611cb438bc34cbb5f19854c25cce34afc5824e47d2ee279b076a9bc629c3ed2b

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64029f5be56119476383b585e89a5153_JaffaCakes118.html
Size

175KB
MD5

64029f5be56119476383b585e89a5153
SHA1

fdcbc339350ff9170ac8d50aeed3d505e2321436
SHA256

611cb438bc34cbb5f19854c25cce34afc5824e47d2ee279b076a9bc629c3ed2b
SHA512

ff413109a03258d0e4bd3577a33076b3e089a45623eeed680209183f3457461b76f7dfd489e4fcff01fc79a07e940581caf4f051a77bb97fc726da000e8b7ab3
SSDEEP

1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3EGNkFVYfBCJiZ9+aeTH+WK/Lf1/hpnVSV:SHCT3E/FABCJiwB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1768	msedge.exe
1768	msedge.exe
3196	msedge.exe
3196	msedge.exe
548	identity_helper.exe
548	identity_helper.exe
6124	msedge.exe
6124	msedge.exe
6124	msedge.exe
6124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3196 wrote to memory of 1524	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 1524	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 4648	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 1768	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 1768	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe
PID 3196 wrote to memory of 812	3196	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\64029f5be56119476383b585e89a5153_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9303d46f8,0x7ff9303d4708,0x7ff9303d4718
2⤵
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
2⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
2⤵
PID:812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
2⤵
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
2⤵
PID:868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:2208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
2⤵
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
2⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
2⤵
PID:364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
2⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
2⤵
PID:5296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
2⤵
PID:5304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2900342952062378848,5264633165502120303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
775a594bf65ed605e270e2f17170072d

SHA1
1984ebb4d10d65985824da53e07d5c770025363e

SHA256
c9755eb17fc8664d0fc9b1362e12a22af75166f6caebf20a0792e804c4d8e1fa

SHA512
204cf3c3edcab1d23826907d3a7d5c42eb214bc91fdeb91cdc9cb7d32835d019f7e24fc713cc9bb52f9ce54cde04fc70a5c2d76a781c65cbf6593dab9af27178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
aea560e952bd64ce28b82db1d975c8d6

SHA1
890649b166cbeae77f0f5bac6f732cc594cf7cf9

SHA256
563e2767a547c70687ddf0128e0135f971648726c02315e99540f7b59b89a69a

SHA512
be15ebfa21f3212ef0537f8bc8bcb0c04b894739394b7882bdf9a9611b42c77ecdd9b73a9c567da9ff9f60d7cf316a468d4dacfcbd393be1c31bd08e5d5989d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
490eefb507de349ec0e85f591e498f3a

SHA1
54d1bc57a4eb28996196fa7270757b60b35dc3d9

SHA256
730001b97b7de122d6042a0f2c2c9a86249dad74f5dd6bf581f99c316f77ee86

SHA512
11ae833be47a2ac1071ed8bbe49d8b5e862a1a2a114dde21365a5b00fbf56b9ef1e3f9b9fab2945956df4fac6568cd615dcb18f4a55523e9a24d9f765cdee388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d2ef2b0f0f386389e216efc734f28692

SHA1
2a5b29048351b845b491410523887353793709a6

SHA256
61236e97f46ae9196e6c4f4cc28c3ceb1c9ccd00be8935c457749d5fee97e837

SHA512
e49f5f72f047dbea8432da1a3e054e39a50f232b7417e18f2bae7bf4bffa38e29aaa91fbd3dbecb02ab5b006554506f9deb78e111ca280e1783607a442620d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
eaecb7d7fc0f369070c63e8f14b59988

SHA1
9e123e6664ca1488932cd532ec852b84aad2c086

SHA256
eb8e5a92c8472d764dfb7121db63546b2aedaaa17f9c5ba98e0a341e3267169c

SHA512
4d378f916a221c12f1c321eb2534b5dd741f73866009fdbf395ba0b451200df9b23fe24d0f59116f937f6fbad3e29cfecfa63c1f17f4400c876a364dd545c280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ddebd722581268dec5a852fea6e0eae3

SHA1
547977c6aa47b5ae6c0e138a6733af05176dcb9b

SHA256
d83361f07b729dfaa318e04668734be94a4b43234029922319a4bd564dfea203

SHA512
6e1973fd707161f4fad6b4a0c4f7d1e771a14e8a40bd8dca0d09b6628a3c739b79f8b73d7aab394e42c6948b6938168d28e42b0ccbc4270c66c7a8e03d91fe02

Download Submit
\??\pipe\LOCAL\crashpad_3196_DMYBKICLXWVBIRCN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit