a8156a40b599a1244d55860e1e175d08c9dd880d1150e4a9a75b1e5e5895576c

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

691eff566580558a3da9f4c9dbf0014d_JaffaCakes118.html
Size

48KB
MD5

691eff566580558a3da9f4c9dbf0014d
SHA1

27c97d1402c726eb08ea2e444f34da31cee3ad42
SHA256

a8156a40b599a1244d55860e1e175d08c9dd880d1150e4a9a75b1e5e5895576c
SHA512

3ccdd5394b6cf550c4b3be30449294235f3f4b5e64dcc335d6e7645ddd738b70e3f89e569aa08d2ecb57e6b50fc0398ee1645f94ca13a10ef983eaf2d4e1ef91
SSDEEP

768:j/Vt97Rycy2aWzkHa3Z3MUqBTSaemAEL0jqckF8SC0/ZuOU:xt97Rycy2TD3iBZSaemAEL0jqck0b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4984	msedge.exe
4984	msedge.exe
840	msedge.exe
840	msedge.exe
4468	identity_helper.exe
4468	identity_helper.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

840 msedge.exe
840 msedge.exe
840 msedge.exe
840 msedge.exe
840 msedge.exe
840 msedge.exe
840 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe
840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 840 wrote to memory of 3204	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 3204	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 32	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 4984	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 4984	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe
PID 840 wrote to memory of 2384	840	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\691eff566580558a3da9f4c9dbf0014d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d954718
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2962799186915186863,1783139861227759544,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
475B

MD5
b3e429a7d0f0b025ec798905599ec5b1

SHA1
9cb89324fb363641c8fe07175ea20c8c8f2c11c5

SHA256
eeb463b95ffc49fda340648e07431d4b4192a40580e60911739f7b026aa3b7e6

SHA512
972b9f87eb40405997754b1ed9aa02c5345d4e1ca915c50854e97d8b1ee252c8d8a45301eb10200ffcc1e5465741e4bcd27ff4b100a6581b34cea8f319d6035d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b08747f575da85af89ac50c347d2fded

SHA1
d051aa9d00c64a69ee300ad11e930d3414334e83

SHA256
f0ce9fc7323d80a46c6addd924c48a9074b22d66e638d345aa91d0e5573abdd9

SHA512
2d22d9e3f34979a33f236849f1bef4b41bf6fc66c037b0c9c0e6dae93a571abe1fbe4b766e91fa80ab29797d368f5cb84579fc725a9b4461e33ccf1e69ce7724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61a4df64e458f6d0b3a7d73220f1ea89

SHA1
84298219199712dd3a7ba2ab4182994665166f0e

SHA256
65ac41bc822eebd2ca037d0099a50575f8e6bc8f21f7502663884ef5945ae2cb

SHA512
d5919e75c8ea00b9b63d0d200df1095c1079a819076092fc20e59cf5a00d51b31f59719563f7da42454de8e6761b4a5b46366f0625f04d09154acf8b1d09d30f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
571a46abab837375988fe864ddcc2cc0

SHA1
09e7c9c34626851ed398da74db12615c631ceb73

SHA256
4a74c12cbf9df95df8c96b731391a56124afe976dbe33b34684a05b16be2ed2f

SHA512
4107642b67f7af8cd6c575ce11671337e85649dc3627348a41e90776258d1c0f5b4ae8391b9237cc2fbb3be21a449d03d4806b374494de3b6644edd9ad0659d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
3cb18a24788a6513b8f1e98dbd8ae367

SHA1
2bcc3fe27f0f754ca2a946f90bdc2c954ec766d2

SHA256
35f2cf63241b6226157d93e996e3d6685e5288ceff781f8aa609aa3241859515

SHA512
938e9a92d7e7961ef10a6813a8217f4f748c535eb672496e7d98b4b39ced606c1fafd4f719da9ba7d10d4ae82a8ccb9dbd26c0a2083d6d3f3096146ca0eade4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d4f3.TMP

Filesize
371B

MD5
63370fb6fca50b25a4066caea668ecf1

SHA1
84b5f3eef05c13642a6194ce3c0ea8935fca719b

SHA256
61b9a2c476ba043a2519b631b5ace07fba4d6c47953168fe77ab83326742f26e

SHA512
833f530c84a533ff51dc2419c722a8ba5bbfb757d2cb92ab5bb99a6e5f8d2da1f3d375cb49758bb8943066c18ebb608412f3998b9987b9127a867830c44c50ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c6584883ff847268ba1b86c721811210

SHA1
ef97411ca93c4e6a0e011a65ea74562d17311055

SHA256
437f8e4aead5f78e655c8f446f910d612557ab9b7dc9e183d14d0e7533d25514

SHA512
afa8854e3292ea0efd7fd1666cbd2d8d0f46e9411fad11db70a978233ef75d44e1786eccdcc1463b68c6ee40fb3982a9a39ae17e7f31ae4a4cebb44e29810cc7

Download Submit
\??\pipe\LOCAL\crashpad_840_OVKUIWKJUFXIHCPC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit