b57890fefa9cd3250734a23a804a281a151d01249cb4f6884da2d2a95f594943

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63beceb1dcd718b4d65f44eac8b8abc6_JaffaCakes118.html
Size

17KB
MD5

63beceb1dcd718b4d65f44eac8b8abc6
SHA1

1a26ec310ae8501c3409369d3e4834f05d329b00
SHA256

b57890fefa9cd3250734a23a804a281a151d01249cb4f6884da2d2a95f594943
SHA512

702e03bc6af509073d46cf4b51e01c57dc93b0587a01a52461b07087101eeca0acb2f958848be4424d5d49a60bfa59eb2040dfe45c041f6d87babaa756152573
SSDEEP

384:Eo/h6bsdYWXaHiHRH9HIFSovJS8wFIGrThPxEvBzz:nYIdYW1omTh4z

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2976	msedge.exe
2976	msedge.exe
2188	msedge.exe
2188	msedge.exe
4812	identity_helper.exe
4812	identity_helper.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2188 msedge.exe
2188 msedge.exe
2188 msedge.exe
2188 msedge.exe
2188 msedge.exe
2188 msedge.exe
2188 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2188 wrote to memory of 2964	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2964	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 4356	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2976	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 2976	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe
PID 2188 wrote to memory of 1364	2188	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63beceb1dcd718b4d65f44eac8b8abc6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaefbb46f8,0x7ffaefbb4708,0x7ffaefbb4718
2⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
2⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
2⤵
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
2⤵
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
2⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
2⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
2⤵
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5592732544552474262,7605842163533675087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4916 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:688

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
d9206a961242af40e4f4999ed1a6bd64

SHA1
0f391a217d8cdb0f533b57141b715624890e53bf

SHA256
825342229d7000ee3ac91bb86fc5bd94ba768214a22d677e41b4841cc468dfd4

SHA512
4c4527be188c6323142d2c53e97f501d5931cdb78a7b8feffbca8eb671e596fd23e3de3274b2a1a03ca4d0166be9fc68025af85381fa16da451894f13b9ea3df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
399B

MD5
a2cdc69a3c96a22ba0786453be9d860b

SHA1
35f74cd3cee4b26b1f89e0431ea16ec89a1f714f

SHA256
381ade82e6bb959b16c1d93845ace7aca3e0f628ec49ae33262a3ba346edd4d0

SHA512
a1889f92223c0fd35011be8682b0551354267cdd9b9275cd75539477f50d8187b2d7e96c8181055e467610d917016e8dce45d63cf37caf491a7fbed853ad9531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
46cfba212c01d46f339b42b27b2b05bf

SHA1
f46a65ef1c2cbe7ff9eeea83a41ca126e72f051e

SHA256
ed2013cc6cdc710841fd139dba1fd562fa5ef3216444f363cdbb5af9c27e6af6

SHA512
c9252352ef0dce4e287eebd19f671cb4e9ecc9dec0b35b1a0e539f2b324b27aa11e2c6ac3c1e09cc3db8e89d47717cfb2afeab032067ba54c1f9f8ca05871e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2d2c406cbf6d640d50c5eb248e86e332

SHA1
2912532eb51a6d51f9bfdf56ab4b83c196ccb6d0

SHA256
e2961f2131f580b530e429d68d5c2172788fa75aefce0065cb3b9a0396e4bcbf

SHA512
e94231742511ee239370ea0061020a510c129d9d122f69b6514e026d2e164998aa3833d93f478a074f77ce0ec800be08220aaeb29153978b1c98bfe868e7b5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
bbe0b9364edd701b9d98bbb3047e127b

SHA1
cda5a6dc712259f3cf4949b46fec469d33f4b1a8

SHA256
79663c1e04fe1cac5d231e2dba727db6db4c3cd435fecf8de515daa7bbcdef7c

SHA512
eac54f069fb6709a5a04f4732812c3aa3392af8b1d4bfc042a6da55a93374f86c8919d787b4266b21da453b8c1fb9dedc7226364e3633214d9acc398444e8fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fd6b.TMP
Filesize
203B

MD5
4a9f12dbaf3cea321abd5f2eeda86fce

SHA1
b979b437e4e8eb39abbc05d84cb55d1e21b32052

SHA256
b42f7e4aa72241563dad78eafd3e4de0636840e690651d63887f701f0f45e1ca

SHA512
9397ec040ac0b260281bceeade1559ae10a902f1a0789c5a67928add752c46b131a377f76218d177f1b36274bae2102b2fbd6b1f5e594461474fd3af6cc6e889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e5638795-110a-4f98-85eb-c4b258244302.tmp
Filesize
6KB

MD5
86a20edb36c73c56cfbf58760faed335

SHA1
94b668664507fce37a8b8c2aa89cdfac0e57f57e

SHA256
7b024a7a7433cc265adfc5eb365e77fc8b86f213aef0bb18963fdde1865c4892

SHA512
9ec5374dc2608c12871faa81978d4db9b57e288e7c0597e32b214b4b90444117372de681108b5f5d822be561e8f5e3490602312c128098d99f60832175daa45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4f05e823c7a14590055e53a895858bed

SHA1
92f336c1690597733cf020d97d9fd60123813687

SHA256
750ea9aa7a7a15903d53a6dd3dc7f0ba7774c5605e3dc08e65fb5f9c21793fb0

SHA512
f9b1d35db1d8651b7207efe915ab1fb7686856c7418e544f47674e34781a1abb4e230ac0badfb9c5c816594342d593cd82c7c4af83f41e21fc31542300d4c79e

Download Submit
\??\pipe\LOCAL\crashpad_2188_WFIRVCTNVQPQMCGT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit