7e4283cd1f66cbc0cb3fc2f08a49419cbc600f91571ce20a9e72bcfee1dfebb7

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64bd4478cb28dfa7f26157ba3242fe9b_JaffaCakes118.html
Size

282KB
MD5

64bd4478cb28dfa7f26157ba3242fe9b
SHA1

73bea0ba60aa58ab8a1ce6433c01077811f27de4
SHA256

7e4283cd1f66cbc0cb3fc2f08a49419cbc600f91571ce20a9e72bcfee1dfebb7
SHA512

7fd266317db15adcfcb6a91e3268439ff1b1f1ea6a3eecaea3fbdeb175d03feebd7538105bde0820845b495eb8786aceab62979be69a0d7777d80258a37b9761
SSDEEP

1536:qRKDPjp4oooYcABF9QSE22fI03lX7Ym5zreuErexEreEEreOEreb8ItVnYBMbCzw:qROPjp4ooonSR2aVVwCRnFNLMF6o/qN+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2736	msedge.exe
2736	msedge.exe
2700	msedge.exe
2700	msedge.exe
3312	identity_helper.exe
3312	identity_helper.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe
4796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2700 msedge.exe
2700 msedge.exe
2700 msedge.exe
2700 msedge.exe
2700 msedge.exe
2700 msedge.exe
2700 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2700 wrote to memory of 3416	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 3416	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 1472	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2736	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2736	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe
PID 2700 wrote to memory of 2964	2700	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\64bd4478cb28dfa7f26157ba3242fe9b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcb3246f8,0x7ffbcb324708,0x7ffbcb324718
2⤵
PID:3416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
2⤵
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
2⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
2⤵
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
2⤵
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
2⤵
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
2⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
2⤵
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4340061846125654859,12319789439162769714,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
38KB

MD5
d839c794a6e724e78bf698af07edb480

SHA1
419c338f13eced111aa8887fe1d630beac995669

SHA256
23337db705b66a7505060a5781e6eee3a04cdc263b0e6454f3c9e6dc68adcd4c

SHA512
6180f50efb7c26a765ff9077739cf97c4c6b2db8e27b79710807179afbe6d5362a35b37496ae373931ef84c943f1bd72668066c488d4430c92447754cd0dfe86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
8ce68193a0708ea6c3a61887d0b34eda

SHA1
ddab94b84a7f420eb4b830631630eca69017e620

SHA256
72c2773ebfbb567008f661061782c446049988e27a516804544637f3a1da4687

SHA512
959bc7cc5939a7ab2639fa28b76a04a98b1f72fadf3d2a195efa10c2908235cd54083b72edb1a691c8d7f1e7566f0569c70718f385958b4a088117e40ef4b57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2861f3d319a44f9a1510cac26e61af24

SHA1
0f24cee8cfaa45d402b77a37e0bc7138f0848ce2

SHA256
4c49338ffb85ab6070924eeed141b9dc7cbd506a55e311f66e87e8866a388d14

SHA512
a26fc9ac5d216e9774c82642e268212be19cf63d14ac1ef16028f97b7d81554267f16a3fed6833a6e7e732fed4a6131a511e8ed071a6ccdc113794d724af4a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ad41545c616ffb811c442c6e86f7a0bc

SHA1
78585e7cd08e24b639311024d35d4e4fd7b646a8

SHA256
2114feead7e9f61c957911dcb158dbf45ebc5a26ca874a792976b952b3b67dc1

SHA512
4cade897c65332f1d48745956a1517166b6f8335d9f2b416022960a5800fec6b9936f74f50a8a42b5ee706541460d48bd2db96a2eae6cff22a69f6ca4f5a3206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbff958a4ebd3fbe544ba13f1b15894f

SHA1
4a0432f9ab6790969cfdd615ec1f8292bb72e04c

SHA256
3ff7fbc2b1fb12e8f10ac9eb192ae43dd0f88981990fc1bea41c1f27d0845dc2

SHA512
9344135f592b3ed54dce5a9d511d702c706e36334fc201a1482ea1322eaf8fbb3b149cf6de121bea88ff679647e75646dcc8fcc732dc361ea82cce695ac749bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9986334c9a68679adce9269dd6cf2abf

SHA1
e629cd4b09061a62413f54e9fdc8f13bb7c143a5

SHA256
6fb82e086c9503d22b8aa4b2801d2c868df01239193fa4a5e88952af1dff8bd0

SHA512
f793d1e823dac6dbfdea1fa1106b9d12bf6ebcf54c9e318363d4b20efeb09f34dcd2b4ac4c5e940461a9a53ff0972476098e0bcb5fa59b646dbc02a06d87562b

Download Submit
\??\pipe\LOCAL\crashpad_2700_SUNYSOYDJWKUJPYR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit