Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 12:12

General

  • Target

    2f0866f12f8f456ad4eaeac60b3bc62d_JaffaCakes118.html

  • Size

    82KB

  • MD5

    2f0866f12f8f456ad4eaeac60b3bc62d

  • SHA1

    1a1d506fa5e19e0d9a4632dac588fb7e2168770d

  • SHA256

    7b42fb5060cac55b4ad023230b0c1c4af36d0136d90a5bc3adaa63af10615175

  • SHA512

    4d86695ed736d1e4002168429aa7a63b765ea807b3ebaf6251d9ebc172a0bdf5df161dddba6078d011073c0e888257af6713fd0e8923b4b6844117087d33f1fe

  • SSDEEP

    1536:FMk5hP2zRqpyqHqzApk/89rCX7CesY8seatMmSOlYW5D:FX5NyRqJHWAak9rCX7CeiseatMpQYMD

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f0866f12f8f456ad4eaeac60b3bc62d_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85d2746f8,0x7ff85d274708,0x7ff85d274718
      2⤵
        PID:1196
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
        2⤵
          PID:2088
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1388
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
          2⤵
            PID:676
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
            2⤵
              PID:4320
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
              2⤵
                PID:4992
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                2⤵
                  PID:3652
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
                  2⤵
                    PID:2888
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
                    2⤵
                      PID:4064
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                      2⤵
                        PID:3352
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                        2⤵
                          PID:1096
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
                          2⤵
                            PID:2428
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2356
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                            2⤵
                              PID:1120
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
                              2⤵
                                PID:4164
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                                2⤵
                                  PID:2716
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
                                  2⤵
                                    PID:4416
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5436 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3428
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4684
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4672

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      4b4f91fa1b362ba5341ecb2836438dea

                                      SHA1

                                      9561f5aabed742404d455da735259a2c6781fa07

                                      SHA256

                                      d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

                                      SHA512

                                      fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      eaa3db555ab5bc0cb364826204aad3f0

                                      SHA1

                                      a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

                                      SHA256

                                      ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

                                      SHA512

                                      e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                      Filesize

                                      20KB

                                      MD5

                                      397383c90a2d930f866f405747e27466

                                      SHA1

                                      7bb6b5d6cee104c877dc5c3462f61232ffe5b360

                                      SHA256

                                      a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47

                                      SHA512

                                      4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

                                      Filesize

                                      22KB

                                      MD5

                                      5e74c6d871232d6fe5d88711ece1408b

                                      SHA1

                                      1a5d3ac31e833df4c091f14c94a2ecd1c6294875

                                      SHA256

                                      bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

                                      SHA512

                                      9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      168B

                                      MD5

                                      fb4f98eb1b4588f4a187b9ceffd452d8

                                      SHA1

                                      1bafa4c40dd8418da760ad6e7425fe4e144a0e3d

                                      SHA256

                                      33e1c14543eab69afda9b6460725a5a45de8c74152064b76ac8b74eb3f87e8a7

                                      SHA512

                                      eebb678137717d11cbd0fc5a513d2cb18bd12ac88334f34e980177e66fc73e1b01e3bcdac35d72ed1063b64e26291d67aa65048d8811370dbcbfb0204b8259db

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      192B

                                      MD5

                                      56611cdbacd18a708b97cc20dc924bd2

                                      SHA1

                                      3f667d07b4bd03a0697363fb9333013d4981fc56

                                      SHA256

                                      432146dfb9ccc5d2c4f88c6d601c2a02e0cca5bbb9309f3f5e266bec95c3c233

                                      SHA512

                                      6a9f71ab056ac662ea84dfd17b09db7404f460fec2e407cd9ec5ccf82624c9ea27134cfada4bb1c85d514d65808b1ff519856949482fe4b677b29a81f02199e8

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      07d724531cc05de73fa8d487604d8589

                                      SHA1

                                      ed8f19c210fd76fcbe39ce412313133587307bf6

                                      SHA256

                                      fba126a9d31726a0bd86dc25a17f078cf172b09effab0c19d003a213a811b2d4

                                      SHA512

                                      4157a54a9d65e1c3a5ebb184805e3a4376e65aa3fd34bf197540ae2c6175421538fa5c8608ac7124323ed0c35cbaaf685fe13445498bf152a10f5dda3b40d9e3

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      41670cb8b72bcbc5b821ac935cf15759

                                      SHA1

                                      f0ff42cc5c4d6d80270a1f07de43775a22ed9398

                                      SHA256

                                      9e5182ee722252ccd21a725143b94ea7629b9ebb1615179018db97a01f3588d9

                                      SHA512

                                      7a04f9acad0343d767b659a2da314a3ab26d27b4b41ab49784864b1b48801b2b877bd1b3f75b2610f9ae36e8589c2eb8c23ff511241f5b2ee70225ca94e04400

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      351560bbd426ce28739d5fafe21ecd19

                                      SHA1

                                      963d535aa6d41da6fbe84bb21f17917ae79e08eb

                                      SHA256

                                      17f11c51e085940f2f834af0b94b3cc89c05192413e2a1ad1731af464947ecf9

                                      SHA512

                                      0bc0c357074d2a41f22c5809e59a651ab81c3fd31592aa5349e74e5c06b4f325c5513b64528f613a3247cb4e41e1e15bf8b4f4cc08f2de1c821e47716be1fdcd

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      493e8c3877cad1778c5aed39ffe51907

                                      SHA1

                                      8e0aff693add3df9e5a70ba8fa63104e210d86f4

                                      SHA256

                                      732519f31df9f14c068f8c104d32b95cd0ddec424d243acb1cbf3cd771f307f9

                                      SHA512

                                      3ae7711c7079314dfe3a07ffc98caa1022704537ab32792bbc1bffe96e404d3ad6c8742d8fd11f2263d41e447de7db3556b080b9f0ec8d3d62b02363a1a51eee

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      bb99fd898f6421d1ff707df47d6251cc

                                      SHA1

                                      43ff2422fafbd4a4f5fc8c34d316a7300af29858

                                      SHA256

                                      d9224521e1da09ee5021fbe139261d422cee21c8ae06d84034683b4223b2bd9d

                                      SHA512

                                      c9f985cfd7a21f9d6d446219041927ed4fe523d2ae086e9e3a355dafb05b400fcd4d83ad7c65a7ef417489258f3cdc6956843431a53cc4d3488e0dda82f90bbb

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      8fc2c26c452a685821700dd5a9def980

                                      SHA1

                                      9c2656f02219cd35b3601cf27502efb9516b2212

                                      SHA256

                                      ee37d7ccf8b70d7098aee7079762e84664c9a8e1b150fb1a4926fc2387458be6

                                      SHA512

                                      7f409efd487527ddb30894b4c6271b057c99ba85db8951da5d2cb5d243192c59f56b589a8e4ef92fe67a57dede6cdf2f4d97ee0444001932dd492df417a941cf

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      370B

                                      MD5

                                      71c0dc7ecdbcd5b7205a009e63107c9d

                                      SHA1

                                      ddff74b73165b6544448ff692a343074ee604241

                                      SHA256

                                      ae06a6309411232cfb8ec73378ca9d2184978d71d95cd8415ead6c95d6901fad

                                      SHA512

                                      9296382bdfe1e750025a4012605dbe2d3997510e7d2fed35471fab7a42a9960d0d3c211fb612f01de8c82551f900b187dc21194526c40ed30d856ebeba28e5bc

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      370B

                                      MD5

                                      964e41b6dd0d4a509b4b48115ef997a4

                                      SHA1

                                      af6e79e1a78b5329f8bdd11e131145cd257c8c30

                                      SHA256

                                      7c3c593175c3398cd36e2002ff0f3246d91289ec6a0d0bcd9aebf92c8e247cf6

                                      SHA512

                                      de52fe0b43d53d3e40373baa367d7a4534514ee354e5a047dae1a70242ba206bb1fbe7dad56d3d7cc26692d2b10191d3c411a662bbc1e16615af4263ef771ee8

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d06f.TMP

                                      Filesize

                                      203B

                                      MD5

                                      dd5c78d57a4ea4a9db5bb713ce64d351

                                      SHA1

                                      32fa2768b640caecf3fad1ed4a87634d944fa815

                                      SHA256

                                      9fadb2f00c110c1754fbc2f4ed7c8df3fbadc56a6760e0279cb465585f40629a

                                      SHA512

                                      0df25672a72547296e4d30eb11d7a2a76c9a95b0cc135ac433a978f1cbb33ed326cb1edef42f478fe0f883c128df9255aef2dde1c2df24857b9d3c5194b186cb

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      11KB

                                      MD5

                                      f3b5eb79dc874c9b772b1182a0d3324d

                                      SHA1

                                      ea90a4ab62803221a7b4e80e26044387e398a6f3

                                      SHA256

                                      49b8d1c1bd9decbbe2623512a1e7c7ee9567650819bd787ed6b88c8429a0c76b

                                      SHA512

                                      c7715ab8acef97051d0622aee2883bfe117e9d3c6cb5a64bc9d82dadaba66578d86a1efe1102d7ee4dcb3ba5cac29fbcc472085bda82852b53425f15e4681572

                                    • \??\pipe\LOCAL\crashpad_840_XDMJXTWXSVCMQVCQ

                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e