e0bb233e45170478a642bdc38fc3cee0c60fa2dbd4e45bff57d743405535f92c

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

695f098aa42ad116839f7f299c24cf33_JaffaCakes118.html
Size

68KB
MD5

695f098aa42ad116839f7f299c24cf33
SHA1

9373f054c40d90bfe6742727d5df20b34375f99c
SHA256

e0bb233e45170478a642bdc38fc3cee0c60fa2dbd4e45bff57d743405535f92c
SHA512

7b161e2724692b225c908041a3b036553c559d069bbe103314a42e9b95223beab66456e2384f66d54321a9c68b0cff7bf7ba2c57e33e56886861a95582c60678
SSDEEP

1536:ePsVuiAt+7faV3YPYUQWqIh4cEvrEwQOfzh7aVd1o:eke+7faV3rWH4cE1QOfzh7aVd1o

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

2976 msedge.exe
2976 msedge.exe
2880 msedge.exe
2880 msedge.exe
1132 msedge.exe
1132 msedge.exe
1132 msedge.exe
1132 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

2880 msedge.exe
2880 msedge.exe

pid	process
2976	msedge.exe
2976	msedge.exe
2880	msedge.exe
2880	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe
1132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2880 wrote to memory of 220	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 220	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 376	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 2976	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 2976	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe
PID 2880 wrote to memory of 4500	2880	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\695f098aa42ad116839f7f299c24cf33_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d9546f8,0x7ff97d954708,0x7ff97d954718
2⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3021599962259665863,2196098405775651613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
2⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3021599962259665863,2196098405775651613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3021599962259665863,2196098405775651613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3021599962259665863,2196098405775651613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
2⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3021599962259665863,2196098405775651613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3021599962259665863,2196098405775651613,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
73KB

MD5
0869f7184166e1f830d69a17862202af

SHA1
9aeaff5a79096cb3e627a227c6af7f3941d91204

SHA256
89cf932cc5108b87f3e8a2095246e9e5e906c2cfab59027ff91c573f08470561

SHA512
dd6e73b7b489110a19e93457a793124515ac721bb589696269821aa3edb88d55bf4d986ec42f3913820fa6b31c664000dbc347c8c96a9e71475ad5677c6a1c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
588B

MD5
bb8a252c4626a11a1c994ce648d8f6d7

SHA1
a0585be515b9f330018b4611325119f3292ffcbe

SHA256
21f21660a023072215eb18483ad5c31e46dd0cf40c9316103ae3bce6fff12bdb

SHA512
71465f8e443c7f01ecc9a76368f2ebe2e9798cc3f12942761f64cab67ad9c6556f04be60c475dcee4146d9badf317cae810f37b1ee107e1a576bf331d7995860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0569099dc826a5201206a641b7f1e6b1

SHA1
082b4a909cd5aca9a9d5ab395832f1217b0cb466

SHA256
e0b3edce735006c38301ff9f8d37a5fa375c7d53056835beeea302f298278daa

SHA512
a4325c718e4791fc0de624b99e25cd1df5643883b7449e31af82eb9284cbfb75c0fa60681699f3213acfe6518a60b2f37d79636873b3a9af9df46db0d1191d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
304c076fdc17039b9f34b90157baa3c9

SHA1
5a0301df7e8cd890aa3d088b5ae323d2dfee3ec8

SHA256
0994b742ac7b4345d21cf264afd3376d2735697f96dbd3a047e73f2d85f15795

SHA512
60f4435233092408f4263e78e6e9e7d9197f348d519d0af44d7259af9692b56de0da1f8f52a9f03c3f9026dc6d69cbd71af141bdfcbb2fa1ef02631f594dcbd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
a5684ad2092eed6683defc5c8319d96e

SHA1
2266753253b8b7b2f11b134bb31ccc9b1e293bba

SHA256
d20808ace6239c4e87495fc79b9f15687533d70df4cfe25364138167ca47955e

SHA512
973a4b880fc2e656dd6d4eccdd47d1e2159ba18f849698e63631613323f1127bbc492d79ecd68c9d1e1a38ea6d958e9fa6f2dcfa5377799d81340cafb6dc55af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
a149e37257187c7779373b591656cd3c

SHA1
72775e82b7996bbe9a0faac61c93cc110c4d1e24

SHA256
c910fc53f41d6d3929807162df9ea11aa14a632f2a21ef1dcfbab19582dedcf5

SHA512
1e3591556615aca106d36875cdb406e421f400f202b6be7016d8b139bbc33eedaa2d5b023171cd9743e74cdb1a12f9c76d0845dd08118164a16b2031a6f5ef0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
9ef80763592d2fdd3870a49e10b6717c

SHA1
733b14ebb8219a33f152f1067c5f34b2d974aa4e

SHA256
44dd744ec5d8f6ac199ec820f659a307eefad899aa1f9a7ae5b7056abda17ba1

SHA512
63882f1345310d192277f08698490ebe9b7518b6e649f2fb245dda3cab337a369f9e71e4b0ba80ef0d38df3fe3db5550df0a05273018904d803d2ad69f605406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
376d386e06434368833018c5adb5cba3

SHA1
8b38fb26c0e4ea6c01faac64910f8efe7731cfc4

SHA256
1b7c2c8ccb633669461de018cfd3c168fd3587e3a08ae8eb992c357939b9ec02

SHA512
f099745a73abcaee2db6a2fb9930f374c235a3c560606458ac87677d4c44aaf4653b7767d46bc7947b0e70776b9c9127ec34580463d7399d3efbb37ea3b691a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
e2590c899d4108c1fe74b3d637da1b82

SHA1
eb7cf2e7f3d7612a43e9aa2fb9bf7148d04d67c0

SHA256
6aef9b6b8d973cf0a76ad77e7c375d16369b3c2682dde4fb669d2f169f673abb

SHA512
3614bfa7d3a7b579bcedd2e572b4d5709430e07495e6a22883e6d21f08ac8f9b7a3e15c5bbe472808e1561bb7c74742e4515da5cad101a9780b99bc730679789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
4ec0dde298942630180d53ec842cca84

SHA1
ee20ece3d1396b3ce69d6fb592a3e501a2ec84cb

SHA256
eb54a4be850bfba1f57fe932be942a8c5703b50f8d3d9e662235b0eec0f9cac8

SHA512
bc816f6cd3a50f6aed994e8b0f9f6abe28d573f94b7cf51d25777924d5678b3cc7415c3b00abdd83185cfc12352153427a21f393fdac96a51de1f92d17e7bebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
bcfc05a410422346ff64ce0401938e67

SHA1
5e875cc688386267efdb327d2d1d27717817917b

SHA256
681beb3c20a38712eac5d5bbe0cb0c1adf134ceb80d6386dae8c4c54549e550b

SHA512
1020c1250d5e56e47156638acd1b1eb163dbf7a8229b847aa6382f3f9c4f79c91137879fd877d3ea35b224a1d22bc1e643424dc2481778454950ea92653c2912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
c0753a309b9098fe3537df3ad7745b63

SHA1
c4b17287a552f68c02095e51ca1f38b56710fd5f

SHA256
607654dcd259b13684b792d59cb66ed9509c111f98218c095205735ffbaee6ee

SHA512
c1e1d2b9aa936e20e680f97d5f4fea35ab0ba10bd38704d899b2022f53764974ca7c1971442d26d46e6bc7f396b8b3dfd24985ba453b9b4b8d382eefb7f64504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f0a9.TMP

Filesize
707B

MD5
d1c2cb4b06195390e3970913deb29351

SHA1
2d8901ce76aeaa623aea0b9e04cdf57df2acceba

SHA256
85dfdb49c712822fe481d5b6c0df54e28fd914708f39c5a0fca0321c948b654f

SHA512
2ae91f9f9f94426ee5cf3c043fc135751649ebea2e2d354759078b5ee27c5886da003e9473be2d6fdbce7f570aaac6939168bb567e8e0100ea9d6ddc56db3387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bced97177a70b4458dd790d841e6bb0d

SHA1
065599dba0498936254df40ac68d2181d4693104

SHA256
568157ec10d0703026c7a370deeb56ad9d6c077bb55ba461e2f662370a138e40

SHA512
b24480afc85c39ee8606f891112369755258f18829269443531f7fbe0883433c36393bb66cfe690a3fad4aac8e041897d7e579c68c9a5273d97c6132623c43df

Download Submit
\??\pipe\LOCAL\crashpad_2880_YBYAYEHGZUODBCHC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit