afd46c59a
SHA256047eb24166a52247786fa613d043521297f331f2ab3a8cc75a110d082ee72466
SHA512ac78e16fe4cc76db72f4f4fabc5ea18ae2a87a67488d507546507c9c3290f0dd07a3759e6921160a4e129a5b2ff0ab2b6d71badbafc0c244cca50c8ce3ec822c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD57b05286059b30d012349e6c0020bee78
SHA165439624c00c2c5b003a5939eefae2edfc3f7e2f
SHA2564a0f00a74f96983c8f6dce75185fc1833fab178392425ff45899d09cfaf3f878
SHA51212c14f4e0f914d9677b68f687f0055e8a1fd0e027688b190d1d826a5c90406b54c0a0b8242aa4046dd1e29bf6d19f1b79803a0aa06b1ff8dca110a8dccb05bbc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
371B
MD52c8dc141e24c5b36fcfa671c829b5c2d
SHA1443925f4cbed3a19723848e0df64e539873b0c32
SHA256aeab710a7295f69cfe4b6987f55c235cd8c5e7c1468f1d5d044faf02d3ff18e9
SHA5122b98455017e09bea613f4fde2414a4b6211cf3e704c27419996b319ba4d73975c69dcaaac98795660a2be698be1655932d6e26333e62f6cbd8dba0854e63c5cc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cbeb.TMPFilesize
203B
MD5760b83f9d151a76ce8976491f60b5633
SHA1822fe120c5c267de023097148bd4e554f8115dc3
SHA256a15a5efc1bc0404514bd1b29db6ed1a4f4b915cc9caad9e7697451fb0fb11686
SHA51261a930deabe5610e5db5da76d28c3aa34c3e898ae07d4234d937e7988a47856432960eff701146862d0273cbb3a2c224923854ef0840cdfa1f844a3b26ddda70
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5d276e05ec8394e1f41e66d3dd0b7d835
SHA1ff2a52d10131407d905378fd429e783aba9a49a8
SHA25695e8f0d3ac29abedd15fd53aee29079ee0b9db5bfcde3a4ff0e48e79c06bd5fd
SHA512026bdbec59e8e17e4cb8288746e894394b5fe6417bc971acc3c7dc6344455363dd0f4d2c0ab82f5630d5d01dc3a0ce45c80b74b562bb98b48172f523bb3ed6f7
-
\??\pipe\LOCAL\crashpad_4712_XVNGNMFNVJHYDUSFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e