Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system -
submitted
01-08-2024 21:03
Static task
static1
Behavioral task
behavioral1
Sample
81c3f6270b8b56eabbfd1b652063b0e3_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
81c3f6270b8b56eabbfd1b652063b0e3_JaffaCakes118.html
Resource
win10v2004-20240730-en
General
-
Target
81c3f6270b8b56eabbfd1b652063b0e3_JaffaCakes118.html
-
Size
61KB
-
MD5
81c3f6270b8b56eabbfd1b652063b0e3
-
SHA1
5d617690796d494d622986a092042218dd6a3f95
-
SHA256
2ca847698a2cde58795585454c6e0c47385968ddaf1198ba9d2c346bb0a621f4
-
SHA512
cc839e572b9d0d5b765fb9a9e28e755308875b5a87a2bff37385b5fb8151ac5917a55a10cc9b74fc9f9e50a29497dba378f4dd6440668f55c40e55a84fdd820e
-
SSDEEP
1536:U7jdhxlJ4UkT0ZQuPxxVUd1oh6uO7Jo9FZFx:U3d9+LMQ6JUd1oh6n7Jo93
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2952 msedge.exe 2952 msedge.exe 3284 msedge.exe 3284 msedge.exe 2400 identity_helper.exe 2400 identity_helper.exe 348 msedge.exe 348 msedge.exe 348 msedge.exe 348 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe 3284 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3284 wrote to memory of 2320 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 2320 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 4644 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 2952 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 2952 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe PID 3284 wrote to memory of 940 3284 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\81c3f6270b8b56eabbfd1b652063b0e3_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe138046f8,0x7ffe13804708,0x7ffe138047182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6586036825616258186,10299009554343349068,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6272 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58edf5aee848362b3fa4c7102382947c3
SHA10ca71672592fef3c37dbf92a155d747c927b433f
SHA25616594552785f10884854bf38d179c9c3d26d023a089180bfe5a3ceb03c395e6d
SHA512a8863cfcea01c05938edd34690db467f0d429f0598528f23392ca7e7233a9b2fe2eaf7b886ac965e22e8c63ee79af84654e5b2f7e94033e5f54622f7b9584893
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD578d53c4ecb4f237a195804abc28ebb1e
SHA15b036abe11431d0c164cc5427aa7eaaa2d8d1580
SHA256b1ead24150c5c17d1e8cdfaa64b4395cb1b0872c6f4bb25eb8e024ba0e39c847
SHA51290c1e12b736dc1a644262a44141f4bd7eb5fe935249978d1ff083e39017652ab847107add5b5fbeec6318db181cd22a728938fba7c384c8023ed8e3c03e61496
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000eFilesize
21KB
MD505da0ba82e7797f5544acefcb87bf1b2
SHA142872e7c218983b293da9b8330c621cdbe1a6267
SHA25612a685f5bde1a018f98b700782377d1640f7a1ce6a7f5da3900911ec382c787d
SHA5127cb503efc6ce9b3c0aef5a3542c4a95e7d3bc16cdaec394905ebb8c79ca05c4b7317e668201a1db2b7ebee5d79d57ee28c5e1e3159c3b744f3309b19b84b6a7d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000fFilesize
45KB
MD5e9d439802e86f4bd21b443d97de8689d
SHA143be680996fbf959b86f441f5575251b15bbad3e
SHA25613d296d36b1cebae0065599048c3a1f181c6dc435d4af2dcbae6d9461ed839cf
SHA512530f42ee9576c18d8865b5f81b8dca6bc1e657cdc73c3e45cd27588edc201a20a55712ff2c9e92b05e24edc02549ffcc06b3eef1315faa55a1cbecbfac434fd9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
216B
MD5946229608d608b59b457f8362ab97968
SHA1fac6e0dfeafe630b574f7a519219a2cab07918a4
SHA2568890dbc0fcb471da50851ebea6f125451ad03e0b0ad42c84c88e3b92eebae9a0
SHA512a3ac3cd7715c859534304e861ca304f493e882e6bd313d5f50bc028a680f8569e1105431a1beb232a556651201ae81285c0efe39ffe2e4677e8bf8c6fd03a71f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
192B
MD5c18dfd111fb07edde69617cbe59a9bfa
SHA10ad3148d934fa48e70a30601629a1f14ce3a630e
SHA256a2fb119a5c9abbfce47a417c4e2390c5f3072d81025bbb6317d6f1ab0034759e
SHA5128a06dbc582eb99f1163ec6c2b4a96a1d8109d4faaf7803790ff2468dafb8141895ded8babcb63127ec1092cf746f30764c4a53868a5979f85f8b229984b0575b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5f77eb20c4410a1b52a4349592b33d3d5
SHA190355015b1465e559cd0d326696ce82d330f78ff
SHA256acb0c4bf477913e4d701fb41b939a26106a77d57daf1ab527ae99c2428c0733d
SHA512792341d14f9ee3efab55cd50f1541e51ecc8543fdd7c4f1bf54668f58d0ba32db4618a12fb1004167ca51dc96b4984157c1edf786b69a66becd6bdb108724e17
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD502d5cc51e0788ffcf10f441bcf637c46
SHA13b2887cb7b43f990e7323bcca11210e03e7f1eb9
SHA256a86e0d87fcc2fd9f7f48eb787fdd5720fb05fce42c1767644f461ff7358ef202
SHA512cfaa32b3b4c8fad5b1c875e3d694ebccc97a506e285724728f6cfb9dfac214f72f29a5630a4382ac62d5547df3e9e03e847fec488350e049dde607a7c6af6bed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51a60eb2ab081712e67c5b8974f6df3a0
SHA134a914f6863dc6e7948d916afcba0b6fd264bba4
SHA256cd1b95038ac4d5bf397e44768e28438ab973f5da2182e35f17485d8f35c2da39
SHA51219620107b539f6e5f4a4c7588d0fb7de2b0c85949981715ce3749e3a64b16116ca9af10b89f2efc9ed3edb88df82255f144398b3f457d0d4c6d84df069563ce4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5edef4b73e6e69ae835f66dfcea565681
SHA19f79fd498c71b6e6517f3205fdcf4c640e49ae7c
SHA256040e5b263a24d4f6164e7c4bbb53d030a513becf159895e02229815e57f328b4
SHA5125330482ada612885faf243b25ea30d12a97d56b284157cbdbd93c75e59ee07761ddad5cf44664cd26175e83ca537e034d8f06d544f72f3fb4eb4e97caf8cf8d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5f04606dd4eb6b86ec334984561766f7e
SHA1855c6807318ff918c0a95706ab82398b1421442b
SHA25672e2004505c723829b5f397c1b37af48f90c9c80d11bcd3d9afd7086ab6c4258
SHA5123afe296cdefdbe98932946efd4dc51887d211363692523c9b6d0f0cb378d263b5b0e60995a1b18cf391a7a66dfcbf6f87f80a477debe0d3c9944ae0a575510c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD54fc2f466f620d3c8033e57377677696e
SHA184cdc38a4cbbd645fa3bc17bb0951eb89667f7e4
SHA256d5669989fcd95b6be5bf03d3bd00e1961e6048ac0cb5fa46eb38ba131bc612d2
SHA5129ea23a44aa3dfb9a0ae55b2fe332e5d1cd753a339d9d386131fcb06436c56b602e3226a873fcc2edfb4b44d605da583fc780731bb41a1b86c081a2a88e1f1faa
-
\??\pipe\LOCAL\crashpad_3284_CJCIPGSPJNGPKJOTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e