Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 01:09
Static task
static1
Behavioral task
behavioral1
Sample
693e8da3970c1dc13dc6b1e103e9d3fb_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
693e8da3970c1dc13dc6b1e103e9d3fb_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
693e8da3970c1dc13dc6b1e103e9d3fb_JaffaCakes118.html
-
Size
203KB
-
MD5
693e8da3970c1dc13dc6b1e103e9d3fb
-
SHA1
7d160e5594a5433e7753de06372ea3a55943a81d
-
SHA256
39f9e9cdc2b1da001e5303423e6740a0f93835222556c4d68c4e0760dfde91b1
-
SHA512
b7e46deb9a99a418ff3ae60079c49f283f518acaf08d12695950a3a5e0ead3d1c1d584ef6656377c2d5bd1dbc72fdf6629a795ac1ecc792c5e17753d407c1ed7
-
SSDEEP
3072:qfmF5sDExOVdV+UYN1aQEhi7kjcHXxQRVuSb+Jc/094uI8cffDX:Z530DH6NEQwjcHXxQRVufJc/0944kfDX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 2264 msedge.exe 2264 msedge.exe 836 msedge.exe 836 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 3820 msedge.exe 2480 identity_helper.exe 2480 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe 836 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 836 wrote to memory of 3332 836 msedge.exe msedge.exe PID 836 wrote to memory of 3332 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2728 836 msedge.exe msedge.exe PID 836 wrote to memory of 2264 836 msedge.exe msedge.exe PID 836 wrote to memory of 2264 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe PID 836 wrote to memory of 984 836 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\693e8da3970c1dc13dc6b1e103e9d3fb_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD565a6f94564d47329ee829f0f83e96824
SHA150e134928cfc8209cb0c2f742884c2fed81be82c
SHA2560f34fcd3ab2fd1b52f1c853964d86f232bb1c4be05cd6a6b01a29ea67971b12b
SHA5120f94ca603aab13ee58932a729a9465cb7f6ca2c06edb71a6937b49917d2f2a5c1720e3a78a35f1f6c24fe6e4f98521a9656ad313390ff2799face1f88ba7aa81
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD58c7e62e5b422926cacb1f602a748946d
SHA1a55d40dfb649e8d50b8e1f2792fc647e151b06c1
SHA25654af139255035f94507169e576b4ff2b823d9e175a4efb675c98e0fa5a7e5b46
SHA512eed0044c9d3b0ce2dd1e6366fde5c3878b41c20f915a6cff39e1947f8f84ed4a6b5ba9d120eb99f70348bdb3a434bdbd992e3aadc4d779fe7b002de1f4e4194e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD57011a3469af3d5790819eb93e958d35c
SHA1f5c1eae3e9c7a13415b8fd69acdb9a6e01c75c7c
SHA2569f961ed7b6cb92b4589618e0be8748a6c1fda59c9cb6fc1695143c9383fa6545
SHA5123771506880d56ec841e0cb7d5f39637cfb6f53badf773c1029ccd3d1032e753433a82cc28c090d8e89f33e3b968a6e84b1c394795404b8bf007fbee27571df4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55f9d78dc4812fe4dbf1f063a3d9e0062
SHA1fc7ce6ed08aedaaa929e8e84f002167deaec8f03
SHA25658f1bfcee2cd358086ef97879f52268f539c75b5da5cc9c69e00452c77d1db2d
SHA5121d691067be7f4a06ecc17c387aff51c50584d0fd2512e11b973bdea11ace5cbddd0ffe67d27c23a811669f5fd9c8eae1503b9515f8d8ff2fd9fb84f9dce3060c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD59f1cfc11869223441c44c68ffb51d9fe
SHA16719e5bbd8416455e8a2068786ada22ceca23c21
SHA256a3acffab2ced9d137784ca6c0f6a77dccc162108ff258f6d5c248d21374c7e18
SHA51285ee284ad7053d2dab561166a8bc2e0597e8f52f5e9b81d9d9f2b5be9d702cccf8189b165a42ba91432d98f6869b8989fd9c753a0c9a0c6f2cc9393e736e56d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bbfd.TMPFilesize
707B
MD5da9ea70e653852ae931297a4c5c86d08
SHA19063fb2658b9e256da87b8c2cf9cd5fa53418758
SHA2564c46b5bba3c989773176cfad6e609235e56df21e1f8e14c13dd4ff8208c5a525
SHA51220dec5e2a1ebc9e7c2a8ddfbf9f5f60ae696dd1b0e91cec71b18ee57f2a467d23a8662a407ec06c2be67be55a71b30d9f7be9f401f4c833b4d4ea223fbb6da77
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5bf9f4aef73f1f1d26b8f366e48476389
SHA1819725ff58cc4d93c73e9085abe5cbc8db1e1284
SHA256605636a2446cbc14bdd93d2dcaa793ab7056ddb6ce2227a71e9893ced506748f
SHA512347d6c9971a49650e1743ad0ae56a9d7e99fbafb22b735995fa1218e1bdda40272f03532c6d6ca3094a18e59742617c37c3a41252fb29054a5a3c20bcb8d2b4f
-
\??\pipe\LOCAL\crashpad_836_CCJWJCJOGGLSGFPTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e