Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 03:40
Static task
static1
Behavioral task
behavioral1
Sample
65e1ed65d8756a2a09072239b6c0d010_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
65e1ed65d8756a2a09072239b6c0d010_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
65e1ed65d8756a2a09072239b6c0d010_JaffaCakes118.html
-
Size
175KB
-
MD5
65e1ed65d8756a2a09072239b6c0d010
-
SHA1
68f7e85f904031cf3cacac6a015998d1118072b1
-
SHA256
1618a98aad70f7d7be9001ecf13c7b4735d4426f95aebec64f882ee32806fecb
-
SHA512
bb969f2cace657919f567dd179cef9ab4818602f3ad64392c8f2bfe79e554b5e28a05677a8a948e60c55894517422cee298c5cd8a79887966e1fc6e3f6bd8745
-
SSDEEP
1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3CGNkFvYfBCJis/+aeTH+WK/Lf1/hmnVSV:SOoT3C/FOBCJirm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 856 msedge.exe 856 msedge.exe 5116 msedge.exe 5116 msedge.exe 4292 identity_helper.exe 4292 identity_helper.exe 5992 msedge.exe 5992 msedge.exe 5992 msedge.exe 5992 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 5116 wrote to memory of 1860 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 1860 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 4968 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 856 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 856 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe PID 5116 wrote to memory of 3092 5116 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65e1ed65d8756a2a09072239b6c0d010_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2e0646f8,0x7ffb2e064708,0x7ffb2e0647182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2892 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
360B
MD5f1f795fb01110e6aa650b63722d85e4d
SHA11e23eb43533e63df649d89f01704957c477609ef
SHA256b27a317f2e806c7237aa9bf98c4863164082929899706be896037ffb7de96741
SHA512205844cd65777e4af5992ab3f0d75fefc3a6c2f92565b842cf1d28b17c7cc9bcd8d82e96976c9a6182549a95855e4b039b2bd65f5ccb9341a3bc168a5fa0856c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5f04db01a7b0a823e51bb9e90408ae552
SHA14f40c45ef6f9233d7c6221093a5e69268c34cf85
SHA256718d8dc4bb12d581d9dfd44a85c07c90b69e8d3989f21ef0a911e07b8c027b57
SHA51228c3ca3472c0c75ea2750506cb0ea15c5934ae443e07c4bcf1b321706b68d7b518966d50ee2171e66132393c86affebbe8ade1b2583efc0b53f5217d4efd9207
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5ac88da16061dc0979bacbf3891661fac
SHA168bfabb997a6a4eb56ac39c6df56762770306ca7
SHA25638c0963de438d75d254e49859aa1b8a3462a4d68628244ef005c2e034a2fd21d
SHA512ab845126d0adeee8e9e05b48808b1172a0b1ea247033ed33a12310c4a6ae3bb489566d80ef7c752973ebef494fd3e1d202b38fa2fd5de3dec50d4bbcc5b8f9e6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD547223ecf31b15d1ee4bbb1f3c9d3dd46
SHA145ccc5dfb96ca5d665645b7ace547aad83c67a9f
SHA256c815342d917c4bcf6e6ca55bd8b8c1d0a2e966fbcdb5776ae924e36e57e72c72
SHA51207ae6855dba0ca71b6856ef8b654c35b5c6c22cd90d601720a725753b6caadd761fed4cd79d1c69c5520a12c1495bb5d39004b0dddecd31d9a195c23cb2ff81a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5862a528ccbd3b97c55cbdda3f31ffda5
SHA10577fc4622f6269a14dd135c0818a73060061111
SHA256210ed3336a59d90678c7e5a728ba1a13ecef1fa09f2f813c8c451d44f71912b4
SHA5122d2da59f634ab3667c190c870b97eeac6b3cee82c81487a1962f1df4fa1f1c302dd7cc2f0e9f0dd94e52b7df829283c66477eaa0eb503ee73fdbf99837686e1e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5e4fdccf486f99377500c6a0e8a472bce
SHA10c86d5a7625605bec2778f524f4fe989eb3f5ccd
SHA25699ccd54f5b068f6861a47f48609880e10497f806f8155c4829e7e87d7e49ed12
SHA512bf1e896f6eeab65cf8644c4c7bf47805d28a861e0bc62e2663e960f68e5d46bf3560dcc721bb53ffa134f4996489964093f2b4c29fb6741c286aea8ee1fd000d
-
\??\pipe\LOCAL\crashpad_5116_SZIUCFIGTMCDAATWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e