Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 23:56
Static task
static1
Behavioral task
behavioral1
Sample
69111d95f9d8ea565c6c92637237b370_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
69111d95f9d8ea565c6c92637237b370_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
69111d95f9d8ea565c6c92637237b370_JaffaCakes118.html
-
Size
249KB
-
MD5
69111d95f9d8ea565c6c92637237b370
-
SHA1
c4ff39a8c65a2d83692526ce07580fefca3369ff
-
SHA256
a3733c75c79615e47631c392bafe09dd97f86e2a9ae33d2117109ded538fb3ba
-
SHA512
a18659e644d4c67b0b888198038b8c9fdfa1efa25bfdca6afa6e6787c5d95283194596a43fea17c9c170eee69a8e20d16263cf9862d54c58ece1531aba284942
-
SSDEEP
3072:2fICFf+AwlxVg7L5HdFnQ3Fnkz7QFzQ/FX/9KbDGaPplaV:2PFf+AwlxVg7L59FnQ3FnkzUFzQ/FL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 4876 msedge.exe 4876 msedge.exe 2984 msedge.exe 2984 msedge.exe 1160 msedge.exe 1160 msedge.exe 1160 msedge.exe 1160 msedge.exe 4476 identity_helper.exe 4476 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe 2984 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2984 wrote to memory of 4248 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 4248 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1636 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 4876 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 4876 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe PID 2984 wrote to memory of 1400 2984 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69111d95f9d8ea565c6c92637237b370_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd1d746f8,0x7ffbd1d74708,0x7ffbd1d747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2800 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15AFilesize
893B
MD5d4ae187b4574036c2d76b6df8a8c1a30
SHA1b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA5121f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506Filesize
330B
MD5e00edf98082577153b8950d426746c6e
SHA11eb99834898e00c94ec38b63a4b4d71827dff30e
SHA256010d248c431ba0ec58772807ef2b0712bd850fe59bed78da57f3e9e331f0b7ce
SHA5120241f5b0ced317fae70ef64c835d0696c7cc279633a71fbe125d296f866a7f4e9061e253d5963ec4576a54e38112c28a392b0ae0115191ee31af442e667c01c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506Filesize
330B
MD5f2979867b8b381e9dacb846e24476e48
SHA1b20d33321e3e2a2f96bd9b3ad66a5631ad84afc0
SHA2567ea82e3b025d42d002415ca29e1ef56346430f8f6bd5219d1c1185fed09c8c05
SHA512cd1de5b3dd2985ee5cee0b22312811d770746f1d00ed99e2bfbf17ec91c9d887de11cf00d29e718f2c686544b0387b5f604452445b8869e147daba36dc166026
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15AFilesize
252B
MD5fa53971dab1db1042b4cb8e103a81c93
SHA12888fdb918461fda6efb91b0ce0bb6e2f2f6ed8c
SHA256a2e1c08ffcd0f318ae016f4f424c281c5e788164bb3653abc112038c1f90e44f
SHA512de50b519ecbe12e033eb55a092128520b1f82c1588b8525f3955de72dd2e96910f30a6cee3e43273befe8ae16e6256f643fcc74f90a6f48ad7556a69530c80f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
882B
MD578d8c34ae888ee7ab9806d181be67c1d
SHA128be394841f95834bce3bf556ece46860343a239
SHA25699f1f9d9253b053f3017107796472c352ab2226edb32101bace954040bd5f08b
SHA512b7ce6d30f6a778c9ae1a412cee884202f18dd00377e24f53c57386295fb0b7b162f0dcc19c48e113f04bf54249556177928e8abe694b635ce0275468fa3427f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5e24b7295604caa6555a55d5396c4895e
SHA1f2d33b51115bbeaa65216194f1dcaae472764db5
SHA25683b4c599900743786d1da9148c08b86e613a8a171e6afeb9fe7abb4f21a0db83
SHA512cf23002d2ee67a330d25f4a76d15d19f36fe9b19fe2c8693b89e0cbb3f00e16e011521d079c5a24de7cf6074a032a9897129a30abf920250cbf8334f77935d75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d31c32c33b696ced7ebc4a94779f9c54
SHA1724f577978ac90d8a82a91778a2f7e35dbfe729c
SHA2564ccd477a135476161444e58de88cc5906c7be9de1ac1a17d377cddec5f5f68b1
SHA512255a025a378afcaf2422279d73291035835a91c96ceab147326aa2563ff000e7a2d942348126058170bf16b5b8291d6db59eaee4a41b5c4f0c63e95732101790
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD500e0ba876f09349bc5dc2de1c9a4763e
SHA105b3a6d8bb9d18b0e905f6ff64e869f9b2e00be7
SHA256307ec53559e99520c8ba8c2023c1317b56a775720d4e085546d35b6c1c3b5176
SHA512a5bdf2aecfd3df7df4ab48b5a1aca909e12ced656f87066fa8ccb8e83d2766b097fc79cb70454c5cc89228d90e57bfc051b4e3bb72eb1994317e2bc0c892db0a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD54ce01fa8c28328964cbfa478ee88333b
SHA1f0fc1a38b09ad195f46556b81a5dbe67c236060d
SHA256e8225243ce336cd5f71d9ecbc5b1272e46325af989d0a52933d83ced02a19e4b
SHA51263a2beeb1b119ed3845ee429cc85f2a2471973e50911901b4d6e55c7d07a6aa10e509fba7858f6c1cd6b6f8d1e0ef085a0010df34dca6dc0faee82ca7254ce7c
-
\??\pipe\LOCAL\crashpad_2984_WLWEZONAPZDZYJTRMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e