916b377f4afe1464f033fa1fd6602c758ec3fe96b3eb9de6e0ed375863ecd74e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

690bdcf7404ff71b3ccb50f8b75ffb5d_JaffaCakes118.html
Size

4KB
MD5

690bdcf7404ff71b3ccb50f8b75ffb5d
SHA1

a3a78f515a6aefe5a6359a7563d36f97c9ab06e8
SHA256

916b377f4afe1464f033fa1fd6602c758ec3fe96b3eb9de6e0ed375863ecd74e
SHA512

e39e7f290be574016bfd7a22eb86e763100b90f20e370cbf3eb75cc325a7baa79a5a4a1c8a3b0c9d6fde65c051e9f3b0eb71f39d112165f29ae6e5cb9eccc8e8
SSDEEP

96:vTAEhYWoYT8AhFEs3ouUI+68335+73uSsWOj:LjhY9Y4UFEs3ouUOG35+TTk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

1168 msedge.exe
1168 msedge.exe
1316 msedge.exe
1316 msedge.exe
4184 identity_helper.exe
4184 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1316 msedge.exe
1316 msedge.exe
1316 msedge.exe
1316 msedge.exe
1316 msedge.exe
1316 msedge.exe
1316 msedge.exe
1316 msedge.exe

pid	process
1168	msedge.exe
1168	msedge.exe
1316	msedge.exe
1316	msedge.exe
4184	identity_helper.exe
4184	identity_helper.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1316 wrote to memory of 4772	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4772	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 2792	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 1168	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 1168	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe
PID 1316 wrote to memory of 4088	1316	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\690bdcf7404ff71b3ccb50f8b75ffb5d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718
2⤵
PID:4772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
2⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
2⤵
PID:4088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
2⤵
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
2⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
2⤵
PID:1260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
2⤵
PID:3576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
2⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
2⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,3711156130133033094,5599202655227322592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
2⤵
PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3832

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
190B

MD5
93a98c93942ee2fe41f0eefede687fa8

SHA1
630ece074cd5d13d9ccda134dfb76b4bab71ba96

SHA256
7f9f5e47164c2060a1d280193af727ca9fad0a5c2053562b9a4d828df2ed78cd

SHA512
5a57f1e1e72d6a689c10ae1ca7bfcee4828d7e5f523c14de560059019d0d124082f3588845c504953709697b70ecad38e2120e0f3ac757f4e97ec51ee098cf5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3b5c8ed5d539839c48cf2e0b9764e849

SHA1
c053c7d72cc5cd3c95836880b461752d1cd76965

SHA256
ade50d25aee049bb8580d7894e29fa018d337c66bdf6b2982e54642b010e2103

SHA512
7a45f14db9a757fdf4753e476f3385d287e5a7ee99ec8a929e581a53e44b57ca319951643bcedbe08a134b264dd08c860776c2c17ed3ed02b5fdf59f389ad43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0a0486a96cefa8b106218e0986df34b2

SHA1
5ca5bba116b899a85ed9e4b242a236150540cf9d

SHA256
1f97a0493eb6d3b885d9cb95c09c87cac5db2247dff87594a5729195885cf1e8

SHA512
31aa4fa8d1229ec61e1e1d50c039655618d44abacd2cdbd1898457bba9ddc7e785af9e190e28c95c24975c8464e5e968096bb2338af04de84ca9f3472ed20ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
bafd8adc48ff0c80383ebd839f79d3c6

SHA1
6eadcb7b69cd548738be6aee4ea01cb0a937caf0

SHA256
84071fa454adae35756bb66e445ed1eed9b66d8318843413b691bcea3c351c92

SHA512
57b535677b5d2e980b8c89b6f01322027c0f417821cc40eef6b0575515c00b2b0c6850f4be73af0a603716dba8433599f63527b6619ea0c27d4b9b21567a51a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f539be5c4004f608e705cc5d6c149a8b

SHA1
e9bc844eea799d93705d28b569304abc46c30df5

SHA256
ce794a8bf5c8ba1e583525933b11b6be40daf75731b9253957cc9409b0bf1f1d

SHA512
5edaba7f023663fee97fb0b8c91db7a855cd026fc000ea8f3966c4acf8bf9cb4c2aed9a67474ff9ac769ada227635f44e9d4938654c4a833579e011ea88499af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
7e3a583863f8c7ca80fafca09322802a

SHA1
0df405bdc3a8be540190a3e847d7f6d7b1e932b9

SHA256
00436c5d39a38488c27e4857a422deef0cdf4b9770a272ddf92fb1dbeffc2edf

SHA512
2377d8d595c2a8c7357e938dea2f3b55eab626360f48bd8350b47dae474cf7c824245acfc814def480ac81dd733ac0f4bd98c7df872ebfcf9da9345b65d7636f

Download Submit
\??\pipe\LOCAL\crashpad_1316_POQRAUINLDOVEGSG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit