252ff4886aed46375f3ffdba3ff633455ba841f193db68a26efe4d09f215b8f3

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68d699604338462073e222a10b6b5e50_JaffaCakes118.html
Size

51KB
MD5

68d699604338462073e222a10b6b5e50
SHA1

7089d6f1a26983a76a0a004d8833af60ced93199
SHA256

252ff4886aed46375f3ffdba3ff633455ba841f193db68a26efe4d09f215b8f3
SHA512

8ef2b2bb6b616289c93a37f291545e574e514f8fadb7157d67074d59b05fb126f675fd5db808c99a865eba946c1a4d81eed5d9b61e31415de3f54d75300a8604
SSDEEP

768:XF0bW1bmb8b2vbxYJYh/w9brMDE1z0oGeF01Jl4J2YAX2VkqXP:XF0o6b8SlYJYhGXMDE1z0zV/ZGOUP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1196	msedge.exe
1196	msedge.exe
3372	msedge.exe
3372	msedge.exe
672	identity_helper.exe
672	identity_helper.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3372 msedge.exe
3372 msedge.exe
3372 msedge.exe
3372 msedge.exe
3372 msedge.exe
3372 msedge.exe
3372 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3372 wrote to memory of 324	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 324	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 1196	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 1196	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 3648	3372	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68d699604338462073e222a10b6b5e50_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8175335842065830962,7978709144965531633,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2604 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e8880c5af28b10d189298405e5a81f9f

SHA1
77fee628902224a00a76720952aeba4e9f37a08e

SHA256
96b9c5fa966e46091447f41c145443299f18108b7ef5b6c1caacb9076181af68

SHA512
35ffd4e29c1f8e45236d2f81e1aed1a0830eb24704cb0109007186dbaf9ceaac8722f5d9d0bfebae0d459e86711d89696dd9fc1070d6888afa5f65def51164dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
0aa8e40f3b9ff37b895a86cb7edf59d1

SHA1
9047c7a808b99fd97b3315799519333d70f14174

SHA256
2577b1dfac6df61ce9f862698ef236c9200cfc9cd83df7544cb4c5554aa32e84

SHA512
3d6a3c84338df1e09cfebd2c081f8945003b5ebd95b02c6504589b99d0c7a2aae2a633451e845298923576537b0137413c2e28c779f3ead21e15c9354b30a1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
987B

MD5
729e1810cc873720aad34716fe4cd51e

SHA1
97f212785c5dd02a2744ebdc9f8e44d22b2ae854

SHA256
b958e5a0e97e75c020b3563d9ec4d80a616ba8add1806c14409c9c3f974f6c36

SHA512
6407b8a88f88af3df82df923a86fa11fb854277d0ef5ff98733452f415a35f9dfeeadb16ef4eb085679199bd1692a215789dff4cd5b40b614aea6da7b46e1265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
25fda4404445df9df6bbba80aead92da

SHA1
fb9ae045f39f115738bd2b27d68933bdc581d44a

SHA256
6878ac581360e7a5f7ae5f5a2010a3305849dc8634cb66bd3764f45839683fa3

SHA512
20ec212ad2d3b21682be89d3b45e512a6abab8b2b656ceab03e494e33df5f8de4308d3fdfe51ef81a0712e08d12882bf4885b354b609df4e293192104d1096e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d24d7d2fa2184c2b9f234c9b343c0f65

SHA1
aabc1b8d0b3bf243ed22b722a4cc4239fe26e50f

SHA256
fd336cb9bc9ba5ed2f6ae8cb1bb0d11db3c243068369d936cec23b6b544e9eb2

SHA512
a1b890adfe5d0a7224a6eb9a25e32bdca3d4b84025763b8d51719d4fe2d72503b4340e415565e6510116a9ecef84639db0c7994811beb0f415b3b4339a3e8e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6fd62c9f9adc6c3c191ccd1f2458084

SHA1
23a910eb4cbae12f066a02f9a013359c234ff078

SHA256
27998b3bff5f5b9fc61206a8d76d7689fffd7a03355459cac0b2b148c1444548

SHA512
d15f4de49907f770cb6a2cc958e61ba738e8668c6dec6869529d61a6e992e34a97804e83d059c5cbc3d7e4324c16b1df511c7864c0293ba7090fb858fb94ff46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed8f32871db1f67bffebd361d76a6e26

SHA1
c35c76bae9003454fb8811c4776acfddaf7e4e6a

SHA256
53d143ccc2126d867173b4650bf071041afc37f1890e8fab4b9b3d030c6372c6

SHA512
f7501db47dadfdb5e92a2858c5a2e192022106529292b9b4eed46544e44c340475f9dd34db5641e81aaeca486e14a01b4905a349acaeb2d60879b1222f99eff5

Download Submit
\??\pipe\LOCAL\crashpad_3372_TAQGDBAYWKEBTQZF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit