Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 01:21
Static task
static1
Behavioral task
behavioral1
Sample
6580d6329c7dbe080cce0f12e35d2ea8_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6580d6329c7dbe080cce0f12e35d2ea8_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
6580d6329c7dbe080cce0f12e35d2ea8_JaffaCakes118.html
-
Size
52KB
-
MD5
6580d6329c7dbe080cce0f12e35d2ea8
-
SHA1
34a79a29ecd8ec23337cb6f173a1af5c4ff01dc3
-
SHA256
aa64dd49c3b6e0a1e42b2f54b99391c2d94cdca09150800525b0cd2273dab6c7
-
SHA512
fbe3f5244eb09cbcf2c0a8304164e642c535a86c1d067477fc6a5530b29a85abd9e6d78f28e660645d3c85255949dadfe19d8550c179fdf719ea34ae0627052b
-
SSDEEP
1536:M746+MYPBnElVvUSjM3Ebxva6OeD7L3crPdXyMCzYusF9VZLBZ4ODy7yibWb4b3I:C46+MYPBnELvA/jLCzYusjAODy7yibWL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3452 msedge.exe 3452 msedge.exe 2224 msedge.exe 2224 msedge.exe 4804 identity_helper.exe 4804 identity_helper.exe 5136 msedge.exe 5136 msedge.exe 5136 msedge.exe 5136 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2224 wrote to memory of 1872 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1872 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 1516 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 3452 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 3452 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe PID 2224 wrote to memory of 556 2224 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6580d6329c7dbe080cce0f12e35d2ea8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6ed746f8,0x7ffe6ed74708,0x7ffe6ed747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3964660838395607359,11483891444381027749,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506Filesize
330B
MD57d865bb3d48a736b72411434240eb942
SHA1c8ff7d641d1a4db0878d54a759a24d87463b8d2a
SHA25664bf9d17a1411d355200bb6e34a4e22a744d72f388f896af8080235126592296
SHA51220323589c6bec330490ebccb640446cf64c3a354789f20b7e8fe32021131dcfdb168b29041be01c1d041f0963a8dee6a73ecc559e74529045d01cdefb749e43a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506Filesize
330B
MD528a32df3f20e6c08f911c1ea94b8c15c
SHA1ec7f4cfeb4551c6af378e855ce81a42b83e5efa3
SHA2564327daada90f455ab5ff16704ddf078bf9dc2bdcf16dcd984de04ab6b3786535
SHA51270818976acaa55ef46386eaede33b02a4ae52b2624bd5198e3a76c54b5bc32a48499ed01956d54e385ddd7670a90eaea545aa177565a8bde19414724f9d2f5b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\256ae3f3-e751-4c7c-84a5-dc4beb36aeae.tmpFilesize
5KB
MD57c43e1c73494bfd07689c299f3d720a2
SHA168d959f27db59d314912142c053c536e9663e161
SHA256ab72025da87d8a02486a07fb938eb3b7f7703db9c7b888670ef8939645aafa16
SHA512b058ca6bd65ba33ff0c7f86f93d3e443290c26b6817ddc2996a4bcab464905699f52b68cb286819ee4945ab24d57ef028ad15557a884eff84f48f9304ebe0bb6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
781B
MD5ea22311f0cc012ca137c8da0b749dac2
SHA1202a660ec2cd45f4cc0d70828e349c4ec3357b90
SHA25680ee41143fe2399c6ad59e15920e4817e37a6153c20ffa2e417d88872b587a43
SHA512b508a31a128f55ce09d28646d2a21bb1fdae64754f2660bb543cf6da65a39cb65345287bf0fc5920bbcfaaf629d216505379ad08b12b7acf2e6cfb8677ea173d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d5ed57fdf39fd4287ec2385d34f980b3
SHA19e047e0767f89042df6457b3a6ec8b80a7c3fdab
SHA2564b48f058370d248d23a4ead390feafb4a6b52e609bc2964f6121c517d414512f
SHA51233145b7b93fc85810e50426aa0bf5f893f56ae89abb627a926589eedeed5d72c3d041c48acb77c4a8ccbd5ff1dd7c0250b5caa525e4551f5897691ce8bd11c68
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5dcc9b152a24f8382518a17bb04f92f9f
SHA12c87be01a19cc6bbedc1327c64c4a19676156326
SHA256e72cff8d5d81ba9b78f558defb92eda5f1f7835ea92e4ef952053d23f904db63
SHA5124ebd09ef98cef5426223f7641fee09aa607ff59a0f9f19b669517ca76098b449ea89db5c700b8319a62b2ae443b1960d84dbb12d410a7a0a8c702aad69d4ed36
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ba18.TMPFilesize
704B
MD5bee2ee320e7696f4ec6aabe5ce343521
SHA1fdcec403be3131c4a57e1538c19fde0206673236
SHA2569ce6b347783d3959ce8f5d71b873b740906f9cf52e14697dc5277b3dfe99168f
SHA512167d2f0f64dc71c2b59e095492ee785fa20a1ac48023ef522b032d5e256a44ca5c5486f659e5cbad53525707ec7bcd43bdf197114406fc866e01c86f0958f577
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5cff19db05b6408da93ea62d25063b345
SHA1a17d181fae076c31c7a2511a9cc13ef93774aab6
SHA256166784f08d57b4461348103b6abf89dda46e4cbb165a12d67ece9946e1be58bc
SHA512b90aed59de748c26bfc640278f0e841d40fdc34e649ce2c144ea0829785fd6a8f5cff9ef1cf5c6a5bf0e956c276ef858d2dc86893213c07710193d4ab9066531
-
\??\pipe\LOCAL\crashpad_2224_DUOCVMEGWBYXQYIHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e