Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 15:13
Static task
static1
Behavioral task
behavioral1
Sample
63beceb1dcd718b4d65f44eac8b8abc6_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
63beceb1dcd718b4d65f44eac8b8abc6_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
63beceb1dcd718b4d65f44eac8b8abc6_JaffaCakes118.html
-
Size
17KB
-
MD5
63beceb1dcd718b4d65f44eac8b8abc6
-
SHA1
1a26ec310ae8501c3409369d3e4834f05d329b00
-
SHA256
b57890fefa9cd3250734a23a804a281a151d01249cb4f6884da2d2a95f594943
-
SHA512
702e03bc6af509073d46cf4b51e01c57dc93b0587a01a52461b07087101eeca0acb2f958848be4424d5d49a60bfa59eb2040dfe45c041f6d87babaa756152573
-
SSDEEP
384:Eo/h6bsdYWXaHiHRH9HIFSovJS8wFIGrThPxEvBzz:nYIdYW1omTh4z
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2976 msedge.exe 2976 msedge.exe 2188 msedge.exe 2188 msedge.exe 4812 identity_helper.exe 4812 identity_helper.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2188 wrote to memory of 2964 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 2964 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4356 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 2976 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 2976 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 1364 2188 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63beceb1dcd718b4d65f44eac8b8abc6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaefbb46f8,0x7ffaefbb4708,0x7ffaefbb47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4916 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
192B
MD5d9206a961242af40e4f4999ed1a6bd64
SHA10f391a217d8cdb0f533b57141b715624890e53bf
SHA256825342229d7000ee3ac91bb86fc5bd94ba768214a22d677e41b4841cc468dfd4
SHA5124c4527be188c6323142d2c53e97f501d5931cdb78a7b8feffbca8eb671e596fd23e3de3274b2a1a03ca4d0166be9fc68025af85381fa16da451894f13b9ea3df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
399B
MD5a2cdc69a3c96a22ba0786453be9d860b
SHA135f74cd3cee4b26b1f89e0431ea16ec89a1f714f
SHA256381ade82e6bb959b16c1d93845ace7aca3e0f628ec49ae33262a3ba346edd4d0
SHA512a1889f92223c0fd35011be8682b0551354267cdd9b9275cd75539477f50d8187b2d7e96c8181055e467610d917016e8dce45d63cf37caf491a7fbed853ad9531
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD546cfba212c01d46f339b42b27b2b05bf
SHA1f46a65ef1c2cbe7ff9eeea83a41ca126e72f051e
SHA256ed2013cc6cdc710841fd139dba1fd562fa5ef3216444f363cdbb5af9c27e6af6
SHA512c9252352ef0dce4e287eebd19f671cb4e9ecc9dec0b35b1a0e539f2b324b27aa11e2c6ac3c1e09cc3db8e89d47717cfb2afeab032067ba54c1f9f8ca05871e13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52d2c406cbf6d640d50c5eb248e86e332
SHA12912532eb51a6d51f9bfdf56ab4b83c196ccb6d0
SHA256e2961f2131f580b530e429d68d5c2172788fa75aefce0065cb3b9a0396e4bcbf
SHA512e94231742511ee239370ea0061020a510c129d9d122f69b6514e026d2e164998aa3833d93f478a074f77ce0ec800be08220aaeb29153978b1c98bfe868e7b5f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
538B
MD5bbe0b9364edd701b9d98bbb3047e127b
SHA1cda5a6dc712259f3cf4949b46fec469d33f4b1a8
SHA25679663c1e04fe1cac5d231e2dba727db6db4c3cd435fecf8de515daa7bbcdef7c
SHA512eac54f069fb6709a5a04f4732812c3aa3392af8b1d4bfc042a6da55a93374f86c8919d787b4266b21da453b8c1fb9dedc7226364e3633214d9acc398444e8fb1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fd6b.TMPFilesize
203B
MD54a9f12dbaf3cea321abd5f2eeda86fce
SHA1b979b437e4e8eb39abbc05d84cb55d1e21b32052
SHA256b42f7e4aa72241563dad78eafd3e4de0636840e690651d63887f701f0f45e1ca
SHA5129397ec040ac0b260281bceeade1559ae10a902f1a0789c5a67928add752c46b131a377f76218d177f1b36274bae2102b2fbd6b1f5e594461474fd3af6cc6e889
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e5638795-110a-4f98-85eb-c4b258244302.tmpFilesize
6KB
MD586a20edb36c73c56cfbf58760faed335
SHA194b668664507fce37a8b8c2aa89cdfac0e57f57e
SHA2567b024a7a7433cc265adfc5eb365e77fc8b86f213aef0bb18963fdde1865c4892
SHA5129ec5374dc2608c12871faa81978d4db9b57e288e7c0597e32b214b4b90444117372de681108b5f5d822be561e8f5e3490602312c128098d99f60832175daa45c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD54f05e823c7a14590055e53a895858bed
SHA192f336c1690597733cf020d97d9fd60123813687
SHA256750ea9aa7a7a15903d53a6dd3dc7f0ba7774c5605e3dc08e65fb5f9c21793fb0
SHA512f9b1d35db1d8651b7207efe915ab1fb7686856c7418e544f47674e34781a1abb4e230ac0badfb9c5c816594342d593cd82c7c4af83f41e21fc31542300d4c79e
-
\??\pipe\LOCAL\crashpad_2188_WFIRVCTNVQPQMCGTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e