cab26a63fbab866d64832b6d69fe0cfb05381ccb8b82d66216a05616eb447671

Analysis

max time kernel
134s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68ecc55c54800f4d56a55961b212ceac_JaffaCakes118.html
Size

64KB
MD5

68ecc55c54800f4d56a55961b212ceac
SHA1

aa4ca6475930bbdb373bbab0fc96cb1065b945ea
SHA256

cab26a63fbab866d64832b6d69fe0cfb05381ccb8b82d66216a05616eb447671
SHA512

e7bc1558ec4e11bcfbb77f36df2af581888a5daa1cc0b2d7c14486292696729328fd53651723d8c340fee179564d460a53b1d5df4d4365b4ebbbf90e14502381
SSDEEP

1536:oRT/Dzdu/zMIP2qwQ9p5uw2QOGO/OjhIx96tbtbFElcXJsijJ6hwCf3lSB58fl3h:ox/DzdSIIjwQ9p5uw2WAhwKlSB58fl3h

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4924	msedge.exe
4924	msedge.exe
2336	msedge.exe
2336	msedge.exe
3484	identity_helper.exe
3484	identity_helper.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2336 msedge.exe
2336 msedge.exe
2336 msedge.exe
2336 msedge.exe
2336 msedge.exe
2336 msedge.exe
2336 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2336 wrote to memory of 4156	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 4156	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 880	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 4924	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 4924	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe
PID 2336 wrote to memory of 2208	2336	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68ecc55c54800f4d56a55961b212ceac_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8022346f8,0x7ff802234708,0x7ff802234718
2⤵
PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
2⤵
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
2⤵
PID:2208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:4144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
2⤵
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
2⤵
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
2⤵
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
2⤵
PID:672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,6684245116522268448,3537271148651293318,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5788 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
6975c151da33ef3637fe53ae80e8dbd9

SHA1
120c37d75590f89e235600b24dfc3fffec7dde31

SHA256
ce7c356d729193700622f9196535c1b865fcf342b80c1871cbcd9fe295f58ebd

SHA512
2019770b3c77009c9644462d447e516e0f6eab9f8f53b5e9c1b02923aa182b77eb62ee52a90b561ef4f6781b066bf412e184a8cd4029235a1922310f8e55f4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
484B

MD5
cfa5097b8d9158692a865ba0108dc1e2

SHA1
b61099c0c6be76c39d6ac1f955cd31fbec25a351

SHA256
4cae67f56dd895b3c51c2db0b798a4df63a688cb2dd2b3ff98ab46c0251d401e

SHA512
9b600604baddd2b89478d29922a5f4dd880c04ff7e3fc13a3c9901aa91d36a42faa49a55855209e5efa75fe513b8d6b3319865c9c250ad1cbd248b780ef5937b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb4ead226acbfc7e1b4a11aba2e10d43

SHA1
cf94e7e25326c3d132c16e04a606aab1d7bba425

SHA256
d964a56feeca0538b13712dd44edaacca6f8fe1724de8003f7a128469099670d

SHA512
410f5103090fdc4f68db022030bbc9b4c34dc36eaacb09fedc23949ea6fc8c33c9a91b34d2dd470d38cfbd058118d7a00d2b518396af52b388f1ba4f63c765bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5c0199ca9d3d4f21c1357d12a292a2f

SHA1
0cad5bdaddf44353286dae03faa092d391c2bd79

SHA256
1e6e63849f9e25a5494ac7132aac6aae2efda7d4e47795e896ab13a9f65b4622

SHA512
bd11fff9d6f8d69184cf0dfb4c458943d0e53a785b3f46b5752213f8e91749c93f4f388ecc666bc4125a9688b91a1bad1193984afb11e635a5f996bbf2671220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f08fa9492de31c51604e16b8501f4623

SHA1
35cc3c87f8bbbc5a733b2a1fc94634da1b9a2062

SHA256
bb675385da62a81c26370a3a80f7d9c0a204a17faa382e0fb6080e722820492a

SHA512
bd4629e14a07b9ee4dcdd93a884fca89f9f5fb98f9620a4bd142c4dc234712a42fc64df159ba2a7b266f118129a90a1805f1352628c326e79e80c4c8d6ef3f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
cb9cae2dd94eb8eeb1533422a4786739

SHA1
ae6372a596789dc7a5f31f4e65a4f2186cb1e1cb

SHA256
a1210ee4902ed31475063c9cf4f92358bbba1f8a00fcd63711d3833b3f45680e

SHA512
3ba2e2eeff585e7a2baa4309722c1b512298c33cd0e273c6435f2eb79abb4da23a760858b4a6a2b850a7978a6e6728af3fac654b58a4d7279569b2a729a2905a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58abdb.TMP

Filesize
204B

MD5
484af66a5e746b3ffe1732b2bf1ae6b0

SHA1
c7b524b3166363db2265aeda2031d6746a141c3b

SHA256
5b552ac1abeb4fecfa8c49bead333d3b2777469a8c5bcddfa65d01e2fd85e14b

SHA512
b9aba11dec8a2c676cf7fc6e2c578842b0e4816ed1d1859bcefa978b106c8fac098048822ff7374da043a8d930e3aa88f6812affb440b9374a0a02fa7d24f9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
80ab23d96c03cfe6350519319578f70b

SHA1
5171eaf4db91e8752f3fc09dae2d831aa24e5254

SHA256
6188091a881f185feb9e4900a0e7aa0822989dd6960189b76e0ddc4e65596907

SHA512
c1bf036c8d4d2c740ad7a2392766bb8120da65dd5bf2cd77299502a313aef620da4681b5092dd4b64cc5c773f65abe2ccfee56166b23b08cdcc616e90eabf363

Download Submit
\??\pipe\LOCAL\crashpad_2336_PLPKKMCFOUYLIDXF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit