ddadfebfff45b28aa0fadfffb1f299c963e421cec8f972b0d84cc66123c5b6c2

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

688ee6286db9e3d9c139dfff594b023f_JaffaCakes118.html
Size

28KB
MD5

688ee6286db9e3d9c139dfff594b023f
SHA1

5027b5575abd26051cf8fe4217d9b4246b47deb1
SHA256

ddadfebfff45b28aa0fadfffb1f299c963e421cec8f972b0d84cc66123c5b6c2
SHA512

4556cb1feeb7060a0b9517dc524394333e012b24cd3f298d9dde056f34261dde5fb133c9de4118310dff8e891e98ce9f94538b8f188d39564bb87f895d3724a3
SSDEEP

384:zdNjujqzh0pkn5WzhRiP85fB4i6Kn8t3GTgr38UwipSjf7Ue:xNaezh0pkchRiPofB8+iO5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4196	msedge.exe
4196	msedge.exe
1324	msedge.exe
1324	msedge.exe
1168	identity_helper.exe
1168	identity_helper.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1324 msedge.exe
1324 msedge.exe
1324 msedge.exe
1324 msedge.exe
1324 msedge.exe
1324 msedge.exe
1324 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1324 wrote to memory of 3172	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3172	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3732	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4196	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4196	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3492	1324	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\688ee6286db9e3d9c139dfff594b023f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6ed46f8,0x7ffea6ed4708,0x7ffea6ed4718
2⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
2⤵
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
2⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
2⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
2⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
2⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11115293089786926592,8058519754987041567,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
a01d98240d97e8792f1481595893e09f

SHA1
db7079a04f9a6708e4223a2f016b23be0f1ec544

SHA256
2cb0a9dd4875a0ea4cb9b27715a935124104547616fb5c422db81947b57d380a

SHA512
ad99bd2021a4a97e19234d85e3c22cfab3083106501b7faadc358deca941f9efe5169860f4adcef2576e62bdc3385f656f88ac1aa9254e5b532e4901217f5898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
51fdc4b7e41711f0f4f3ffbd12cdd92e

SHA1
2fa18d5978ce2c8c8b1f42294f176abc535262d7

SHA256
3f2828960fba8c7c2f02da2abdf69c276740aafc494c1b6dc4c35a16888b51c4

SHA512
c125c4525312ab00e1715d13a9be08b9a5b4fbd156841e3c372dea5d83e953e97d5bd687bc54331c39afd54e4ca7311b54263285389bed7ad5e01521c2669fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
237aa5379fb5aed10a23ae4f8e5b5ff5

SHA1
e6ab2aa4ce493ec032bbcfe312ad90b04cc099be

SHA256
af223a5711457346695df9b4e53b8f16b8ca47ca4e382b53150715541cf710ba

SHA512
87a115d36034eaf117c5d1acbcb5aa0af7645bbca112b072b1298db15fe9eed520f3e9bb911fca2cfd67ebb2ad1a324c3bb45645fcc7a9fe3d6e94eaee4f36d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56c06877b9eb9aadf736b11c91127cfd

SHA1
44ef0d504177f35b7dd02bdc8e271f7a48f16c59

SHA256
1b3c387d6ea52c3ef86001ed4812633db098afe41e92f4c5a277c5dc5d789b80

SHA512
ba3f6c536281f1150556ebf8ecdd8d078a9b6375f6dc717eaff1bacf73a74d898822dde401f5abdcffa87df6fff28addaf2298d4b8ac59027fc71d7e78581957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
57b17624be8bb6b9fcaa1f87fbeff5f1

SHA1
f22522f8ca822a5164e3824fe65df579940af61d

SHA256
a16f0c69fae5c91c51c79719f867eaaa34db38afafcbd59f3da48071ad8aff79

SHA512
add4d8fb8f919af814ca863cafe3d4285e9c62ce55b36d0befcf066e1435d038a9a87f9d2a0b47b2eeff21e503c9ff7895de2ad741b8fe03c765196e811f0095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d7850ff8be417d11b1a2dc5a59c28a47

SHA1
b35c7ca60ecbc9090a2707762c39f964988cae94

SHA256
e5994655c95da0dff09d91dc0dd2e6161651ad3208afd514f9e2b562dac48c84

SHA512
00b66bd91bc63ed7b37394b78ead43f50128b7bb94b4174332f2fd7a02c18948585c2d2d866e8167d0a2918b3e80147fe84baad1bf3e3d9d5ff61b8e584f9143

Download Submit
\??\pipe\LOCAL\crashpad_1324_KNLRUPHQWUJQZQHP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit