6fce4d76305e05629ee4fd6293d185ae93b2f338e007e3df35ef3199d4ab678d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65afbd7e20c67a387caec152709cda24_JaffaCakes118.html
Size

202KB
MD5

65afbd7e20c67a387caec152709cda24
SHA1

0305e6cc626516bee065ca4d7d0f1aeeb22a6b14
SHA256

6fce4d76305e05629ee4fd6293d185ae93b2f338e007e3df35ef3199d4ab678d
SHA512

4199ed8b7524c9603ce25a852aaa0d1438598bd1b0981ead406529f2ef6516f8601aeef0e76794004aaa6e6dc9bac6316cc1c106b02abd52bc7890c0f6ca0ffe
SSDEEP

6144:/3t/hEMHESUl6AYgf5zqo+cu+OCzTQpni:Pt/hEMHRVAYgf5zqo+cu+OCzTQpni

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1636	msedge.exe
1636	msedge.exe
3160	msedge.exe
3160	msedge.exe
4192	identity_helper.exe
4192	identity_helper.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3160 msedge.exe
3160 msedge.exe
3160 msedge.exe
3160 msedge.exe
3160 msedge.exe
3160 msedge.exe
3160 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3160 wrote to memory of 548	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 548	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 4496	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1636	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1636	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe
PID 3160 wrote to memory of 1104	3160	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65afbd7e20c67a387caec152709cda24_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb2d46f8,0x7ffedb2d4708,0x7ffedb2d4718
2⤵
PID:548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
2⤵
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
2⤵
PID:2844

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
2⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
2⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
2⤵
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:2840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5598953002108432562,3456078086124257990,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
480B

MD5
4127a45d7e9864c84f14e9fcb57422f4

SHA1
260ecc3e450e4a42bb1aa997f05b7417ad8167f7

SHA256
d9da046009563b4e7b31e3b8deee051d35922c5c99e74ee0f2445c201cbedc7a

SHA512
0a1acb3abd391e39682f26146ada293a4c0c42bed350a41501fbc429518cb843a9b955a8afa0adc69d777a9e5364221c41d1a25482b09bbec406c9e4a4f219f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fbfd637efd8216e1244116ed72d50a3d

SHA1
c2d1444179b0c4ab7e42b4ef8ef41bfc1ff21740

SHA256
646e424a4bd77f594a592179dd4c35f3904e66e2324507cbd3b81b9d8fc088f6

SHA512
1c645b0fcb6da6e7b7db619536a34e8158274cf25d1e9994395773c70f5bafa13fa807f8d6e5d399b513394b3c5761520447294410ad27cc2d920522c99c97c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e19174e0d868ad1b8270ed219075306

SHA1
bf358451f594e817935f5ab98d6d28cfff400d44

SHA256
acfdf142da977910ac0ebe4a22b3223edc5913856ca162c7e2e1f9d4809da779

SHA512
9d67eaefda1096226be0c894e24e5ae555d7814e03d21712134bbf25e866ceb4d35f4b86a93ed18fbc9bf7a11325684112fdf6631f5b6647d1a8ca62999b67f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68f2285a21e36a3c876222d5ecb5327b

SHA1
1220f95e411eea3f6743c9b630316ce8c0db72a6

SHA256
79e2c6184929c73a516ccb5c5f00a8e4bf648894ba3d4840a5876a6a088e78b8

SHA512
c7a0e70bc42fc425f971625c69ac044b77bac7fd2cd8261cc184f51a2a19c5bbc7ef342f67b77cd4c6aee3755e0cde1276d24c10f5ff6aa95b68679589784369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3a684163ad4d327187d45ae72a68085c

SHA1
b542db59bb0a1c7864a151e74257cdb3c7558128

SHA256
23642fd0c169ec6d526c0ca6ff11f04d2d85e326e3a977efe34b822bc8a5427e

SHA512
6557c52c188e440ab6fa48dae587d0b9fbb4269ca469aefaba281f1cd390751a4ac0ce26a81f14d0a66714cd33940e4d3942caa49e4e33ee16186d7849f83a3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581ce9.TMP

Filesize
1KB

MD5
f331050332fb84060206da76f74e7f64

SHA1
81fb2c224a9b80cd8a617dd587dba5cf70b9918b

SHA256
0251b86d98064104b5f127be2752b5edc6e6d52b0b634ab29d5f46511b851554

SHA512
47e0572fecaba83ea014dd6af94cadcd6f294f4e2b1779b46c8d5cc04bc1cf16c80b74b7f00caa356dc882864756f5411d92a9cfdc2e024e7a558f215797e959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bf43f3926cd09521801ca6faaaeef5eb

SHA1
bc2393411f85d5746986879bb7ab1fe05483da6c

SHA256
ddd8dfb9a210b1f24e9cc323d2532f317719c370e6da966a28372a14890d883e

SHA512
f40728ea533165d063f51286e2a8357106f0eae5573f65fdbe209438f3656c43c0d6de37563755faba97f03365fef06a41b7332947a05fbb67b3e2a1e77826a2

Download Submit
\??\pipe\LOCAL\crashpad_3160_SGJVRTOZEJDUBOFH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit