bd4246c75c6fe628289f9c68880b19c6dfa34088284d4c29a7766aff2fdf10cc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63a2c186bc49ef197cf14afd07c3822f_JaffaCakes118.html
Size

78KB
MD5

63a2c186bc49ef197cf14afd07c3822f
SHA1

6cf3574cbbe708c06307d2161dcc73459aae38f6
SHA256

bd4246c75c6fe628289f9c68880b19c6dfa34088284d4c29a7766aff2fdf10cc
SHA512

ea19f14203732716c00a414b4488b73caad58eea531b4cc82171f036b9d19cb723ba6e6eaab1200f31017ad2348bde98d637cb5e3dba56c951d6aed8727a889b
SSDEEP

1536:1XNmUMHrVV05w4djRhpFzckqmCxGZz4x7GaYrQs0CJZGAwaTr0oYO3O5DRirzdBY:JNmUMHrV8djRhpFWE4x7GaYz4voYO3OL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1328	msedge.exe
1328	msedge.exe
2112	msedge.exe
2112	msedge.exe
2428	identity_helper.exe
2428	identity_helper.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2112 msedge.exe
2112 msedge.exe
2112 msedge.exe
2112 msedge.exe
2112 msedge.exe
2112 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2112 wrote to memory of 4876	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4876	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4268	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1328	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1328	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 3492	2112	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63a2c186bc49ef197cf14afd07c3822f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca124718
2⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
2⤵
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
2⤵
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
2⤵
PID:1200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
2⤵
PID:852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
2⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11407718308147245599,11375709621259296634,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
248B

MD5
99df30093f915d7fb3c06893fb725ced

SHA1
8db6f611b455a1bf9e669ad487b8eb81cbf6d3ad

SHA256
99e846b684b41f38794a2f74fc1ff5b17050578b1d48c965f24179d0f8e3d0af

SHA512
ed7e085b14a3df521211cb3e6bace484ad50e527bd93a397b6b212b5c016acb2f226a87d39526dae1ca9163e3e06ac3c8b4e9cfb9ab4d4aeaec71acbf98489df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f98f832230aa4dcc3ed84e26ae1ac80d

SHA1
0841ae10e8438f8229d8e4ee17175720ca59b70e

SHA256
e62aa83bb7e1803cb395f638c57b2c8949380b3deebbc04950c88181a3b66267

SHA512
c6409a19a806844d49edad4ce599859e4ff764540918888455377009cd5cef5cf84e859af4737dfb1b0d00b10c1dfbbb1f276c9d1c3cb786b9e259e3b5516466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c4e9f16a50ed50b1d7fd1673aaeefcea

SHA1
aeaa49c7c82e9186124374fe33f768ab87d82119

SHA256
27f991e1f9c4355609f1dd74dffc7843a32d2322c526812aa8bdfee525e66841

SHA512
c3a4c1961143618167d740e82c2a12b02cc48f66fd426168c47475e914b5dd2b5075d6c86bbd15481f66bbe40f8c4752c11c9fef29b944c4c9cbd8d2e7f7a774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
962d27dff7d5fbf66b36b729874323d3

SHA1
ccc3e5e35ff6bb62b1e786410438cb0c73682466

SHA256
c7090e5ef58cea192cbca24365afbf30cd21473853ad774b8fb0fc86df1d807a

SHA512
163f01c613177d970c30872be6366780e1b538f5f47e6e39ce789c176adcf4ce133222d40079ebcd50c6b222b68201e226d37379a041522a7300684547b4ec39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
555d66b1a1f6949aecd9ddd257ec7897

SHA1
513cfbfd9b248f3d4f1454e9b6ef7876150c146b

SHA256
25bd7bab1f3a8af09df46cff4afe3a7b43543272e7b699c02291e07285e02c42

SHA512
4869998990c821b294923a4763f348bb7835b631825a31b066a60a719b63ac0e98c3d232f0ba0bb4e9802cb8b5701d94f2b04b53de96cb6a3e1492b30219c3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581325.TMP
Filesize
372B

MD5
a41cc1f0ecad57600cbbc7d7280b6d1b

SHA1
bece7d7fc80f2534384ab7e568d3bc0ebd76cf06

SHA256
6db38b7730c5a8914a06ca1befda54ea179f664a9fd8c5c25dce40baf48e9427

SHA512
e1254e5df9a6adb83270b8f44d23396a95ba8bf2f5ab090f247b6d7daa3207076751d3be76cc985789ccb535239631ebcd871be1798b2fada90945ed615a9bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RFe580a1d.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e63af9e5fc34c0940c54ff3e2c0f0419

SHA1
c7dc5dc1e4daa4ebd6b99ce8f76a32aafa0d1697

SHA256
4b6cef36b696c1c04058d831c582d3f6755848c16e6d82235a587e816343ac49

SHA512
3d76db496f8085d41667f3694b275e57f90289db7840b90ef3b34ad58f2965f156535d8fb003f7815873468ff6af52d950253d11a51b2e4e9879d86f02531947

Download Submit
\??\pipe\LOCAL\crashpad_2112_VINHTXENWXLKYYDW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit