Analysis
-
max time kernel
139s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 18:19
Static task
static1
Behavioral task
behavioral1
Sample
6bd74ca762bd27380b0c9d71fd09c700_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6bd74ca762bd27380b0c9d71fd09c700_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
6bd74ca762bd27380b0c9d71fd09c700_JaffaCakes118.html
-
Size
56KB
-
MD5
6bd74ca762bd27380b0c9d71fd09c700
-
SHA1
1753db33676af5128f4893e62a0088e82ea9298b
-
SHA256
f823885f8faa427aebd47d27cba273111f71085a25b479b130029408fada8d99
-
SHA512
03154157729c6c85ea7dccf8b2d95dbc6c824dc2ef7631cf8ed1aed7288e45ff459b3241ebd284c2369616f571e8d21f5b20a11485268bb4ea134ba46dcb42b6
-
SSDEEP
768:48U6jTih/e9mw2WMOER1hLhT4tUCe/6iiGX0JzHB29ycrB:dU63ixeFIOERFIUI+XYHK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1268 msedge.exe 1268 msedge.exe 3372 msedge.exe 3372 msedge.exe 4524 identity_helper.exe 4524 identity_helper.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe 3816 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3372 wrote to memory of 228 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 228 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 5080 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 1268 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 1268 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe PID 3372 wrote to memory of 808 3372 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6bd74ca762bd27380b0c9d71fd09c700_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2484 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5896 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
144B
MD5bb69dd4f069188b38ad5251887f2b922
SHA167ecd7c1715cf7ab4a01b5956e0ae392f3454bb6
SHA256c0986f80c0fb17b777f8c6a65c7af2211013d3e481952cd44ba2640f0afca1b8
SHA5128b50535c17689e4c5eb3b4aefee439e08b3e0d186f73f6fd49f2e49599321acbd3e56741e10c6b07599d602cadc1217fe762808d8e669467c90f4080d852d2f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
120B
MD52b7e71446d8e160ee866f64b4368b31e
SHA1eecb3721984fceced2f5ea2f81cf336fdf3396b1
SHA256fd09924ba902da64b9b2413ffeb8abc41aee15da9b00a93af31aeec692508ad4
SHA5128036307738547fcd16db7c53ee5ded7bcf2a9b96c0292568e53e71905eed96333db71ffe3911a4fa5a0cb5c6479f643e25ee2976030a7b4a11844e53bea02061
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5d2e40307cad42cd84c1f72de8b09a2cb
SHA14b17410fea183fecf9805989f781ed8ab1d012b4
SHA2567874b08b403c18c2cf7a624deff1fe684d9496649b149ac56b19115f10890afa
SHA512403d818accf7eec7b4f996096aca628330a1e964fa68ab21c22e67aeeadc9c59201e61a536a9fa208f8794abe50f0990b1a3fc6a39436ade3c70daacd5065cec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD556a40717b750e4822e93c183ee06f427
SHA1e973046285cea8a1d5da2d77472b24df207c49e9
SHA256eed84bad887862a23ea801b07d4ca70fd7dc62160d34c4bcba343e8be6a0b49f
SHA51263646490bf808b78757d7583a3d4ec467b88a14b2fb5e0352d17b7b3b202357f9d5a310afe9f3975910cdc3b4d08fc05e41bd500491616924c6404211ab72132
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55f649ef75b80cdaf68da9bf8d01508ae
SHA1f2c53370106abd983773dfb571bfa705c5b674cb
SHA2565faa76ad9d38bb4bbd34ee35be35a921d84a3ee793c37824c007cbba3e631469
SHA5126b568c1885fa2a0b7c523176ec74350ca7828801231ebf3508748d6c58afc915a3965a3b797539cd14a1aedeaa9ccb692d08da4d5c409b8396ff41b66de05811
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5dd6cc279fa077cd44b5a55a6927923bb
SHA169e9fdbf4356ff946a8a961505162beef899dfc5
SHA2567dd6ff71a7647e9e97a890b0fdaa39eef0e0398c9d5034d5004dad6dc44b146b
SHA5121f53c3db34febddd9316096abd105b15d20efe3478ad956809289eab5a8dcccad27d8b2b34d802266536dc88f963f5b03723e3e55cdb9f1a0e5cf5fd9fe0e0c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5ee6b6b0f392a35fc56e67126928dae3c
SHA1dbe0bc8d55304b6ff80679ff9626901a04ce2419
SHA25600e56559995a9d5354222338ec29cb6113a9b280dd5e7d8ca6254136acf79dd1
SHA512f001afde2b2ec7a51c9ebaee63ba28be0a1beb316362b36ea731500047ee45dc999ef074ff095122c8506aae825fd1a52f1205505b55280623796e29b735e674
-
\??\pipe\LOCAL\crashpad_3372_GGZQMQSRAWCJPEFFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e