529a2fcfc7dbe1281af655c0a7f67688320c805c4558222573a4c81d35d85691

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63d1ccad168a4ce4b80e5df827298c7c_JaffaCakes118.html
Size

29KB
MD5

63d1ccad168a4ce4b80e5df827298c7c
SHA1

c3ce4d512546b7fe6903df3c3dbb971978c05b57
SHA256

529a2fcfc7dbe1281af655c0a7f67688320c805c4558222573a4c81d35d85691
SHA512

571749cb666a1337e58ff21ee529f324b66bbe2d991a3d2a6c7fc07aa557b0c7ecd8ff91c1824985aaa00ae4dcd3c0c7da24ccdc4b3d41e3e70bd1f325046405
SSDEEP

768:uF7FQF4LFbRWZzqTqIvL/dh9qKqCvBAnEWfqJ:uZaqVRWBakPsBzWfS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1616	msedge.exe
1616	msedge.exe
1320	msedge.exe
1320	msedge.exe
4240	identity_helper.exe
4240	identity_helper.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe
5500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1320 msedge.exe
1320 msedge.exe
1320 msedge.exe
1320 msedge.exe
1320 msedge.exe
1320 msedge.exe
1320 msedge.exe
1320 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1320 wrote to memory of 1868	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 1868	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 3148	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 1616	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 1616	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe
PID 1320 wrote to memory of 60	1320	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63d1ccad168a4ce4b80e5df827298c7c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdb8546f8,0x7ffcdb854708,0x7ffcdb854718
2⤵
PID:1868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
2⤵
PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:3816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:2300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
2⤵
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
2⤵
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
2⤵
PID:1448

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
2⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:2692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
2⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
2⤵
PID:1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12761220546052760000,8761614721492194250,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1304 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1878bdb8-394c-4813-a100-6dbfc54fe351.tmp

Filesize
372B

MD5
664ef4fbe90b60b93731221810dd86ac

SHA1
31345742c2c927293a030bfa2402eb63c2862f10

SHA256
b8045c14813485e55ac7382b1ac5d59bb3be5da1d112656f2ee37292bca46e3b

SHA512
f001483c84e5f6a2806c5d923dae7afb5389f2c2f19142f05fa1320db2547a1d533743a30f7a675859bd90ec58a90898acf22898e28081d5b4ef8cedd3f26328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
18d6fd4a45d867afd4d60309a369f40a

SHA1
34c44e03e50709e20bd35b979151c04c2c679a5c

SHA256
7538643e1b37210354ae8a6e25794a238f0eefe3f0268d6ad4c173d46af004f2

SHA512
89f616d96f5d139ff79fb8915ceceff07873c40018dc3c75e2dbdab97d23caa0ca43611ba04ec2e11592e44126bb1179bf523e4bf287d8c652648e4c25c47899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0c3e1163e95d0dbec798a0655d43d12e

SHA1
8ac4fc3a732e316230748c7ddbcf0b9a1155dd88

SHA256
e93932ec0690a35bd044676aea3c5f27f76a5c56c91129f161701ec188ec9d12

SHA512
75073ef7e5b3a3b154ca7031199da55cecec8f9d9fd8af8c8ee13b1af3844069b31d42a889a6375f245d62e4049916a0f2d14e8b571abf799bd1af7d8746eca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ca9ce6b6dbc535648561454c14603b23

SHA1
c1515511c615e2ecacd7824c2fd2af6ee71b960b

SHA256
02288dd3c7e588f2731d0ef1a836d3ac41df05e9e62c94bd83bd8912d6e658ff

SHA512
cf0413718b7296fa6aa50ef55977e91758536fa1dba3e6f2b68cecb6f0010b3aaa05487cf6c32765c371579affa58f538a2b9d8e7c7252aaff4b1bb2917ba78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53bea12a9d4dceb750d5f45ad230f0a3

SHA1
38528b21e2310986345af372926b8defab0a06ba

SHA256
569b93c72c96cc7f8701acb65b21be0b10268fd898b9e3b5b0913d0f1c87d800

SHA512
95f7e5f2bb34f7ea059a39a87d0265d8b402007b5cea76f5622381bd66a392197032005dec823c86cc4f830119ca5ee1a796d67801348e337d6f73148c9351a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
bb63bda6831efe31503b8c528fd75fc8

SHA1
57792b26ab068a5ff8bd528d4b3454e330cdce8d

SHA256
74b503445f08c900b1eecf95ba63f66ecae4282242e32ee005f784833d482f04

SHA512
981e9d7a7fd3192ab043d16336a05c6738e336437c5ba1d105b70447d55c4045e1ec2fb0046d6d5373f8e981e18e29455fb226107286d1a0230ff563b5ba3e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2b257e8949f1b12c42bb12af87cae28a

SHA1
1e8b46c7aba5f91be350ff7dca7c1c0b5761303b

SHA256
5f11329097a2ab02a421e8d3707b49bbb9a26f5e2e166f6f0f65fa7c369239fc

SHA512
a022fa615ddde4c8eb59edfad8af2459c8a0b25e6f3ffbfe95863675e1babd08c1a50970bb459020d8ddb5cc15e0134d6e2222ff84527c758db83f140b609a18

Download Submit
\??\pipe\LOCAL\crashpad_1320_ACVFJVWHMRQDZLHE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit