Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 16:31
Static task
static1
Behavioral task
behavioral1
Sample
63f84e1f95f6348c8675186775abde66_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
63f84e1f95f6348c8675186775abde66_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
63f84e1f95f6348c8675186775abde66_JaffaCakes118.html
-
Size
175KB
-
MD5
63f84e1f95f6348c8675186775abde66
-
SHA1
7c1a2143e62bdaf41b865914ca86c16e3878457f
-
SHA256
657e858ddb147ae83162f187e1428f5c94c80074c0a73e19bf1dadf10c692b24
-
SHA512
dc7c9f35779dcf2b8e207f50f7f31debb9dad6562296911c13242695ed0223992603673d706f377bbd608c17a32bf0548aa6e7561ab7a1a13d3255ad088178a4
-
SSDEEP
1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3rGNkFuYfBCJisd+aeTH+WK/Lf1/hmnVSV:SOoT3r/FHBCJiNm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2004 msedge.exe 2004 msedge.exe 3728 msedge.exe 3728 msedge.exe 1256 identity_helper.exe 1256 identity_helper.exe 4260 msedge.exe 4260 msedge.exe 4260 msedge.exe 4260 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe 3728 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3728 wrote to memory of 3272 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3272 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 3640 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 2004 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 2004 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe PID 3728 wrote to memory of 4968 3728 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63f84e1f95f6348c8675186775abde66_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcda8746f8,0x7ffcda874708,0x7ffcda8747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,16973082116639860735,6343401757878826685,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
360B
MD5b5dd603b0483fc9d69e834562993d216
SHA15c25d954a258205ae46fd441bed75ab8cd74061d
SHA2566179d3327c4e94dec413bf9580dccd46ec6d5c7764da9fc6d965784120d86af6
SHA5127ed361c3e0688bbba2c4a781d46cb60623a1fde88c16e66397fd69f00940dba23cb6035df3675e281cd1fa9cfe2492935292a86beb9fb9cbc4722e74c08c9c95
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5bfd581afa6177a5008ca41a769f95ee1
SHA17b963ed831adf9696a3b56c5fdf2060ca7dd13ca
SHA256439142ba6d40553373b8c33fd2dea09d4e9d4708bf478bcf5fb8c9cbd56eb73a
SHA512ceb846cbffe66388e06449ca58ed50dcb571d45f8d8b062e3d4d7703dbb87fc3d67bdf42a973704f00c8aad1910381e822f7ccfe0ce6bf20883aa008b7263b49
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5769639269c2422bf8536176c87fca1ed
SHA11cdb88c2d2b572dee936ef13582f3514da20395f
SHA256fd3f86422eae7eb30431fedca2e7fb0b8d6c55572669d003aa681415f42d103b
SHA51244ce3e15ac00ceb68c229602f4bd712e7bfcfb5a4af23e0517a0ab6088685dd2884701e3a40ee42485fc8f0bd3757dc3cec15c98e973caad6aff09e0a3c95a79
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5a932f55b46a589e49e95c8454e447862
SHA198eb10bdd6fa1d3041519b96022d3e272d6a636e
SHA256e4d5e19039fe7b8aee2825c3876e522813ec19a17b9b100e01b1378ecfb211f8
SHA512aec32840499030282a0db8ccff827284f3a3bfb31bd10b13452fe720f6c745f0ad1520a2fed9aced7d970f068e9c3193c6f98746e35c20f99366c240562f8016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD57faaf81177d68ef6b00c6b1544eac449
SHA17fc50507503e6cef2065dc4d8a3733df17b2639f
SHA256076250e75a3c75f2fcf3eef34a599c6da912540583ab594832b16797a99d05fd
SHA512fa59918c688c7719949eb6bcb683146639607354ea448ca780520d15df6ce669bbda6482709c8f27a1c5713482fa7a7426280f199971b126cab8476d181360a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50e6c795bfcfbb59a7bca53d3786bc699
SHA162445754d6b3d4dd493fbfeb6d14152d1ac5c5a3
SHA256ac557b632a187d2048779931d3a326aac6236a0de773e750ebeefe8932a39187
SHA5120edb685b573e7140e56e405d87ace704e21020309e436748b5a38042cabe3a03bf3c887290171485ba801fb2a872c561c53d774ac40a9d5d23142a72da55483d