Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 01:32
Static task
static1
Behavioral task
behavioral1
Sample
6588382615a91845fb139d0613cb613a_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
6588382615a91845fb139d0613cb613a_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
6588382615a91845fb139d0613cb613a_JaffaCakes118.html
-
Size
175KB
-
MD5
6588382615a91845fb139d0613cb613a
-
SHA1
4266307e0b60e56db3af42173c6eccf8d75ef317
-
SHA256
5aee9829f8e4cb69cb7afb5f7a04667b544355b4367851b076a46c039a2ba1a1
-
SHA512
000529950173f4724b71d9c5913f1c1d9ade58535a9ced58f90f7959a070b7cabcd008380c3fb856561eee73fe6a54217d2acc0a73e5b0e10015c00ef13882d1
-
SSDEEP
1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3sGNkFlYfBCJisu+aeTH+WK/Lf1/hmnVSV:SOoT3s/FQBCJiMm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5032 msedge.exe 5032 msedge.exe 884 msedge.exe 884 msedge.exe 2092 identity_helper.exe 2092 identity_helper.exe 1492 msedge.exe 1492 msedge.exe 1492 msedge.exe 1492 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 884 wrote to memory of 1392 884 msedge.exe msedge.exe PID 884 wrote to memory of 1392 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 2304 884 msedge.exe msedge.exe PID 884 wrote to memory of 5032 884 msedge.exe msedge.exe PID 884 wrote to memory of 5032 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe PID 884 wrote to memory of 3836 884 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6588382615a91845fb139d0613cb613a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc374346f8,0x7ffc37434708,0x7ffc374347182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13462192206199736935,7778302939794108977,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
456B
MD5aaa9dddbbd86b58277edee1a5b69b454
SHA15ca22324c4f63796d545140b17903103c220ae31
SHA256538e65a3b6cab7e7d1421991c40799b6ad207d29d18a0629819ff99f57ffe2ba
SHA512621d92413c7c858455152d4426398b9ef53a745290fe8616ba093ab1aa9c45f085b57c22d75b3572e2ba3bb49f13afe9fed0a6cb78244ed576a42651119166e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD561d1f31fa27dc2e83a4288b109f2c55d
SHA1f768220b18084fc2eafea666fe350147a5a8f730
SHA2560cece12956c9a7b1a489468b65e099d8e8941c960a186e4e740f1db6b7c4e7b6
SHA512313ce4290594dda53e3a462098f2100d41249013a46e6c19133605837f973e38def7f5a50e30429bab01140a4388a2ecbe69792913ed787f647742afca47d25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5e4589d72a400211c5285252604828f0e
SHA1c59a91a9abe5ba5a68952ad9fe570dd2cc9ee5b3
SHA25621ff11444c72ebc613a99426b520d23f6bf6fd3a4dbfc85b7191b5b68e1e36fa
SHA5127498e5d74cafd0ffce013876239cb01c9bf18d53431312ead248e754a2ae0c61ded9e74396332a2a17a604967f40955c3a239734a66b6f3e8bff30752b1192a2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5a1b3f627a59467b46a58065786902892
SHA14856c9fb33639172cece81ff582924daa8cc9ca2
SHA25606c69f10b3b7e7d2d3d224877b91bc5ec029b08e6de17ba82a94ba766f8c50f9
SHA5127c780be15bf90a2d78a6aa92ec65ede4536cd956b3ea7f890e588efe885bc23fc42fcfcdc3db3167c91c6b4ef8e60bd953b17e12db41773efa6edcff3ea577b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a0c63048-f5f2-49d1-9331-2416c8eb292c.tmpFilesize
2KB
MD598cc62a765aa5d5a9f0d9da9ecc1f261
SHA18aafa721f490ade68c3de455c97ec893f57e05fb
SHA256584c12fa27cca0ccb07f0f3aa4acb8124feaca91d74ec81d6c7b3f54dedab0c8
SHA51269f9f951ce295a2a696c0428c08d44627d29958873e53713a32aba9c5ae5425d36d1b7d8fe780dc6f28aa5d4f3abdb496033ae8edf1d5f087182f001a1900b06
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50fcec55d6851abdb34f3a58482a80486
SHA1e2a7937b0f3a8be58d90d5896fb38fdf92598ea4
SHA2561873e5f8c94dcd955ccfda81da9143f3ff97e952d1e609d132dba9825e5d15fa
SHA512fa4992ccc89207b1d02d33838335b63881d2db680dce2af8c927c62aeeeba1bc8baff574fe8d52ef512eab4bf15726eae38cfa4bd15fb438933a15599973e96d
-
\??\pipe\LOCAL\crashpad_884_ECMCCBCMDLMKFAMVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e