a3733c75c79615e47631c392bafe09dd97f86e2a9ae33d2117109ded538fb3ba

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69111d95f9d8ea565c6c92637237b370_JaffaCakes118.html
Size

249KB
MD5

69111d95f9d8ea565c6c92637237b370
SHA1

c4ff39a8c65a2d83692526ce07580fefca3369ff
SHA256

a3733c75c79615e47631c392bafe09dd97f86e2a9ae33d2117109ded538fb3ba
SHA512

a18659e644d4c67b0b888198038b8c9fdfa1efa25bfdca6afa6e6787c5d95283194596a43fea17c9c170eee69a8e20d16263cf9862d54c58ece1531aba284942
SSDEEP

3072:2fICFf+AwlxVg7L5HdFnQ3Fnkz7QFzQ/FX/9KbDGaPplaV:2PFf+AwlxVg7L59FnQ3FnkzUFzQ/FL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4876	msedge.exe
4876	msedge.exe
2984	msedge.exe
2984	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2984 msedge.exe
2984 msedge.exe
2984 msedge.exe
2984 msedge.exe
2984 msedge.exe
2984 msedge.exe
2984 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2984 wrote to memory of 4248	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 4248	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1636	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 4876	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 4876	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe
PID 2984 wrote to memory of 1400	2984	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69111d95f9d8ea565c6c92637237b370_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd1d746f8,0x7ffbd1d74708,0x7ffbd1d74718
2⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
2⤵
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
2⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
2⤵
PID:2568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2800 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
2⤵
PID:1256

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
2⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
2⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11329161437419537464,17015635578462714990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
2⤵
PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
e00edf98082577153b8950d426746c6e

SHA1
1eb99834898e00c94ec38b63a4b4d71827dff30e

SHA256
010d248c431ba0ec58772807ef2b0712bd850fe59bed78da57f3e9e331f0b7ce

SHA512
0241f5b0ced317fae70ef64c835d0696c7cc279633a71fbe125d296f866a7f4e9061e253d5963ec4576a54e38112c28a392b0ae0115191ee31af442e667c01c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
f2979867b8b381e9dacb846e24476e48

SHA1
b20d33321e3e2a2f96bd9b3ad66a5631ad84afc0

SHA256
7ea82e3b025d42d002415ca29e1ef56346430f8f6bd5219d1c1185fed09c8c05

SHA512
cd1de5b3dd2985ee5cee0b22312811d770746f1d00ed99e2bfbf17ec91c9d887de11cf00d29e718f2c686544b0387b5f604452445b8869e147daba36dc166026

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
252B

MD5
fa53971dab1db1042b4cb8e103a81c93

SHA1
2888fdb918461fda6efb91b0ce0bb6e2f2f6ed8c

SHA256
a2e1c08ffcd0f318ae016f4f424c281c5e788164bb3653abc112038c1f90e44f

SHA512
de50b519ecbe12e033eb55a092128520b1f82c1588b8525f3955de72dd2e96910f30a6cee3e43273befe8ae16e6256f643fcc74f90a6f48ad7556a69530c80f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
882B

MD5
78d8c34ae888ee7ab9806d181be67c1d

SHA1
28be394841f95834bce3bf556ece46860343a239

SHA256
99f1f9d9253b053f3017107796472c352ab2226edb32101bace954040bd5f08b

SHA512
b7ce6d30f6a778c9ae1a412cee884202f18dd00377e24f53c57386295fb0b7b162f0dcc19c48e113f04bf54249556177928e8abe694b635ce0275468fa3427f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e24b7295604caa6555a55d5396c4895e

SHA1
f2d33b51115bbeaa65216194f1dcaae472764db5

SHA256
83b4c599900743786d1da9148c08b86e613a8a171e6afeb9fe7abb4f21a0db83

SHA512
cf23002d2ee67a330d25f4a76d15d19f36fe9b19fe2c8693b89e0cbb3f00e16e011521d079c5a24de7cf6074a032a9897129a30abf920250cbf8334f77935d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d31c32c33b696ced7ebc4a94779f9c54

SHA1
724f577978ac90d8a82a91778a2f7e35dbfe729c

SHA256
4ccd477a135476161444e58de88cc5906c7be9de1ac1a17d377cddec5f5f68b1

SHA512
255a025a378afcaf2422279d73291035835a91c96ceab147326aa2563ff000e7a2d942348126058170bf16b5b8291d6db59eaee4a41b5c4f0c63e95732101790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
00e0ba876f09349bc5dc2de1c9a4763e

SHA1
05b3a6d8bb9d18b0e905f6ff64e869f9b2e00be7

SHA256
307ec53559e99520c8ba8c2023c1317b56a775720d4e085546d35b6c1c3b5176

SHA512
a5bdf2aecfd3df7df4ab48b5a1aca909e12ced656f87066fa8ccb8e83d2766b097fc79cb70454c5cc89228d90e57bfc051b4e3bb72eb1994317e2bc0c892db0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4ce01fa8c28328964cbfa478ee88333b

SHA1
f0fc1a38b09ad195f46556b81a5dbe67c236060d

SHA256
e8225243ce336cd5f71d9ecbc5b1272e46325af989d0a52933d83ced02a19e4b

SHA512
63a2beeb1b119ed3845ee429cc85f2a2471973e50911901b4d6e55c7d07a6aa10e509fba7858f6c1cd6b6f8d1e0ef085a0010df34dca6dc0faee82ca7254ce7c

Download Submit
\??\pipe\LOCAL\crashpad_2984_WLWEZONAPZDZYJTR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit