e4bc599f0f714039f483b2a357b12ba6d2438bdd16626dad656a9985be46ca52

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6907b003ac5ff79471bb1227a9835998_JaffaCakes118.html
Size

180KB
MD5

6907b003ac5ff79471bb1227a9835998
SHA1

f2ed30f1eccd618eaf44fba49907c474e01dd65b
SHA256

e4bc599f0f714039f483b2a357b12ba6d2438bdd16626dad656a9985be46ca52
SHA512

37f1e67390a2fdc8443b380fa214aa1f773a4b4901376a40991f02c8d130370bd8647456c357b6a59b67731f18c3bfe513ba47a811f7d552b99c8283a2d69002
SSDEEP

3072:gGuGuGADrRHQWV/lnyK6CV5H8KiI6Fovv+P/ue57YKFNzeb4g:kDZ/lnyK6CV5cue5m

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service
T1102

Processes:

flow ioc

14 sites.google.com
15 sites.google.com
16 sites.google.com
17 sites.google.com
18 sites.google.com
19 sites.google.com
9 sites.google.com

flow	ioc
14	sites.google.com
15	sites.google.com
16	sites.google.com
17	sites.google.com
18	sites.google.com
19	sites.google.com
9	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1144	msedge.exe
1144	msedge.exe
4856	msedge.exe
4856	msedge.exe
2776	identity_helper.exe
2776	identity_helper.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe
3308	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4856 msedge.exe
4856 msedge.exe
4856 msedge.exe
4856 msedge.exe
4856 msedge.exe
4856 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4856 wrote to memory of 2432	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 2432	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 4640	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 1144	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 1144	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe
PID 4856 wrote to memory of 3660	4856	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6907b003ac5ff79471bb1227a9835998_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc840f46f8,0x7ffc840f4708,0x7ffc840f4718
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
2⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
2⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
2⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
2⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
2⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
2⤵
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
2⤵
PID:2528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,9001432299251268317,15570619834716053844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\59dc8142-8ae5-47ed-8602-9fef69c5b705.tmp
Filesize
6KB

MD5
a49509ad05fd4f765ec1408e2984c69c

SHA1
d7d31941a1b52d9700b65421cfe5201db051666c

SHA256
e22253a8e6236c314606f4f36b51d8992f491e45da97e900db05b83bd4199fbd

SHA512
ac454b626e19e318ebb40aa39df6520a000d4dd853eb95bc23e46e351dbef0052c67fe7983054b89abf1831467a83b712f1b522c78434b0e20554cc130b154aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6741d949-2941-4801-9b7a-1943a03c8e03.tmp
Filesize
1KB

MD5
0486e91697de926809c4093c918f8f50

SHA1
18e62e9e27bff04f1d7e21ca571549d4f18b98a1

SHA256
9b3b14c7a312116af98c115c38c16100cd6f9f91e795bc9a4788dc0d078db196

SHA512
4bb4c37701b933380b3c4fb963630acc3e29946793a5d3bf320337582c8cb7396d2f61f05508e03baeea0a945452c1b1208e1a21e799a134314db782b5e1fac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
91d89dafe0e18f7f273d6b97566930c8

SHA1
678419dfd6b523ff366202b467ef2e1b5c2aa2be

SHA256
90a4810b5e4d32038f854f9ed657e1082da95188a9762dff87c65811694de39a

SHA512
07cc7c043b3cb6a9ab7c95335372bad6330a85e2305c066619114e25f2293fb1141863536e27ea68e779d0d62d95636b28104790496f005452440e19ac0ec0cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
bb6204c8c46e9446dcbc820d53a4abef

SHA1
3d241c91e9503cde6b681b81cb0ea4006efe874a

SHA256
55b5e823c1029a5942b237aafcfe6fa9c53803d80abb37b6d51d8c38227ee510

SHA512
d26f1b84d6455edb39ddc56b624180577dc2bd379b9fd0abd720ef4fa77dd615841a1d16cd57b6a33218fdee26424aa3a296124df013408b2100089d891e5ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
203B

MD5
9e8960291c77f88e471034aae970f609

SHA1
1c56a8e962af39f953d4cda3b057e2cff1868cb9

SHA256
4a3ad487037eca2587e6cd0c067eee50bfbff67bab3e4492c5183ea2721cb554

SHA512
f507e2607cc5e1ee9cf26adaece2a7bac44cb509dad3452f8efa2bd09c641ec86f4c53426b8474a63c28283c5d0ecfbe9d0326cacf9e98e1321540e2ead319b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ac1e.TMP
Filesize
203B

MD5
e5bec5b0ac7ce96ad221ec6952314c24

SHA1
32e57fe7c5aaebb21c54a5827260c44222ff6605

SHA256
6fcfd1af5fd927be22a29c1c7b89fd6a76926e1b6485222d55640f31574f046c

SHA512
947d77d72ff613d552e0bd7ba684f792ea8624558e275643d1a56e033c8902e2908a128bc2faa79586d0b0320271464b3dac8d9ab5194799e30c3ba411fe8bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5c99a3196d665ccfc5a738aa6ae39257

SHA1
af2a99418f98ba902fb41cb74ce38530c2fe33fe

SHA256
bc13445a47d00a6d10c031d11c878dde7e9d322d0a78030c240fc62dae1566f5

SHA512
241a2662fd17151a6cc96feb024161b67ee64eec4101278a63222a936a2ce9170ba374457edc67fb316ccc53e6dea924d62a78e5d45703f95b74555e98019c92

Download Submit
\??\pipe\LOCAL\crashpad_4856_CKVHGARQYESBHUWX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit