Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 20:42
Static task
static1
Behavioral task
behavioral1
Sample
b51bf676cdf78201685eb77fc410a4b9_JaffaCakes118.html
Resource
win7-20240220-en
General
-
Target
b51bf676cdf78201685eb77fc410a4b9_JaffaCakes118.html
-
Size
718B
-
MD5
b51bf676cdf78201685eb77fc410a4b9
-
SHA1
fb34c8121c5a0a96905333f9f31253780edb3eba
-
SHA256
4ccd6f7310c56e6a657d7e0a28301397ab33a068178f8c06139880564695968b
-
SHA512
17490e67026423433be259a5796578a0491dd74381b225a6a5d193103f75967c5d12c48d1249177652244dce520ed6e86189e8adb2636fe594f770c454fd26f4
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 8 http://btc2016.atw.hu/index.php?welcome -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4612 msedge.exe 4612 msedge.exe 3500 msedge.exe 3500 msedge.exe 1444 identity_helper.exe 1444 identity_helper.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
Processes:
msedge.exepid process 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3500 wrote to memory of 1568 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 1568 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 3668 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 4612 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 4612 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe PID 3500 wrote to memory of 776 3500 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b51bf676cdf78201685eb77fc410a4b9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4fb446f8,0x7ffd4fb44708,0x7ffd4fb447182⤵PID:1568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:22⤵PID:3668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:776
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:2348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4832
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:12⤵PID:5096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:2304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:3688
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:2408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:12⤵PID:1916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵PID:4388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:12⤵PID:1220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵PID:1556
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵PID:4112
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1444 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:4352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:3692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵PID:2496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:12⤵PID:1556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,14738576162892811823,9374542562396925149,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2440 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4472
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5088
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3540
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016Filesize
203KB
MD599916ce0720ed460e59d3fbd24d55be2
SHA1d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA25607118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA5128d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
720B
MD527cdb4d6a44f5904d4b0cd7c859cf1f5
SHA186b639fecb622e65191c8218542372edc4f12544
SHA25633f0fbbed828b2cd7f259a7269f0d600188cb06623f1125b1ae0ad625fe901ad
SHA512fc26d8692641ea8df34015907bc421143de2452573a7215b7122cff5989ad0b6a08b5fe3956ab99df6c8c8e1c03de99eff159fe16e36a3c90f6ac8b60b3dff60
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5754073f8ddf54a96411e92379b43144c
SHA1205288e2d217ca137cdb0374f5c313e7a99a35ac
SHA256c0afad9f9e70eced2941c6dbe99882d54c3f7dfd0a445d911d63c750113df3fb
SHA5120930b21f333c40650e81ee158d57d383eabee711d2b405dba8f85157c90e9eeb743df2b66fce51eddca817d4403acfca4fae798a0b69b3ad05c8fad4481e515d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5284cf9954a08a7c65f4b36577af70028
SHA1104305f799326279e137f3cb10b5c6ce72777268
SHA2562c13c52d74c28859c7e1c97ba353b200e7fa4bd5f433e258f647827e0b8074c7
SHA512a043ab1baf1bf1a3c933be9b6a740593201f47c5014380e1dec0afcfe9c42e5ef19b4690e1e0e24e36d910c6e2f8e621164f4c3e358975c1880b9cd03d3b6481
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5ec3fd158b33d2ec219c4d900f85ffa5f
SHA168bfaf986fb24c0e3ed83ff612016c4c05b32928
SHA2567cf1a9dec63fbe11f7e9519b437b15e74552b8e040f2243280a09d3d4f3960db
SHA512f84eb8bbf81b5878fae6fa7e8edecdf099b3406db9d527a32a0c21861c6293939e20135dec1d36345c64d6b1b625fce3adde112c9ae351f503e76269aee03cb6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5a7f95f553f8f9b5486f046a8f5752b34
SHA1d8b34be631ce5cda1d8a6b0bcdfbc663b91632b6
SHA25693bb00f12805ce6522e10cbc651b4635ae2d32e816da8728e4af202d63c4bb19
SHA51245b596dd9391dc67794ba0b3a17428f3e30fa5e0892b7430cc41699a0eb85342a55d031d13f98165788455d5cffa4362e9514e898001e0b1e716266ecda37be3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5614c4b13f0e29d6cc09ce45c2285969d
SHA137be8b5417e96ad6da6fadabb2b87c713d1b1d51
SHA256cf3be6e1f917d0ce2f5370a0a0a999e08366d9daa962697a44f32055f4e62fd5
SHA512f367570586515007c2300b24a6d231c92abf5dd2b4127b083ba1d15e0779f434a41fdf28386dc84ace04741d68839f387b57adb542e5c82b87a50e69da940845
-
\??\pipe\LOCAL\crashpad_3500_OAMTLDPXSZJPUWWCMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e