6dc1cb22ab8848aa19421bdde24779b64381d019a1f5c3448c28654e2e30149f

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5f80149bd54bb9c06c2bae7e0b92c4c_JaffaCakes118.exe
Size

13KB
MD5

f5f80149bd54bb9c06c2bae7e0b92c4c
SHA1

f06d036ae1b2fa20b2ed21b3b2febacfcf7e0602
SHA256

6dc1cb22ab8848aa19421bdde24779b64381d019a1f5c3448c28654e2e30149f
SHA512

a9d82b75d8396d2f24e149a0dacd6bd86ecfa97e96f300f7326fef27e85ebe85013fc3ec6db81c7199ce5f2bc92d76a8f05c270e603d4eeafa88c9c333896037
SSDEEP

192:CS4gbgkAN4SJj+bfrJsUwv7E6MB0Lr9ZCspE+TMwrRmK+vhOrA:CS4uI44aJ+7NMCWeM4mJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1844-0-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/1844-1-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2624	msedge.exe
2624	msedge.exe
4272	msedge.exe
4272	msedge.exe
2480	identity_helper.exe
2480	identity_helper.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1844	f5f80149bd54bb9c06c2bae7e0b92c4c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 4272	1844	f5f80149bd54bb9c06c2bae7e0b92c4c_JaffaCakes118.exe	85
PID 1844 wrote to memory of 4272	1844	f5f80149bd54bb9c06c2bae7e0b92c4c_JaffaCakes118.exe	85
PID 4272 wrote to memory of 2472	4272	msedge.exe	86
PID 4272 wrote to memory of 2472	4272	msedge.exe	86
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 3020	4272	msedge.exe	87
PID 4272 wrote to memory of 2624	4272	msedge.exe	88
PID 4272 wrote to memory of 2624	4272	msedge.exe	88
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89
PID 4272 wrote to memory of 5060	4272	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\f5f80149bd54bb9c06c2bae7e0b92c4c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f5f80149bd54bb9c06c2bae7e0b92c4c_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ads.eorezo.com/cgi-bin/advert/getads?did=43
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee00046f8,0x7ffee0004708,0x7ffee0004718
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
    3⤵
    PID:3020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
    3⤵
    PID:5060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
    3⤵
    PID:3952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:1176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
    3⤵
    PID:4588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
    3⤵
    PID:1348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
    3⤵
    PID:1468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
    3⤵
    PID:208
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
    3⤵
    PID:2836
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7385723422731347696,10147953093382006078,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b1931878d6b8b22142fd7fd614add5c

SHA1
0e20ec0bec5a9fe3b6666c3009626f0420415bc7

SHA256
d78e49cf9c940d8a407fca2338e30b754e4579c64e88932c46c3871f62c15904

SHA512
1e7a63ff7340719736560277601ff43f30937dbd4a1fbacbcb0d72fa708216692a4bb4ba658edf227b767975b430fc94e7c4f0b5dab29bef9483bfcfb38e1cf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70ae4bf8f75c69610c1d00131c1ec28c

SHA1
eab92c184a3b655377f375b1b25ef85fb06c7130

SHA256
9f46453862eb083e85697631455185c0ead19ec86c1ae3d15274c06c9a38731b

SHA512
29299dbc0114f01525bff67ec421a28056905e8f5d21f00502554f446883b6086f8b9a2c27a591f364077da17c21438910b8dbf163a59f6f80272eb7d5f05c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
417c6a2bd4b2b75da7fe930300ede86b

SHA1
7ddab1106b994de1a0b333e18872c3a0173bf197

SHA256
656b18c6fd9d92622857065712f6bd87f004a1414e1a4e36cb9c503a9dba5bd3

SHA512
dfec94e3b8d83372a741b2cef49480a3e591189f6f3ecb87e0384239bd29df17f1bba4957b2d9ae0e4c03a124685d88e0ba9fbedd0059581325214588d4194ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b211a295ce65457970813d4fc8ac197

SHA1
ad36f1e4281b38499ebdfe81566cabaae51682f8

SHA256
8b845ac67c69368090e0026422243f9c5c3a233a97c0e9291209e345f61f231a

SHA512
cb18e9875d652d9ab1730197b9c82d875346b2fbe98f09b1a5485cf16e6ee9fbae3d488e5968f2ecd5b26d845ee94d0979ced083bb639968976067d1040f1c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eef9ce3e6452b878836a44220ec66bd5

SHA1
313f036cad0e954614b0ae6705057d9bd3134912

SHA256
de1743924aeb18b9b1078ec2d3f990f014cabcacc3c8fb703209253623690f57

SHA512
3ff0122a93366727f00afeb5ced5d3cc4d424eb731515124cd20e08993557cbe039b7a53f79ce8b2ecc45f303034d4ee6355fac5491083353d722b14ba810e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb1012b9dc8ce3fc9eae62484d2170e5

SHA1
140fbeb2a3f25cab9850af191b0729a11df34bfb

SHA256
ffdd01fe3cf6c3492df292ec1b0523c572c06a4d0dcb86e3fef0c87efb27bc0c

SHA512
8ac1e4b50d56c48326c659a27a614cb48efa343a45c8f2f99d8f6ea81feb364aee3cc344ef02cb1149c5d96709d6eefa2da580b895a24895becaf6fb7712ca76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0aa6d5ee44c52b4b209fb445480838fb

SHA1
e773a750f22318b7bec7ff5104d400d2f85276a9

SHA256
6c2397758efde4535c0047ad72d20deb37edef137b406317159072aab5b7df53

SHA512
44f9a042257b2c85edff6f8e0e7fc434a5fdeb61b7772cc99ab93afa1ede572dbadec733b70508cf3a6183463a048ad5f54fc1f5379a738d9ccab6d0e63fcd21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5baa7182bc3977cebded67cb76f50bcd

SHA1
94524c5c76c7ac6f7357791ebc1d2acaf0d38b85

SHA256
7774149317ab747d30b892562eccbbbafac6812c6808680b1d896aa03ae566cb

SHA512
ca8f24ca3a4f87c580dfa22800fa8fb9adcd11eb3f548c07e6cefeba5ad1e2f00f8dad099ba9ace7850cfe70d21cabf012438f6174b4cbe29ad607372db63436

Download Submit
memory/1844-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1844-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download