afac2ed5012f925c6ff34c294171cfb976aaf72a6e1fadfc3526748d9a16ff4f

Analysis

max time kernel
146s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3857f37e7b7f8fc69329d15f0f434c79_JaffaCakes118.exe
Size

55KB
MD5

3857f37e7b7f8fc69329d15f0f434c79
SHA1

1b167163bb044aad2a1e06d7bbed5d12eb120c0d
SHA256

afac2ed5012f925c6ff34c294171cfb976aaf72a6e1fadfc3526748d9a16ff4f
SHA512

a79e7148aa8247ae412e5e0f1a4eb232364481e4d5215355c74933a35e38a10f3b8cd735afae05bac7bb373921aebc07319427e71121c9468564f55894619a27
SSDEEP

1536:631SGQg8CZ9mPA1RXMMGBkyJMjZROYJT3bQghxHCZKMU:O1LU41RcaCMMU

Score

7^/10

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bgtools.exe	3857f37e7b7f8fc69329d15f0f434c79_JaffaCakes118.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bgtools.exe	3857f37e7b7f8fc69329d15f0f434c79_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1328	msedge.exe
1328	msedge.exe
2720	msedge.exe
2720	msedge.exe
4916	identity_helper.exe
4916	identity_helper.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1880	3857f37e7b7f8fc69329d15f0f434c79_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 2720	1880	3857f37e7b7f8fc69329d15f0f434c79_JaffaCakes118.exe	86
PID 1880 wrote to memory of 2720	1880	3857f37e7b7f8fc69329d15f0f434c79_JaffaCakes118.exe	86
PID 2720 wrote to memory of 244	2720	msedge.exe	87
PID 2720 wrote to memory of 244	2720	msedge.exe	87
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 4216	2720	msedge.exe	88
PID 2720 wrote to memory of 1328	2720	msedge.exe	89
PID 2720 wrote to memory of 1328	2720	msedge.exe	89
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90
PID 2720 wrote to memory of 1036	2720	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\3857f37e7b7f8fc69329d15f0f434c79_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3857f37e7b7f8fc69329d15f0f434c79_JaffaCakes118.exe"
1⤵
- Drops startup file
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mabeltoledo.com.br/original/Loirinha.wmv
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96d2746f8,0x7ff96d274708,0x7ff96d274718
    3⤵
    PID:244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
    3⤵
    PID:4216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
    3⤵
    PID:1036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:4124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:1940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
    3⤵
    PID:3456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
    3⤵
    PID:3252
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
    3⤵
    PID:3984
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
    3⤵
    PID:4736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
    3⤵
    PID:2588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
    3⤵
    PID:4792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
    3⤵
    PID:540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
    3⤵
    PID:1548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
    3⤵
    PID:2112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9223002989361656567,9141118240295246516,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5828 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce108e13dccb9b62ff6f811605d0fc3f

SHA1
f91eb60bfc7c0c635fc25cba84808e2318fbdc7b

SHA256
2e516b0d2a65f5b8ab922e659c34436ab77080fa869e959fe1f04dc0e53cee95

SHA512
6fe8b35baf4cd5da664ddb53fb87cb47b6727f6564b81924af7b3606733a73d2eed6bef5e909f6834d65752120cbbe4c0c35f2102c00a29b05c6f4b6ac48de98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a381534431ef11476a39c75063750e7

SHA1
5eae29aee9f02675ab1e91fe8b2464529369f556

SHA256
0604a4050f7935c26a97f6d94ac1880baa4ae1865f860d758f59f8b433e48e58

SHA512
63f175427f55303313d432a2a0baa4d2e8d565dc0a1cb445e71863553dea183a6e8ac9fcf2ab1294a3fcc629907ad0f8fd6c464c033dc25e71d7ec11c2b5fdde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d51d0b804a83c87cb45fce5843f24aa6

SHA1
4cc4779465a5420eede7926214526fefd023db4b

SHA256
b91d85b451d138d0686b56311ee426b692965b90e7bade75a648f7667939d3bd

SHA512
eabd283fdb495ab7d09f15ebf64cba295c91596205dc1f5ae027d4e7b9826703d53061d72c6b5a5bb18bc1a2a52b8901899abcba8d25420147e89ab8a1ba286c

Download Submit
memory/1880-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1880-1-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download
memory/1880-45-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download