Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 18:21
Static task
static1
Behavioral task
behavioral1
Sample
6bd9238775da3e4014f3128ecafba08d_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6bd9238775da3e4014f3128ecafba08d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6bd9238775da3e4014f3128ecafba08d_JaffaCakes118.html
-
Size
54KB
-
MD5
6bd9238775da3e4014f3128ecafba08d
-
SHA1
a2f64f60786a4cfa7d339000c02aad24a1eb43cb
-
SHA256
1e810670d1ea29bc648e5a31316a42ff7fc6f334a0b634aa69f9b8788c5721e2
-
SHA512
301b0eb75c2c758a8a6500eb54217de929fb6a36c29aadaf11ff9f11387ebc2aafbb182cc6dba5da03c6c8faa56518c11f57459809b02f794aa8a3ac174983f6
-
SSDEEP
1536:cTZSON6FlXPkY3eJjTFSwV4ke7c0BfhZlLDglVv3:4ZSOHY3eJjTYfw0BfhZlLDglVv3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4492 msedge.exe 4492 msedge.exe 4940 msedge.exe 4940 msedge.exe 2804 identity_helper.exe 2804 identity_helper.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe 5104 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe 4940 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4940 wrote to memory of 1412 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 1412 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4476 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4492 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 4492 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe PID 4940 wrote to memory of 3688 4940 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6bd9238775da3e4014f3128ecafba08d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa54ff46f8,0x7ffa54ff4708,0x7ffa54ff47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14522396493621096779,10325785911906868668,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2920 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD5b757702b2918db3f4c33c35118184b03
SHA1b1676c4f249168e1fbf0eea481095df5a082e51f
SHA256dd06420efda274e8a3a558f5a480eb84d4014010eb6b7256fed0ae3f27745266
SHA512376f231fcc14ecbc1f6ad44633f0a7dbf414c63acb9272994a952d35d401870dad44ebfbe05fe149a265155ff5244568d69589c91b7158e200ff4ca0331817f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5cc0a9de4133893f7006eff00cbb55ca0
SHA16df71896243868b1f0f5d4ca115110626747333b
SHA2566ce4e90f328e7f4fb33902d1c4d228fc77682957cb8e1aca4a28fbf913acce0c
SHA512078290460404f9ea6c34b6916950726ed45d21d44bb1af1f03a4494b7de7c3f2cce12f6bbf03695c0cc192536ab3c6701a79c762872cc06800e8953c921ca6a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD52fa0bcf2497dadadffba1c36bdb166b5
SHA1bd8d4e0668364a4319324e5251127431545fdc7e
SHA25640b11880a8bc9108c216b415930f3b6214432c4916138e559174efd7c86a2d8a
SHA512f7f90e424d6cfbaac16e0ccef59ffc876aad21aa9efd9e5de59bdee62b765fc05cdc7d84da6a124baf660a13d30f9a10647de308f7e9aa731407a3a6e7740655
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD586579f32bc65a575f6cdfff20198501e
SHA1822e61acc2e219b1fc5ba92bae93ee0e527edbcb
SHA256c84566299a8c9199efaf9d44fed5cee0de1e2ee6a09299e25dc5aed5b55f4692
SHA512aa3cf3b580c923de3dfc2fbe46b4a3641383d63f232c579af1d9978d73727fb9cef5ecaddcfb9ccc651c779aa981ea6869dbcedb3c794278f6eb245ffe78b5ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51e9f32b85de9bf7251fbeb18f72f3667
SHA17b019c86039eda4e54110f29f74ccb3c8154ad4f
SHA256b037f2f43a8c4396bd796c36f9831d3a3a03d5564c6fcec508ca164083129a6d
SHA51264b5f974fd8d7489032a8a08228ab6f8b9df70990d07df8b793121a92ed1bb9cc76b3190bfd64c1b1d1e8afdfddb55ff419a52f621e8d8627c3e3e09acebfb99
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD55a39ec8645b3b358f14e62a5bad262b8
SHA148db5bf523c48072ab993868c496c0ed2149f9e8
SHA2566c09191c8969b4431225eca7a282df4dcae612fb70fc67e08b42aba2fad18735
SHA5125987f94f8155a8dea616857d57793452a3820cff825a08345fe53f1b8ebbf4fdefd4e7897f9bee68b2585960b4715195ec03774db38f6c2bee7a1a896334877c
-
\??\pipe\LOCAL\crashpad_4940_IIZOWULBLNWHGETSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e