85bab74b359bd9dd72ab5e1cbec59aa5bd3687bc9dab9ba52dfa7e76e1023775

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03c4a54019c5303afb5404d2bf79d8e1_JaffaCakes118.html
Size

250KB
MD5

03c4a54019c5303afb5404d2bf79d8e1
SHA1

6bc6e62cc7f6da88ef40459aaae5e86ee66918df
SHA256

85bab74b359bd9dd72ab5e1cbec59aa5bd3687bc9dab9ba52dfa7e76e1023775
SHA512

90c8562c1a10468a1f079e52543b44c906550f5a5cdd83141bcc7a42abcc8e258018ce402e03aec58a90b927715214db395a52e732a67a7ebfb86c1496a2a820
SSDEEP

6144:/0ez5F+x1OllZBavZ/4dvift+qFxTEtV65qco8BtfhFD7JtavtqWcIVov/36z/L9:/Nz5F+x1OllZBavZ/4dvifttFxTEt85K

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3964	msedge.exe
3964	msedge.exe
540	msedge.exe
540	msedge.exe
4852	identity_helper.exe
4852	identity_helper.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

540 msedge.exe
540 msedge.exe
540 msedge.exe
540 msedge.exe
540 msedge.exe
540 msedge.exe
540 msedge.exe
540 msedge.exe
540 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 540 wrote to memory of 4256	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4256	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4364	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 3964	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 3964	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe
PID 540 wrote to memory of 4760	540	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\03c4a54019c5303afb5404d2bf79d8e1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffaf44a46f8,0x7ffaf44a4708,0x7ffaf44a4718
2⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
2⤵
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
2⤵
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:2220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
2⤵
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
2⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
2⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
2⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
2⤵
PID:3828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
2⤵
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
2⤵
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7979795787415409023,17353707479018627038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3408 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
17KB

MD5
aaa46a808d6f22dcd1424b64d8a9d811

SHA1
8fc0a6876897a96a58aabdf413de84d163a79049

SHA256
4aceaabe03f61949a6840f7255cedba05572fc58b6d54d06b438ff1126ab7796

SHA512
f67e3638a68860923f47b1d83a5b978217ef942ab6f94ef04cc4fb891e2ad7cbd51c0292ce15a952b9378608a19e7072a67c1c8eb14e7de6f987850bfc425af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
95KB

MD5
f7eaabc62f76e352325094b1dbee1026

SHA1
e105dacc3761d76dc69e6c89e2fc2ffe1a22bf0e

SHA256
ca82161ffacf45c52bf82d20af9b05ffb115c1fa1eb3836924db9c4e7890504c

SHA512
0923d252ba9ed3394c1d68b183594277dbf5d08f1f7cc5a5d039c70374de3fe9efadb1995195a1b080791a01ea7da222dafe2cdbed0bb5f6cb7256a8e8b036d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
c6f6f7a7e12cb0c7c0ab828b55e20d0a

SHA1
898a135fd2346c9caca9c87bd52ae66a30f193f7

SHA256
03d3f36996e8a4001d764bbdf3e46509c9613b7db0738925a6a7ff3b8f91d2a5

SHA512
1a4ba1afeeb8d9e810ff95378eaaec7a56db82b5472d87235d5a0ad7942cbbecaf709bd8a4516c37491528f8752a6e5ab67f93098ebe64b4a9ba03e549e6b3f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
a6f6795c18cb75db02af765473148150

SHA1
fe0adcb0be872b8bcbcb5ac5ef4bd9636db8e061

SHA256
be11bc28ddbd05e62cf54b1ce94daccd1267ea276cf708fb004aba0af793d3ce

SHA512
7d5ee2299c481a65da2a9dd2b241daef9b3ecac2235898e93aa567107cc09f3b7b7c0f57ff1cd8f19237b00541ec6d2b61a59c16a36e926f7ac70377749ca4fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
10bce9b1473b13d4cd7e594eb38d7cc4

SHA1
33a82259d98db7d7b6bbb5574bfabbde265eb2ec

SHA256
57542e6887d4461e7d52ab5d7794bfa43230e93ee91b4ae697dd6418c9284391

SHA512
3e5dd1072cab9fc0d1ed7b9e062a50340cc6fe3fed0baf157c89fc67857e90deb8ab92cb13dc1809781a8008506885048313bae5a9f8433b0ea515e22a1137b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
099c6837c4835f39f0a4c0f965aff21e

SHA1
b4f12dd030ed1548070343e46ab9bcc6470bd7a5

SHA256
a60fd1ac0aac805832dd2fe59374bd46220e7e77b2cb306931ca5756d6705888

SHA512
81bb1577fcd72bc84a4f56b282b34f9bc965ab8694b9bd674617e73d1961c33a60c26a076042b6f5c60fc5098652e667787145ff9617c1f819f2f8f5cc094fa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
73bbcd32bba75e0880130357426832f0

SHA1
8955f99af0184e003a43af04b0f5db20c0148c62

SHA256
8a5ece6b069aaad7cffe08ad2edd8f6815af7fcae6757ef7ad2fba86b1caf0ba

SHA512
3fe67152620e9834e34ca13f0b2ce30c15f89737684140ed85355ab05b65ae6066a90e2202881f375b67d80469d6be75d3957c515175719404c3ef06c78a88c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c2005c67a446fdb93498ebe56ba35036

SHA1
6dcf91f27f30f933d193f3216258c21b9e04065b

SHA256
8ce31d6fa37eccc6d72b561d9ff63c828ca59b0f2af3ea1e5446aad9412d1da6

SHA512
1aeb315f5ed9aa9a7ff6780a0c9c4dfe7628dffb62d1db4472a210994ea1aef664d5b61a6ee7e42e98b7943a0b8b6d5d7056532e59abf8a4458e309388cd19da

Download Submit
\??\pipe\LOCAL\crashpad_540_JTKHXCQVVCNSDGKX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit