Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09-05-2024 04:36
Static task
static1
Behavioral task
behavioral1
Sample
28527fe3e5b1969082c1d470880f6a5e_JaffaCakes118.html
Resource
win7-20240220-en
General
-
Target
28527fe3e5b1969082c1d470880f6a5e_JaffaCakes118.html
-
Size
104KB
-
MD5
28527fe3e5b1969082c1d470880f6a5e
-
SHA1
a2d9d8f6f5bf95f02ffecdc2f3e34f5b087b37a3
-
SHA256
65936c41c4cb518c4b678fc7eb5216e18835a0d1d6245418e5ecede067d485a7
-
SHA512
451bd0239483c4120160ef52239ac1887b8f5f42807762ded91c12f265568671d217941035f3cba98bbf9a1b934ba4dcdbe6e3df5303b1305ef5f46d22cf80d2
-
SSDEEP
3072:AgJXyhGIxqc3nwDzC7cmYV1KdYSbcfrTlVp5op/iqmjqbQ3vVBpcyZ:RJCpA67cAdK
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 25 IoCs
Processes:
flow ioc 22 https://r01.ru/ 64 https://r01.ru/ 68 https://r01.ru/ 69 https://r01.ru/ 16 https://r01.ru/ 17 https://r01.ru/ 34 https://r01.ru/ 59 https://r01.ru/ 33 https://r01.ru/ 61 https://r01.ru/ 62 https://r01.ru/ 26 https://r01.ru/ 32 https://r01.ru/ 42 https://r01.ru/ 19 https://r01.ru/ 20 https://r01.ru/ 23 https://r01.ru/ 31 https://r01.ru/ 67 https://r01.ru/ 30 https://r01.ru/ 70 https://r01.ru/ 60 https://r01.ru/ 21 https://r01.ru/ 15 https://r01.ru/ 18 https://r01.ru/ -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 596 msedge.exe 596 msedge.exe 2552 msedge.exe 2552 msedge.exe 3384 identity_helper.exe 3384 identity_helper.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe 1756 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe 2552 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2552 wrote to memory of 3720 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 3720 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 1404 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 596 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 596 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe PID 2552 wrote to memory of 2136 2552 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\28527fe3e5b1969082c1d470880f6a5e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2552 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9f2146f8,0x7fff9f214708,0x7fff9f2147182⤵PID:3720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:1404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:596 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:2136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵PID:2056
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:82⤵PID:1252
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3384 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:5100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:12⤵PID:4004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14810857623400351446,9369980959670779406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3164 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:316
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3992
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2848
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
216B
MD5cb054b7279f043fadd1ae23724b75955
SHA1a908e10633faefdfce332906905bf71d9e84bbaf
SHA2562e0fbf39866793bea3930728f2088f4615c443a4c9bc1b428e98fdf5f85b37ac
SHA512562a52c573845d9c2a9b833bcc82f945ca929d4f0f333f95dbd2dd06bf7d5ef0158cd44172ec17b129373856cd6da3f999ddddc310d0c7dc1fade85662650503
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD58338ff0ec2bf33ce8bf7ac52c1949914
SHA108859266167cfc0ee96bca901b43a378088a15b8
SHA256205eebb39c8b3e46b3b16d5bcdb07a57ab08b97de0728f64802244cbd08128aa
SHA5123fb902a75ea5f05138f2bbb55aa067fe5670cdcf283b9c6cc545360908027da32d908e55cf2e63e897b28738fea52652590f2b61e3996ebb0a705c84357b33f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5f941bdaa55fcd68531fe10b61343bc75
SHA17c736d8791ba6bd96e5562688e3606b382e6c48c
SHA256a10007ecb09bc3b75fbc411a434db42430ecc78b4b92854c321a1d8edf739017
SHA5126793510cb24bc45a5e543412cc609c9c075d86d7a24b8a6be35a06f5a153457159183f9f9412be76ce25482f0d969a140d18a9f0a0bd4facd310c1a68d253e3d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b2b9d96e6fce3e17ff75549af9ad8844
SHA11c71eded6e506f80cb9482a8c38fb9afec02f88b
SHA256cebb0c7c1c370f892dd526a93cbe0449ff3cfe39ff2f9714f6233b1f710af390
SHA5127951652d519c2ccebb3a729e1f3fb326269fbb5aca380eb4e2b8e66a387101294059f120cac992323d6ff681d290a2b7f779cb37008d0c1ab2c82d46ce2c9f9b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD549335b2430f58dee5dae4b1c41d1ece5
SHA1f91a36a78fedbc2fe7e5607b79a53b028b6395b0
SHA2568af53a672f6805c313f92ac8aafbe8060190b4b8e4cdac3965597872502f23a1
SHA51280e443c73a14346d8a4d6f19e3e9840c448997b02dcedd37e8787e3ca76c7c3153c0d3c81a413dd68560090e66f27c76be6ac1bbb13a2941189da6e045deecaf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d3f78543-e9cd-405f-aff3-d10210a98f9d.tmpFilesize
7KB
MD514a7ba6552bfb1e97b029f226ccf70cd
SHA16df26e0749107e32d9dee0eafb9d95e8de2918ea
SHA256f6cc60b3ea3ce2065a216662b812bc293ce9d23d06a9e7f557653e84c337271e
SHA5127c5730f268fd2b3ee868f9e93d0d626d7934e5d61122cbfd0e8e0b1e6176285770ccdb61fcdd64deaa4918d63fe53d8252c0597ee1db1e9aac8fba44be7b10b4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50a608ce16aba574b656518baf4c79c8c
SHA130fa1571889d56c31ae48e15dfdcf0b4ba4f6827
SHA256665f589f029f9aa5eedd3d008fd800587cbab55e9efa6c6cd2f62ebedfde1104
SHA51295116a5594ac537602cf1365b0ecf30b7b9585726fc31db6e45f4e90f80ba9fe08148c3ad0d9a35ce6e214fd84990b54717fbea195c5667a95fcfc9dd73d275a
-
\??\pipe\LOCAL\crashpad_2552_AMATZOCUTHDCUOWSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e