31f05fcb91b6887978ce7e68d6d303855dd3643600f5ebded06ac1e24bceda92

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68a038ce89601a87900cd64f83449c9f_JaffaCakes118.html
Size

263KB
MD5

68a038ce89601a87900cd64f83449c9f
SHA1

c92a7e5755c0d650a6de7c96a31dda03b1af28fd
SHA256

31f05fcb91b6887978ce7e68d6d303855dd3643600f5ebded06ac1e24bceda92
SHA512

7bb424a6be0824084c7bf33b0a723bcd990922086f0fc1bc2b7ed9542c9c8fee26aa5f3026768b92b9d7093852547822e78930c4bb02a8b7cf12d163a95ec749
SSDEEP

6144:/b7wsX+gnHd1ttlHaxrMiV3Rp3A/pKy+bDIkCKlfOWpYDBAttnWWi1VqTJafRMfT:/h/pKy+bfNmiI1Q7C6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3708	msedge.exe
3708	msedge.exe
2352	msedge.exe
2352	msedge.exe
1204	identity_helper.exe
1204	identity_helper.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2352 msedge.exe
2352 msedge.exe
2352 msedge.exe
2352 msedge.exe
2352 msedge.exe
2352 msedge.exe
2352 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2352 wrote to memory of 2340	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 2340	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 692	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 3708	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 3708	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe
PID 2352 wrote to memory of 4796	2352	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68a038ce89601a87900cd64f83449c9f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa270646f8,0x7ffa27064708,0x7ffa27064718
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17432674359710967191,11648928301328969297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d416f9ef9a962d1185f6e953ae415d00

SHA1
f6df81e9327257ea44124bc14926a9496962b135

SHA256
3691cbc258c3e706ff500928d5db9937bd713382dcd55ef3b019ebc3ccf606a9

SHA512
dc810e700c2a03636edcf2b2103caa5678eed45674b660df4b8409842b1c852110df60291e8d162a474ce1606a01fee77e3157220eecb3b3e71ef7120c825a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
293dcd655b023d7de2dc3770554d6be0

SHA1
2c1574c3664b5dd77fe7b0a324bce3af9a5ceaca

SHA256
d6cbea176a63523d70a2199acac97be8d93685f4a1f16bc3b8a2b4a7a0b4dd1b

SHA512
0708c89ba6db021e18ccb703033250375cd1fbd6dc51b57df151a70c6101353b732fcb1758c2558bb67e9778871e7bc7148594c4ad408892582637a66868505b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6269386689ff26a81a4c010e13e30c27

SHA1
dfa4176a69d90d2f7eff8427d98808d0944c91be

SHA256
8abefd78ca5fd7e7d7140e99958c9cb2d0a3df6585073c6eb067040921d6cbaa

SHA512
01b0115b1508c6430e0214a81e5b2065a43ce48b56e3be789cf100046d693087e1a8afdc6157f10a468309ce1e7f020216ac78f5f7af9a58a0d7cb3d157857c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f3f95e68fa7950c0a76856450906e04

SHA1
b7643b436bf21f01169f72d606f7a2374435c4cd

SHA256
d148b98603409dd5a3686f6dc507bb189d6fc075b6b91bd38a12ca6e66a6b591

SHA512
86885a584dc97cc3f230434c8aadd060bbc6178abd8516cce56173c79e3a2a4b067ba6d181a71b63ccd696ab5714856a9b40c06f112a227420a29de23be88172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
116b7e5a60d7ea34ff0f6a29782fe07a

SHA1
30d2f71a4376b7fc31dc91a727bfae852e60144b

SHA256
50621d1ffa1a953b59fc1ebbf4b9335d306acdd1c7329810fc2dcef5800e40fc

SHA512
59cafdb91601510ff4b5daf0b2926fbb174b3876f6c0562553bade5c9715c18a333262e424cc831317bc21af375f703ac6731f8be8933608c3b8120b887838cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad0d42dc9923a2a50e23548f9e36dab2

SHA1
f2dbd16feaa198e60e9065ce71125666c7a9d624

SHA256
f38f9eafae6a6462eb9a437eedfff424de87aaea1be9c7d8f17ee55803e75b98

SHA512
0eafeaa04d8057b7ddfcc397b75fbef95560b5c77a8dbf2f803508abf53204cf7f9cdd776319a0ccc30ff63e3577d09e61bca66a5d7407158f192570ae0d496a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c70acbb42c8a794181e9548a9be0b3b

SHA1
5cdb9a4691b2f57efe8df2babd142aa8cbe92756

SHA256
b9234f98ef3d6cd2e0572e3c1d4b8e0fbe18e7995dc6fa0c0af5ca0900984f9d

SHA512
2cc130e3028ea1e4201a05be1e453b3355f03f656df1f27b38f0cce1bfdf6e514c49b5d9252fe696e1b455de48d8270ff3acb001f4a1d2a02eafd35e758de339

Download Submit
\??\pipe\LOCAL\crashpad_2352_JPNVHQQAFRCUHBKR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit