2fdc34f17d05d7f0cf6dae73545434de1f4945b937cd6561d769aa6a9b4ff934

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68fbdb6c4d63b0f1e1aacf5c57ca0056_JaffaCakes118.html
Size

62KB
MD5

68fbdb6c4d63b0f1e1aacf5c57ca0056
SHA1

a22f61f020ca641663b165196ad0d563140e7d53
SHA256

2fdc34f17d05d7f0cf6dae73545434de1f4945b937cd6561d769aa6a9b4ff934
SHA512

99ba69ef49d0ee252e76103db4315c04148987714bde3ebefa9487c2bd6a2c89bbccb6de2140d1802cdcfda2c82b5aa890ea36ddb7835358f99fc1d7b199dce5
SSDEEP

768:iawgOriWNcaSoagGjCqzajM9/9QOR9/aUIrU3TGf1tDwNQ07Vg299j+WE:P/VCqAOR95ZQiVA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2992	msedge.exe
2992	msedge.exe
3208	msedge.exe
3208	msedge.exe
3672	identity_helper.exe
3672	identity_helper.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

3208 msedge.exe
3208 msedge.exe
3208 msedge.exe
3208 msedge.exe
3208 msedge.exe
3208 msedge.exe
3208 msedge.exe
3208 msedge.exe
3208 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3208 wrote to memory of 1668	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 1668	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 4016	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2992	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2992	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe
PID 3208 wrote to memory of 2660	3208	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68fbdb6c4d63b0f1e1aacf5c57ca0056_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae94e46f8,0x7ffae94e4708,0x7ffae94e4718
2⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
2⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2348 /prefetch:8
2⤵
PID:2660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
2⤵
PID:516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
2⤵
PID:1676

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8
2⤵
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
2⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
2⤵
PID:116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
2⤵
PID:612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
2⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,8067113095524326157,15750768946718588812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5528 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3720

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
21b199b4bb889b359d4805644fda1ad3

SHA1
925e8a8ac5dbcbd72a772125445318d634175a85

SHA256
e414d15b4f741f07ca04c7a52298cc7942d75a9f69935918fdc79accee73d562

SHA512
ad68bbd020305cd04120736698c0a3ff2c46353bd2e9ab72021de302fb2e7cf42a78935985beb97361eeb6f46417679429af8e118e2172b0d7a8b1abe9723c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
ffb745d45033270212abf62cbfbed34b

SHA1
e74f79495c4d4e876ef2995f63bcfc223229bd2a

SHA256
2e686d0aa3f19c744d134867d9c321da79b4c09fd4df4c6389a4268f43e18bc3

SHA512
ec7473cb8123241934178bdcc20e0083b96e4749930fb12f00f4706d79db27ededbeed932c94b1ffac8b066c99bde23042ac23cb2c377d06ab3df507b84efdb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
9f42ba2e515fae9d136b893f79d2477e

SHA1
986bd927c78d2e5e5fa0de14c6ba7d761c0e18da

SHA256
78e42d531b5ea626409491cc663d8fdce12286fd93881973c6545042deb50d44

SHA512
722d013cfe002ef03f54326392134141fa56e183d564b4970b5ffa0bdae061f109480d43b97fcf9d00ecc3d35e310f36b975616c31c5882eae9c97e5b4e7691e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f32ed566d93be9a9ecb8b919535c6481

SHA1
24568d55b8f9d0664e25e45e88c1d57c66769095

SHA256
41caee25dbffa7bd02f66638e1d187112d7c3f20f8a2df805479e6982b829a0d

SHA512
95e7541a7bc9f0de905382c826f278476afe51999c80e89cd6ca5aeecdbb11953aaa4e47d5358dc7c7c1b288d723b9f97375ff96d7357c54348dcd825407a088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d5901500077713b5f4a699fdbfb6a3b5

SHA1
4e9d41ccc8d0e3abc712efe765060d44f002cca0

SHA256
024b03bab581f1b2e2ae61100c7a916e572ea969b5973bbfefb78f2dfeb0771e

SHA512
f6fd05773abf0a178ff60fe6345d8aec22a3c10e405b633a47652959fbeed2c79a4f66fc83eb0764190f8ecd43ef12ffb1272156743304f083f2bd823afa8be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
51827b76fc0a0653b15a9124cd993be3

SHA1
b79f9849b73df97b1a83219ac9f05bc21b2ba5f9

SHA256
925b5a0a8449d34a8de63add213b3d36fd25a111714529f78f6fd6266dfed86f

SHA512
7bb10d6a4c6e77643cb4631a30f29441c3676d4be9382962154e0be97d6ad485a363ddcbba72161a05198e6860e8f131d8db48d00657a9e9ea6361121dcf3d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e66b20a784cae5a5c8f0c8ee22dc2746

SHA1
546dc216a2c54721553bbf6ddee31b3b1e3551eb

SHA256
da89718a658dc7c25451c1646c280aac98d6e4d6287dc175ef46c7797c514a65

SHA512
895c3186ade177a1046d4fc2c571f07e0dcbaffc98eb5c8ae9c582ae3dc99f6e42f62fdcc8831467060b6d434aa3fb4e8d42f0e2457be530df38b0532209ef2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
499a4cf244f42fab987b2c3a0686264c

SHA1
a706c615a8a7cca8def653c5a255222a9c806bed

SHA256
624598b702773e66d296137f9a1ab5aeda5c552bd74d448a972defd7ce8b0f51

SHA512
5804815dc7ef6ce92956fc87f038b93c146729d5d26a815637822e442385a227f7146aa12c6f95dabe1559b1f03cb0a79d5e65d27a35de4c5a6bd2e29729a529

Download Submit
\??\pipe\LOCAL\crashpad_3208_SFQZMFQBRKDHSVPK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit