2282fb1863cfa68cb91e6c4ae4377c3d0cb7eee7bafa2a38fd745f19509d42db

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68b89840c04166b7e8b0701f8bab8b0c_JaffaCakes118.html
Size

36KB
MD5

68b89840c04166b7e8b0701f8bab8b0c
SHA1

5999cff0769486577520e185ffeee2ffd115f0fe
SHA256

2282fb1863cfa68cb91e6c4ae4377c3d0cb7eee7bafa2a38fd745f19509d42db
SHA512

0b9019415df3ae935afb5358fcf4cbe553827d5c752bacf203600f91e3b7fdd22c0d824b9da980bc7176391ccf2c35143fc7aeb830503016d43792be68444ac1
SSDEEP

768:DEVPgAEVPgTZKGPV6oeU7Wz0E80sNJqAPVW:i8wZTaX5ZsNJlW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
400	msedge.exe
400	msedge.exe
1556	msedge.exe
1556	msedge.exe
4280	identity_helper.exe
4280	identity_helper.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1556 msedge.exe
1556 msedge.exe
1556 msedge.exe
1556 msedge.exe
1556 msedge.exe
1556 msedge.exe
1556 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1556 wrote to memory of 1320	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1320	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 1960	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 400	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 400	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe
PID 1556 wrote to memory of 4548	1556	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68b89840c04166b7e8b0701f8bab8b0c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc468746f8,0x7ffc46874708,0x7ffc46874718
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4003356278135907721,10054665824485456621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2668 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
8f098dbdabd44d9c2396459fc1ccd7b4

SHA1
1c89c6b7c26d3ce42df6ab5711b04b967246a1b3

SHA256
efd628e62063ce939e1eac937187b434d6d4553e254632b01d41fb777caba0c7

SHA512
4a6018e8b31a6bb2cc693d08b40e42d18faadf91ce2d7278dba0a7ec94287ec23bfe014d4a0262603160ef49eb5776a187ce6f11a828b312daff2e5a73770344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7084a1a6d10977654e9079dc879be058

SHA1
0be5708513bf4c7360a8d834c73518b7a17f88c9

SHA256
97f26b8e752dd2898da7232a7d2d1594c9321730c036fffababaa8b4060c012c

SHA512
b343c64789664f266a17f3052db1b687d9b5fbae332a08e2a1109a264e3930e28d58c98250ebeaa29f3aa018fbb3a9a7c2fc0b1199371a4698e0db5dbf4d0f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
42b3baff46eb2952c55eb43a247da896

SHA1
fcddfc302842da5bfe0c2b18d77430ff6cc2cbcd

SHA256
1c70834afcfdf84c1ef7f1fb0102bb39d2b63e1225207f94b928c2f075a15faf

SHA512
81d52adab298244bf30f4d8f94943c288d8cf5f9c78c11d95d0961498b6f74feae05eb53fe85b8f202e7d63955a68ffbd652198796174e6e09f82b8c6ace8752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
00d847fea4e292a7a561d43bee871114

SHA1
7ba85c1e36521aebd34648ee2b63d1dbdd4e66f7

SHA256
dd0f0b0012d2fde88695b593e689bfb1eca2c9c24d06d812573714563be40c87

SHA512
f8060543ad5cc4eaef1f5425c2be75adf8f9d4c535e43e7ff12d2532afc89187fcbd5dc3888fd744b737037ddcbfedf70248e0c46f16d7e554eeb614c7d8b0c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7cdef190adbe05081704a2debd24a1b0

SHA1
ea57c377212c57acca109644fe825a2dde17a446

SHA256
466706fa51d843c6a905358b6ce94043459b5944abfd4a37ba27042b82df23a9

SHA512
265fd7f6106bc33fb232f04946b14774dce375b67dc9505c78389d3d75afee00f3656f0eff08720ed86fb22977f5c44b0f0af3bf076c0b0de460bf3c813ffdc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e052250c5638d97c7ca73f4155d5973

SHA1
e0cb11cd79f83a6b83a92e253cd6706ce7f34b26

SHA256
897a60368cbe47c2566d034c325eb68c61b7e9cb6dc329561fb96f26b819f2d4

SHA512
eb24efdd9b803d27f7602c323499b9794d387de4364c5eff2f49f6897419dd9789bf9c835dbcfe3053b0d0bc3e91fddf869895c2ed005ef913e45611a05c9904

Download Submit
\??\pipe\LOCAL\crashpad_1556_IEYCRZAIOGOUKMDC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit