9610c7f2e13eacc0a5f7a6142cf9da61a91753bd31a8d2c44564ba2cfe1c18aa

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ab358813ce4b66a0773888b0beca03a_JaffaCakes118.html
Size

58KB
MD5

2ab358813ce4b66a0773888b0beca03a
SHA1

698be227a863fa0c4fcadc630c610290dae2bb02
SHA256

9610c7f2e13eacc0a5f7a6142cf9da61a91753bd31a8d2c44564ba2cfe1c18aa
SHA512

b9224fe3b735dd53bdc656ad6577996622fbd25933d7e756bebb833bcc0f27ec5c626b6a5d381eaebe57f770ceb206e03e5bc9c9aa0e1fe80ec26af20ea9c46d
SSDEEP

1536:gQZBCCOdZ0IxCWnXWfYfrfYfgfHf8fXfJfJfqfqfhfQflfSfDf0fafKfIfnrfifp:gk2j0IxcQzAoPEvxRyi5o9ab8CCQz6Wo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
3064	msedge.exe
3064	msedge.exe
4452	identity_helper.exe
4452	identity_helper.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe
3096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2596	3064	msedge.exe	82
PID 3064 wrote to memory of 2596	3064	msedge.exe	82
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1260	3064	msedge.exe	83
PID 3064 wrote to memory of 1032	3064	msedge.exe	84
PID 3064 wrote to memory of 1032	3064	msedge.exe	84
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85
PID 3064 wrote to memory of 2616	3064	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ab358813ce4b66a0773888b0beca03a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc42b46f8,0x7ffcc42b4708,0x7ffcc42b4718
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13182364000414584909,17295948064264527270,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0ad6c1ed-9524-4f3f-a3c8-0c8df8bb7bc1.tmp

Filesize
6KB

MD5
d3923df9b7438547e49e969e898b0b17

SHA1
316dfde8aea17840d9a340f72e78dd683f747458

SHA256
1929d27a99e129e1a37eeb74a526c10f0d022b80c3da1758067e66161b072174

SHA512
d6910b6acd1a3775dc9f9f8aa6ff246117ce36f13dfb89880ce5ac9b3d7dd9bb705849968ad5f547ad705641c4c35c56a9bffae66bf28572f295f2f990adbdbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
c705b03cc71e1521f9c2e0b89447093d

SHA1
275618268855c93c4ff01fd8942df6f276af28f0

SHA256
c14fe6901cb4f7d149404d698add6cc13b97b99dcc3eb8c2873a4ee9ef46a7ac

SHA512
f586d3b3f21f875518025858b9b73423063a9bfee48020b0674f96424cf2d3c71a7ef623d0041052235673cd81e52468040f89bc3a2a240e12be864be8e25330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e18ea0fd76b9717c840f38e6d05f1e07

SHA1
343d7e382adb63a5ca09eade34616b5a3e91d461

SHA256
e2b4ec8ced21ee7253276f21ba2ef279b90b9a772d82af4453f7eecf14efb507

SHA512
593272fc1cec1766e25272d40249d8fd591f8f8b7fdd51f5700e169473c83181d338f53ff8c3052261bfc9603475c904aa8ad292d85427aff9933e72fe357c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f734c7475b9fa383e39ebe4d58ab36b5

SHA1
fb8b126dac4bef843b7cb70572f16293df59af1d

SHA256
0e42a05967a98374066342e335a0c120d146d34dcc5f720e086ad0bff7cdc55c

SHA512
d4f92565d46fb29ea8bb15318e55d28cb58b8d1a238469345b7eb921fe9968b53e06652b111a5f6ae82164c8933fd21254bacea93a5b6d5330e6ad6b3bc6da25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac0212a028fae4b97be5c8c8724fd0fd

SHA1
d6a449b1183888781d6add8ab03a61cd411b3082

SHA256
04ad9f38cf5399b001ceae621954d04e7732be85db1da2587e137dccb6547075

SHA512
d6731001446463c94b258b0cd9ad235ef4e596cc7b887c9605da698de73db8f7ce1d72ecf5d47269db284dfa8c497abb91c46827cffa2e1b311214a04bb5686d

Download Submit
\??\pipe\LOCAL\crashpad_3064_FAWGAIIEKZHZUMNZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit