Resubmissions
04-08-2024 17:05
240804-vlttaazgkl 304-08-2024 17:02
240804-vj61tszfqq 304-08-2024 17:01
240804-vjteqszfpp 304-08-2024 16:57
240804-vghkfszeqq 3Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04-08-2024 16:57
Static task
static1
Behavioral task
behavioral1
Sample
MouseJiggler.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
MouseJiggler.exe
Resource
win10v2004-20240802-en
General
-
Target
MouseJiggler.exe
-
Size
983KB
-
MD5
27164f23585f4f1e5f63212c39c5a2cf
-
SHA1
01cf73eac1b234c0cb1cb74ac1d7d9cf410c5b16
-
SHA256
1ce344ef37998f2d2bdd6abcb121a08ef17f02ccfdc601f2da9bef6d02b00f7e
-
SHA512
0b664fce3b180f45b25e989986893ec05a7ed549c054a1be83b9bb66ba7d05a14d19866c3cd77f8ec893dd6416c2d916b7e833edc5cc71f99fa0857a1609b886
-
SSDEEP
12288:MeLDpZQ29k9tT6YY4u0dgZHxF+Ix8/Bc0ZireYeCs/l+QWBWqO9dY95p:9DHp9ky4xg/UBc0MeYeCs/l+QGAdOT
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{1E16C800-A687-4006-9486-E731AB3D9B91} msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 4424 msedge.exe 4424 msedge.exe 4072 msedge.exe 4072 msedge.exe 1780 msedge.exe 1780 msedge.exe 4532 identity_helper.exe 4532 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe 4072 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4072 wrote to memory of 548 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 548 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2428 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 4424 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 4424 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe PID 4072 wrote to memory of 2244 4072 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MouseJiggler.exe"C:\Users\Admin\AppData\Local\Temp\MouseJiggler.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9000246f8,0x7ff900024708,0x7ff9000247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5048 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5268 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6830428692504310226,6067097693409805853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x150 0x4c81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009Filesize
1.2MB
MD5027a77a637cb439865b2008d68867e99
SHA1ba448ff5be0d69dbe0889237693371f4f0a2425e
SHA2566f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd
SHA51266f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5294688f3877a4ccd0bd5c405a2df6297
SHA100af64741929a5f7496c31d585e69abb7a71ac25
SHA256690f16e0d92ca61ebc96a495eef612ad3e60f5beed4213e18182060a48622ac3
SHA512068bea6fbbc120db92e3d25fde02428eb4ba240997f7718c9fc9b331f6088e1ad4a2a1adb3f20d1a1e52a9368d318179ec6c2f0d00902ee0f03712898e009821
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5143685617bffc463ff2cb2a66a51bc86
SHA1657cc8c8212a5f97c34dea22e8ec3562b06c33a9
SHA2563b3128224bfcffa82fc28253981a15e3047b58bf7fa9e4c50b0afc6ef68dcfe5
SHA5124785a367bde3f3e0969c47411713997bac409f7592c24ee8be311e4e82ebabfefd1ed49fdff365f8f40582a458110a06ae295eb690af8720e7cae25af5771e54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b379c878e33cb7762f0d69c55e254dcd
SHA1184ef205a15c3e888af573befa074f60cea987e5
SHA256e7dcf094679296434d6471fa06b72f7b0218bea76edf9a50f04b73238e6e13dd
SHA512ea93b381cc894f6ce341aa18ef09b07f15af2b617f848b83533e7759832d34fd2920eee651293ff61e75e9f82bc4e8b77a710f1eb2a23ba76d75c808c931d574
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD57919b37f59214219b636ee89a36dfd8c
SHA18ce8e1a08fd6198b2ce79d7e25c3ae0e6b85fbe7
SHA2567a63f2595cf7c000e9617ffa6a99778d7f58628ab59a3c61489728412f75f871
SHA512a91448f252cfd28e9b09172d2a2aca43fa0e7669d8599e48515729ea6e05ad74ab02e769551c4b5f3f9336d6add5ec64bea4529dcf5b0d9370061c2791030182
-
\??\pipe\LOCAL\crashpad_4072_FZNSQNEANDCUSWSBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e