d2910bc42d416f627b69ec8e68af59834607276e5b1a8e9e2d4c3c88984a8b80

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65aaf33092a8ec3a5ba8df700e6ccfb2_JaffaCakes118.html
Size

71KB
MD5

65aaf33092a8ec3a5ba8df700e6ccfb2
SHA1

8c7364026ac4a3908369d50eefb6ebe6813bbc4e
SHA256

d2910bc42d416f627b69ec8e68af59834607276e5b1a8e9e2d4c3c88984a8b80
SHA512

8cc297646b80eb43a8f17eea98a04676b9f2c28f5b737a4534f91db1f4efc25b21b2f084113fa6066beb09398391533ddc8a1fad5103e700f954acb1a68f1267
SSDEEP

1536:T3xbEcC93ctjVz+eK+eB+eh+ey+e2+eP+ej+e3wI4B6taIO6eTk6JA4Ft95rc1Cp:1EcC93cttMj/YoxRB0aCMKVfSfMV616r

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2664	msedge.exe
2664	msedge.exe
4424	msedge.exe
4424	msedge.exe
4844	identity_helper.exe
4844	identity_helper.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4424 msedge.exe
4424 msedge.exe
4424 msedge.exe
4424 msedge.exe
4424 msedge.exe
4424 msedge.exe
4424 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4424 wrote to memory of 1536	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1536	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2708	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2664	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 2664	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 5056	4424	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65aaf33092a8ec3a5ba8df700e6ccfb2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4d6946f8,0x7ffc4d694708,0x7ffc4d694718
2⤵
PID:1536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
2⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
2⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
2⤵
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
2⤵
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
2⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
2⤵
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
2⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,14413735945452850314,13780128315951577421,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
13125e28e3ebfbf6f88d1552bac78f64

SHA1
c32207dec6e833def1937377621bb65285905b6f

SHA256
49c16a76873f0a4493e5f8e2efc84bb635c4db8ad2f4e1d01c285e8081494635

SHA512
8c71494f174b4d20222eeec0a8bf372bb257d364dbc89b642c3cbe12a654f33ee6d7fc3060b6a649e5b7bc5b7a01b9adecced5acb9df6bd5af5ee3f8e678a6e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
00300c419342cb8e8f93b15e9b461e58

SHA1
725399bc50b777d36464cf39703e8f37610b6ae6

SHA256
3a11ed884dda964c1758d59a08cb2ad085b29f435b2b68fff37f72d912ef1f7c

SHA512
d36c4ddf5f14bed560dca6ab6dde565139754882448817c4837b93d8ef9341e4f3f4be805bb966c129969b874321bf88e2e631e42aa4cf7c9df82b791030605c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
bf35be575433950a254c1c215ce57f69

SHA1
dcaa2127ace0c965f0415ef7402503dc65a40b73

SHA256
a7f33d70bc9bdd0e4748fd5935378824dc52a8a55356bdb35034e1885c95e8e4

SHA512
68f6eac39beedfbd27c8b605bedd257d83d6e742130a489659ccd464019577e3a95b1968833326f2faad156eb8a9e16d718257625cf7cdcce20fc949739cb841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3c40f2db5ddaf19339fae0873cb9a0c9

SHA1
5e40ff4b2128e9cc30f2859067c7d9a9a6eb5104

SHA256
33c7fef5302c5f9475a7b4634b9aa6b337414a61facf4a5706a3fbbb280604c2

SHA512
323e2be829d531bc06a93d77226e94cecfb9fb543dc54ebc947138b166e2dcccd900d12ff4555424f12c4b03c361142527e35a36c3e3b69f9fa70903a60d376e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6b83f6bb9e61329d7134f45daf2ae17c

SHA1
8c44f7de240b5807397be9a476ebec6933d803ea

SHA256
f8a00be9d6996f37243103106aa8e0716c19fb574f8a461adfd6a125e03b9ad4

SHA512
daee0bec6ecaca00f9259ce08acf6f236df6bb35487307edf4cbfb682d9a10d90904d8a59164e5e37f0599dfd74ca0ad3b02bec302982526c2f0f86f35a9abf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
de89133c8f67c122aec1ac93d91b3154

SHA1
67d32b78d37a6ec73febc22120382d08c7cd7e9e

SHA256
8753a96dca185abfd57531bfd13e67a4925f00fd3414714e6e6847cf42ce204f

SHA512
405bdbd87fa4c7e5f0ce5810f25e35eed3eba5f21a7b6d5665c6d81be41f340ee601cb5f76b7e3b55a00fecf250c729d5412bd5559385ed7340ee5ecdcf80dc6

Download Submit
\??\pipe\LOCAL\crashpad_4424_CFXLGFYOVGBNXAMK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit