008aca3cb3d05c810aec4117543ecc9bcb77685d5fb35c24c13f7f4e5abc737b

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

692917eca251b4de7d932a733dbb28b6_JaffaCakes118.html
Size

56KB
MD5

692917eca251b4de7d932a733dbb28b6
SHA1

19a11018d5f59ffcecb14d042a17f306d0f9af36
SHA256

008aca3cb3d05c810aec4117543ecc9bcb77685d5fb35c24c13f7f4e5abc737b
SHA512

593279ef49bab80f8a8419dddd93feac1b0a4987a7b41da1df5400d2a1c8b040240dc223c2d51723b8f8a3d07cd84ef96373cc00b43ca60ad176c770ecaf6423
SSDEEP

1536:RFSk4hMZtwmHtDqOHv7oKma4kpBiVLB08XxMw2Dyt/u:RFkhMZtwmHtDqOHTDt4kpBiVF08Xh2Dj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1296	msedge.exe
1296	msedge.exe
4440	msedge.exe
4440	msedge.exe
3268	identity_helper.exe
3268	identity_helper.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe
5080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4440 msedge.exe
4440 msedge.exe
4440 msedge.exe
4440 msedge.exe
4440 msedge.exe
4440 msedge.exe
4440 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4440 wrote to memory of 2452	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 2452	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 4140	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1296	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1296	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe
PID 4440 wrote to memory of 1500	4440	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\692917eca251b4de7d932a733dbb28b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8c1346f8,0x7ffd8c134708,0x7ffd8c134718
2⤵
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
2⤵
PID:4140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
2⤵
PID:1500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
2⤵
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
2⤵
PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
2⤵
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:8
2⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
2⤵
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
2⤵
PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,883218441406366347,8318001220770375807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5812 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\91bc98c7-3272-407d-bf86-6997dc6f08f5.tmp

Filesize
6KB

MD5
de1cf2ff71d55d11b8532a39b8a32249

SHA1
28fdfb7b14335da79074eb40330239f9a8fe2974

SHA256
0889290a600949dc5fd8f46ef58b133377864d4c780daccb5285daa7376b9eac

SHA512
5e7997e8122a75104c88514bed965d53baea329786676e3743f40a24f231c8a11be5f4e38ed36663363b3b28820a65a8527ae6b9b1e4c0687b1ea815c8586edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d72b7a0aad685ba32c404aad891aa4cb

SHA1
a66c9f8d573edd715eea9c9e716dc627674652c0

SHA256
a22b9e05fc82c21372b83291cda21857f79ada4f5598ce440136cf4033b87766

SHA512
cc373a32c8a71183e0d7f76d60edfe4d41af9c5e4cb2af3340ac177c25d681111f41c28ac0fb195fc7fceaff19fe2f6fd83d5a7aba63489388523433b13a4033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cd33b46b25d14fd1b3aecb6473706d18

SHA1
452affa18ff1ba3fc7ee870008d7a8fceaad2435

SHA256
a0c5a9d0fd2e4cb9746dbe4fca0073aee0288a6a22ed0ea48d8c3191bede3b89

SHA512
b90ae300ee34f7f97114cf0f366a34a51cd931714cdcc5e310af31e8a81507f7cce3b19f39b0952a274e936055b422c8616e6b09de038138cd13da2f2a6bf947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
82f8c1aec031910d1fde8f1484a0db83

SHA1
b647c60076f569164c6fcd27b1a44dbb3609792d

SHA256
a68adf6554b0dfc7209641f8a8b60542b6d9928703d2203258864d502e3a4244

SHA512
b073aa3697ef40a4dfa16ace0c2f697c5f0ebdfd28478dbd6c171bfed3d01bd2c2c4dcedb56ac0186730c64aa3ac876216601a98470ed50c34df0ffb11efc1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b52afaa5b97da452681176528930d31d

SHA1
7065163bad36778724a8988943358eeab48edc4c

SHA256
3f005e1d5d0f9169715fea90104aa4beab24be6f02bbc3b53f9c5e782a433925

SHA512
6661832fef29193b9fea2a0b33f485e752bca7015e0227cb0b73cc7a0ac4b7391bb299aad0d90c700c417c63093f9eba5b4d1e2462d69e582583f7cb19a05302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
985889079f8ded69cf41818542e8b568

SHA1
d8bc1e4758e3d7daa2b66924575417a36cade617

SHA256
4b53a8b89fd34adc67bbfceb729713ca3adcc2762403537bbf9db2ce807abcbe

SHA512
e3f5da2dfd33b710ec11d4574535c8f49335c20ac8f7aff125570e57ccc7fdf6a7ede13eaca0836fa4e068b1004e92e8d104eaf8e42e614ea80b2eeaba0f069d

Download Submit
\??\pipe\LOCAL\crashpad_4440_NDTUGCSOGPYZRTBF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit