5f16f9b09cfe68652c8a14c8ce9dc55691f5ac61bed72d16013b0e9660e8ffe4

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63e51e4d5adce5043016d9ff498eb1e1_JaffaCakes118.html
Size

123KB
MD5

63e51e4d5adce5043016d9ff498eb1e1
SHA1

55c5cf66c1edbc5032a5a5d27e56b471ca336968
SHA256

5f16f9b09cfe68652c8a14c8ce9dc55691f5ac61bed72d16013b0e9660e8ffe4
SHA512

7301968cb352a044346640b8a0e0870925ff3e049e3a114a047bc898053ee5056108eb02a24cdbc7dc8cebf8d54720c1ff4e956baa8b763f160029c3b282510d
SSDEEP

1536:sgAv8hSsPH7g4aHSyA/xsUw4oblslxpqyqfqkq5quoc/yEQG9s/1m4XwZpZbKdao:sgAv8hSV4aF12ocUGM1lXEKdaQ97

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2464	msedge.exe
2464	msedge.exe
3468	msedge.exe
3468	msedge.exe
3172	identity_helper.exe
3172	identity_helper.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3468 msedge.exe
3468 msedge.exe
3468 msedge.exe
3468 msedge.exe
3468 msedge.exe
3468 msedge.exe
3468 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3468 wrote to memory of 4848	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4848	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 3392	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 2464	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 2464	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1252	3468	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63e51e4d5adce5043016d9ff498eb1e1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff46be46f8,0x7fff46be4708,0x7fff46be4718
2⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
2⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
2⤵
PID:1252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:3396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
2⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
2⤵
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
2⤵
PID:4548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
2⤵
PID:3636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
2⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
2⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,5242137687305102102,13190365124641782163,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1336 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
256B

MD5
4051937d2bfc8ef7c899f45e8e84fe00

SHA1
e72ca73c38132b20000c8191dfec508cca34ffee

SHA256
021ff2ddc9205e7a48425bc21fa5c5c3efe3f5ac01a767ba77a50d7f3fc3797d

SHA512
c0ef254f60a40dbed55083e2af96476ca87841f6ca48130c53e0033435ee018a0efecef9aedd71c0260b334e50a85daab0f74facb5df80f22e28276743d46020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f86db4564a4bd9ee5f907a46a21db613

SHA1
8764e047ef9ecccc5785eb46e1be5fff58b56356

SHA256
750ca3f5289afe74482cd1ec1a302844a40b2d3d5265dfaa974459b67d775060

SHA512
6a41aaa4263856622635dba6ff5cd9a8aa9e861c9f9b160ca7b68dbf9e354b2c8e84818e250663778762a0c40139236ae2ecc3f8423ce5f68e965ab6b1ad5f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7da346e001772efbbe17edadad0c18ca

SHA1
3b38c33cc35aaef4f50e18f122bbc527b00dc120

SHA256
f8d85eb4cccd8004f580f99b4029a9d1395f86dc5a1feb325c10bdae66679e11

SHA512
3d8a3c2cf4def02d4affc98c04077d3579b77bdf7210b6da2a42f8274af2bb5d5ecb0e4eeb0669d4ec142a13d1f43e8afc13d37f3c8c2820cb63a9909604ef5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c88bda19ae3ce5bfc17c86cd7eff5624

SHA1
81b11113df919073c81a7ac5ef3531de5f899721

SHA256
13ff486a344dec4c9d91b96de7dab031a6dd4edb28e28d3e189c9f7a33564d25

SHA512
daed9249bff6616f152e6ea7492dddf365679370c97491e2e72ca01b27e881a0f0400488856f9e5dab5219563ef7ac9dc388aec3dc2119ccb086c98cdfa9b5de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
eb23605034745b552df18f140828c960

SHA1
982034203c0eedbe6628a37bcdb1fa8d04ec9743

SHA256
ec04545bc11ed2d17d0b7e87a26300d5ac212491a9d034b090d71799d9d543d4

SHA512
066cecf63025c1448b598f26bcf51cf6b41770085672336bd341f7713a47a6c99691e0564a3fd1732bb87388b0d72ddc314b02f5194846e111f365a87fc9fed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585a6f.TMP

Filesize
372B

MD5
c8f9b7090aa9411ee5bd773619d58c34

SHA1
cead402ab0584445c9ad5ab528776c61069fc019

SHA256
72e328515494a1de431dcc453bd9912cd5593c30efbc23bc8277dd21e603f97b

SHA512
de75248d80b72b3f4cd086ad88d35ae05af8aab970f1c67c35d7e4d73cf879269d094a19326bf089cdb254b27fc3c98ef3263f78615e5b256442b69d637c88d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
98bcb47587a50a66166a31d88e3944a2

SHA1
dc92798fd9b15aa41c7290b58420acfb3892cf7c

SHA256
d4b3237dfeacbe9b8de9645217f0b7f8cd01a75368728ad7dfbf15a12ee7f44b

SHA512
1900f422a6ba9f832a0c738daff9c199936acc5dc2a55a5edb1cfd47f4651a6d5a64f2fcfe460b90bd399de780fe40eb15c5d448a7278cdcded7095c6e67a8fa

Download Submit
\??\pipe\LOCAL\crashpad_3468_IAHIIDOGJOHNBFGX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit