Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 02:32
Static task
static1
Behavioral task
behavioral1
Sample
69755c83b5d42919b08c8df92a4a350a_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
69755c83b5d42919b08c8df92a4a350a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
69755c83b5d42919b08c8df92a4a350a_JaffaCakes118.html
-
Size
175KB
-
MD5
69755c83b5d42919b08c8df92a4a350a
-
SHA1
c601e080e462b008af27da4ac413c466f6626084
-
SHA256
39368f04d165680a7df908369096f8417525a7ddbf731b2270aaa618ebaa72b1
-
SHA512
f81a223969ff4cdf1ec3677a577f98d2985ce75ffc5698f48b3d0182ee0758e5bbc285617275fe136f46eb90590f2259f22d3d9e0038caf22228491da89f33e2
-
SSDEEP
1536:SqtH8gd8Wu8pI8Cd8hd8dQgbH//WoS3fGNkFIYfBCJiZX+aeTH+WK/Lf1/hpnVSV:S9CT3f/FtBCJimB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5232 msedge.exe 5232 msedge.exe 2688 msedge.exe 2688 msedge.exe 1292 identity_helper.exe 1292 identity_helper.exe 5656 msedge.exe 5656 msedge.exe 5656 msedge.exe 5656 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe 2688 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2688 wrote to memory of 448 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 448 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5968 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5232 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 5232 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe PID 2688 wrote to memory of 1108 2688 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69755c83b5d42919b08c8df92a4a350a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa688b46f8,0x7ffa688b4708,0x7ffa688b47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
336B
MD577bdd67b8264a6ce863a4f687dff3f0f
SHA1fddbd329d5e0b1711cb7f820194c306417feefca
SHA2562ee5c13d9ac9fc4f86fd2cb2bbe852b9d627921b23736e4b484e9c0e61703a06
SHA51276226ca50c277d1f238fa2e22ef37ec81b0440af1bc1f4f8889f4f2d232f0b3f10fbb88c572ac669adc319233c5d5c0680cee4745b3a2d3dabfd6b264420a8b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD570e21382716844fb0d381a900eb916f0
SHA1e7904abfc5c5a28b585974b539a3f67bb5d1ec77
SHA2562f37b80a3db8d2bf19c5308a47c11589de7eb9ca20f1d8111975304deb210a55
SHA512e5c0f586f4b0534bee9312c2c0e6721fe472221d6230862a4479f59f8718aa6c8e58189b06963d7e5329ff0623f3b330c19483d88364f5e7d7e32892b3685cc9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD54652df1ed2ceef383426463a1e769053
SHA1e557aa627a96501fceb025dde61e60f3f29e4cb4
SHA256c894672aec7d664d324bd77adeac159b0df1a2eac438a358ab296bf8f93c7518
SHA51289cb7cbd6c2039277a1ba387919b0a03b95f51514085b2c95f131eaead0b6649459ae9c12c20ef92efab014f237ef67a57b049faaa463547439148d87a820291
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5ea9c4f026bea5bf2fa7e6dc2df62a52a
SHA1c1a42ce9e2a17e371ae47077a3f454633ab2c8ee
SHA256564c123e427ea7e22950cc5ca9ddaeab01d8459af2df6a9cfdce83f3c407e7b3
SHA512e9100c79c339ab461fa9f1ff0055feeb03934d876c53818497d4b05b5b29df7232df806b00f4aa05e2297c03b96b0a1552f8c03aae7e1bf64d69f973b645e7cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5489c87aa51b8c080ed546d6a8ca335a4
SHA1ada9cd14c305e264e162c96e8f2e40ac0e3a8f10
SHA25650a91b7576842f208442343ec2b4452c88be47230c55c45d6f2accd42022da2f
SHA5123a180e500354a95b3417cad4396a92ac6a812ae6c3cc4f18a60c1f2dfefade0f594269d8ab8921279aaff2fa3a9531ed9b079a6a3f3603242a328c416c189a35
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD564e5e74b23d1a2b334d2e664f8391ec7
SHA152402587ce9b62cde029a16b879756118c61a56a
SHA256bb6e1e451533c7d804c719301beb982d4346ec12eb5bc84612f68ee324f5bcb5
SHA512a76acdbe4e6fa1b599cccc703599efdbfece934d82f85797a188d23f93834bbfbd7a4fafafeb4215cd318e6e85a7c8dee6badf87488006b7a976ef87587b04e3
-
\??\pipe\LOCAL\crashpad_2688_OZPYFKDQCHEEXRUAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e