52a22def6228efaf426673e443fa209c5efdf144042a9824f272c23224fb15e3

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63a3aed47c38485dbe041a62ab9d5bae_JaffaCakes118.html
Size

73KB
MD5

63a3aed47c38485dbe041a62ab9d5bae
SHA1

f025e249fe337c5c0c397be560578d1397fecb90
SHA256

52a22def6228efaf426673e443fa209c5efdf144042a9824f272c23224fb15e3
SHA512

35d296de689b63c74e5d83fee94c9a5fcf5a37feb7e30357b6aea615f9c477158188900dc64059bbf7e64d46444d4932adceeef700a3fd5b9f781ff2b5f1c298
SSDEEP

1536:uODIyDIYDIBEI9920jgGH86/OdiUxrUFYa9rYHUWCLjHrOwl3DQf+ZLEVpaUHUoW:NDIyDIYDIS96/TUxrUFYa9rYsUHUop/I

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4312	msedge.exe
4312	msedge.exe
2968	msedge.exe
2968	msedge.exe
3568	identity_helper.exe
3568	identity_helper.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2968 msedge.exe
2968 msedge.exe
2968 msedge.exe
2968 msedge.exe
2968 msedge.exe
2968 msedge.exe
2968 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2968 wrote to memory of 4152	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4152	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4340	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4312	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4312	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 796	2968	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63a3aed47c38485dbe041a62ab9d5bae_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa322e46f8,0x7ffa322e4708,0x7ffa322e4718
2⤵
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
2⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
2⤵
PID:796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 /prefetch:8
2⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
2⤵
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
2⤵
PID:3328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
2⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
2⤵
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11634587960009524011,3893612676580558787,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2700 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3388

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
4bc6c5c0080fa27cbcf396e8d6ab9356

SHA1
289e5d5f57918d0c7ae806e1143004a43abeab42

SHA256
8a3ae3b9811b34fe2cc8190a2eb67a5dae5441391b8ff6702217081a5b7945d5

SHA512
575b203aae078417b39f402e272d805d88991dfef2c3e27eba74300a51c9951f4ce361d51f20c356e978627b206f935405bc1b8c5a043c835002c1caff3db45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
2dad5ed68121b48a4d13802812d9c5e0

SHA1
46a606e2ad96cb0778ec0851b50a1412ea14dcec

SHA256
42e59c807fe901200df6177fffeb953bf7edceac88605c5446e54550a085de8f

SHA512
0eaca82ee66059747641ff9ba5560d4abc06abbb3d15e9cb8e242f194b332eef1f5500ebfa35c1f7c6130635b7e37e20c864f8229139b1d7a21058be59d6aa0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1bfe0a873df2090e21567b2676ddf9cb

SHA1
cec9a17c3d0b064f2986d7e30c5c50525fb7bd61

SHA256
54c620193ae7f91a2fc3b015a33d834e36e6a78e22eca314c6bd6806e83eddb1

SHA512
6fdd90816c7092b9404ecd6d9bf48bf3e5566825dc7092762f24ff683ae4f699f99b114caaa077a01d70ca96cf0e84737e33a0f8225736d9db10ecb1c77ae3c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
53b30eae77f591a02f648a8b3fb7be63

SHA1
9401dc0ee1f5882c6306e18b6bdfbfd9bdc788f1

SHA256
8b0dd907c4b65108865e5bebbd033bcdc5e91a5cab0875dbe7d98bc5ecdc8c62

SHA512
1864ec0047a300a77deeda696ef8ae0d082b812731a2a1d49b1207be5da959fbf0d8f530c3ead92d9c4e7d07ddf02b75479b3bf165150811480f3f46cd94945b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6fe316292e563f242358180279aab9cc

SHA1
015449594664b7e676c6e5b4fa724e71f47af33e

SHA256
540cc9a5777c7ed5cce8118fe945da8fa0e7f98ad39a14b4ef83cc5e6eb4a349

SHA512
99b66138a28a53772fc093da668da8861d6177a0876a70c14c985b67a159f864be9388dd75cc88f57935e101b2c465f528f9afdfb4733e52c71511f279ca9b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
366B

MD5
796535d2084a22b321f044507ec8e083

SHA1
df4ab46b47436f43a9affad2bb973393df6301ed

SHA256
17cc5abb58dc95897d95b2b33842a71f29f65ef8d0d3912563e7df525fbc78e5

SHA512
b74899af0b28eb0ec43c0a87ac8273518af4a8d547e95151d3de0a3da527122b04f66279111ef3c855153aab0e97fa59105955febb9d833d6b1005717e9c65e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b71b.TMP
Filesize
201B

MD5
c61fa3f08e92a87675c38cecc216be0b

SHA1
2fc0381298f77eee4569ed49cf83941cefde5c0c

SHA256
d68713d18ad8446d57d9ea5faf10aff14661b3b116d02d99fe7f85179378b718

SHA512
70de3de2748b37722c7caa6ee063475db202cf23ad0c99154af1d3c32215e9102d93bd78c4c7c7299e21c86469c96f6633477e1f51c467783b8acb5d96d5f859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9a0ace6ef9f918b91db5545049727401

SHA1
927557b47074abd9ae75b79e454234ea1e03ffa4

SHA256
a6b50db5c7381c266f78f0f5c0e42f78054ef1bdb3071a535c3a083a4b1849aa

SHA512
570ffabd93128824bfab661cabea5999182d5781eb13047213e7ddad023db5d35bb8cc7f1944a912506b0717998cac61d85a01f788633b8b8b3f91fe24abd1c0

Download Submit
\??\pipe\LOCAL\crashpad_2968_XFCRJKMHBOQCTNPW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit