Overview
overview
10Static
static
35ea3b72de6...18.exe
windows7-x64
105ea3b72de6...18.exe
windows10-2004-x64
7$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3FancyZoom.js
windows7-x64
3FancyZoom.js
windows10-2004-x64
3about.html
windows7-x64
1about.html
windows10-2004-x64
1blogid=321...4.html
windows7-x64
1blogid=321...4.html
windows10-2004-x64
1contact-us.js
windows7-x64
3contact-us.js
windows10-2004-x64
3de.html
windows7-x64
1de.html
windows10-2004-x64
1jquery.meanmenu.js
windows7-x64
3jquery.meanmenu.js
windows10-2004-x64
3uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 10:39
Static task
static1
Behavioral task
behavioral1
Sample
5ea3b72de6c5095693390b3199ce3bb0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5ea3b72de6c5095693390b3199ce3bb0_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
FancyZoom.js
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
FancyZoom.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
about.html
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
about.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
blogid=321536463764.html
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
blogid=321536463764.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
contact-us.js
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
contact-us.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
de.html
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
de.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
jquery.meanmenu.js
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
jquery.meanmenu.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
uninstall.exe
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
uninstall.exe
Resource
win10v2004-20240426-en
General
-
Target
de.html
-
Size
24KB
-
MD5
abce3b4a9941d130bb03ac8887d67b3b
-
SHA1
d620b463362c34056684999db12b2e6909cc68ee
-
SHA256
b78e03382bf79dbcda1a14c3af14a70973fab9dd39e1f60bcba45d01f6819e83
-
SHA512
035fbf096e11497b9a749361d0d0394cd2ac19234c78298ce54b51ebcc9ad18a991030a49144973e5e987923ff20fa3b16131c5cda9d147c43dd04530ca555cb
-
SSDEEP
384:Uyl3pt9zhen4kwXCpy7WycDMyfokoF7uYESuz0N+Ll3D+:UGt9zE4kGyyaycD3fovFddBNCT+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4144 msedge.exe 4144 msedge.exe 1428 msedge.exe 1428 msedge.exe 856 identity_helper.exe 856 identity_helper.exe 560 msedge.exe 560 msedge.exe 560 msedge.exe 560 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe 1428 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1428 wrote to memory of 1200 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1200 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1696 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 4144 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 4144 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe PID 1428 wrote to memory of 1720 1428 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb3b46f8,0x7ffbbb3b4708,0x7ffbbb3b47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,13230579046876962910,3244334831072820299,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\51cbdf56-750a-4d54-9b1c-65d0eedf6d5e.tmpFilesize
6KB
MD533512344e53c10b9cdd8fa3448e9deb1
SHA176844d0fe61244dd3db3bc81239d5f3649846582
SHA256b16ff0f42b1a4e07df3858704917aabcf3d058657fa3901abc1793017dac0550
SHA51208b0e05eaddd77a46013ecfeed10469ac66ba11d4e580906dcfcb7896234115ef83d1863169b9715a48a67a0e4543e1b0e4f7186230dd00ddbadec28faa4895c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
523B
MD5cd0a6fb96a3d730d3c33ed9a206794e8
SHA192b348537c4c74a0a96885a6d770227b3747152c
SHA2564e01c3795e5b356a264855bec72b5abd967c5172f895ebf90563a5dbb26b3094
SHA5127776d7a40fd50cb0623b49b58c4b3df116880b8c6c73d6b2bb144ef9e29383a323827342796ec6d77fc553303b9a6bdbd2113069553da2aef2f2303cd67d97a2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5c44ffa5284e6573fc56c678875cf9a04
SHA1417d08b8cfc5c94fde9541b019078f2ca6b093cb
SHA25620ce79e470607259b9af692d7bd7ca6e2910683abbd42ba4c0a7f1a95cf42a3c
SHA512cc6424f610e138c9d8173244a9da3cd8f366b13e06eb783f4931550efb4765bac77343a81f6319d7094f03f57413a1ef11065977c55122a5fe88e520b48c9d1c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD57d85068de6f8ab9438cfcd9aa02433f2
SHA1fee5b11b94dee121bcde1393fa95e8a16df0d9e4
SHA2562bd84246f0236e5084853df683fc3cf5f89a1d940b6a975dbaa8afdd9df26515
SHA5127c1f0170ac7fa64d6fd69845dd039543f5ba757631b205988de9cd71beed8097134b528fc67beadc81bd57b25936faf44d727923ff449c2213b27b7981dabd65
-
\??\pipe\LOCAL\crashpad_1428_OCBZAUIDDDNREHBNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e