0f4bc87231db6b36f0096c2f40db15bfb98948ba88cc426e0fe739c612c9e2ae

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65b3994a75d678a4700d0dbc8c8e0236_JaffaCakes118.html
Size

64KB
MD5

65b3994a75d678a4700d0dbc8c8e0236
SHA1

4d475e449b70b6934b4686592af7c40e3b869386
SHA256

0f4bc87231db6b36f0096c2f40db15bfb98948ba88cc426e0fe739c612c9e2ae
SHA512

920a7980895ea9887c54ade28ccd87939ae7e959996d93ba03c4b504ba7ea471cec89ec3acd9d630d28f8cd7b6c69a20a120f3bc17d71e279512363a042b817d
SSDEEP

1536:oR+/DMpu/CMIP2qwQ9p5uw2QOGO/OChIx96tbtbFElcXJsijJ6hwCfclSB58fl3h:oM/DMpS/IjwQ9p5uw2TAhwblSB58fl3h

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4268	msedge.exe
4268	msedge.exe
2580	msedge.exe
2580	msedge.exe
4432	identity_helper.exe
4432	identity_helper.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2580 msedge.exe
2580 msedge.exe
2580 msedge.exe
2580 msedge.exe
2580 msedge.exe
2580 msedge.exe
2580 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe
2580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2580 wrote to memory of 4868	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4868	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 3176	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4268	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4268	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe
PID 2580 wrote to memory of 4592	2580	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65b3994a75d678a4700d0dbc8c8e0236_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca124718
2⤵
PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
2⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:4044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1396 /prefetch:1
2⤵
PID:3976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
2⤵
PID:712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:544

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
2⤵
PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5084 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
2⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9949791858746526355,9398483162830177203,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
2⤵
PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3992

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
bbb7409a70d9dc6edef0fb1ad7077c71

SHA1
2a11db550b344890bb37c4a74549f1530dd80fe1

SHA256
d80854e14ce1b64452c60f8c572d4c5482a06d74b695436f3e06d884d7bf64ae

SHA512
7ea273d0b62b40737af703697cdd8edd0cf28238d2c81d1de7b0218b22c4a1dc9df490a7b2fa9f16d9ab0e7b2c28974fb1526529a0dd67bbaae33955cf9feb8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
484B

MD5
06c08da3710e76ca9df4682584ee08a8

SHA1
177febbf3d08d988f0666e32cb3b686fe962f37c

SHA256
61f26fd8ada9917531e8e92c590fb3337749295a0a0aa3acd83ab8925d789367

SHA512
b44c5c3df25db0ed2cfca56a2a173d0fb023c05d7b0a0b79bc18c777e606c3062e75e128ef12b6c6d2c73c8d8f0b29fe5809ad7cde92d0944b27c983c9ebf286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
41547de8d8a29aaa27a6aa03d0823bac

SHA1
a3681825c74e11a753256240f8955ad991268bce

SHA256
959265be66b01094874054c8b49c44690f277ecc56d65d58e2c96257af5fba22

SHA512
3e17b4c294fa07471c141595f432a6e4c6d99d58719601b269cb727265690b1a02ff853105d1fefccc81f0bc68154b02b50938bd2597dc3b028816510ec507f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d06f470883383f8fe864a437f0e30ee9

SHA1
efd039c7f1d5073866b7023db31bb95af65f6783

SHA256
538db1421c752cd74d010f0fde61effd235d4429dd733c82895813c547fb50f2

SHA512
872882c1c67d77e6988f6f08f3be5eb6f5b472f2f9e0e9f246db4ed19e1f8343a11eca08caec0c3f7e798ede6bb5764a676b07d569111115b55474bf874f082a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5e323be9d9755017d6d0d9c89bd2bca2

SHA1
da9cc39bd8dab71c632ee3ca993ed92820cd8495

SHA256
f76c5be6c030ece24bdc58f80313045efd55211c6da02af255c8d5ccd6cb54c6

SHA512
ca1eeb894f0bd90254691099741f07f59b7d1563f6caa7921b9ab5061dbdeefe566580dd9e6ebb61eda0bf4aef29939112116e9a27d466ebc13fd9a6d5b105b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
6bef5e4b36229bee8fe85fd3e54d2e7e

SHA1
bbd455665b7a8ec9beda3ba0219d0d87e7e0207c

SHA256
49c10e04debee9d924113e8f24096c897645ec3c084e270c3dbf653ac908b9a3

SHA512
8a4fe04ff99d21856c2e032a4ddb30aa7ccb80b986d9833d98b513635802eb62f750b80c71c3d3bc5571326d54781a2768e288ebcfdeed9b80ebeb0edfffc920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e663.TMP
Filesize
204B

MD5
9bb819212660041a957b5b0b7bfbd3fd

SHA1
d6eff3ae4293c464f7df8c8f212cbd4a04a1a461

SHA256
12ab47e88541ee898a70d4ceb6d12c9d7ebd3411a8b73f3630e83dfd2620fe3c

SHA512
4b3dca1483ca62b6c617d623a67413ca50e313ca7172cfe56834f49eaad0f020236d95425566e7cc458f1161b697b3b58d582400cadfb0b450f96a930069b7e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
58792deca42b8486a2ce8d9677b5d47b

SHA1
dfc5c4d983fcc72081281562190998f7ee1a0a4f

SHA256
c32998ed1aa3a93477e04e8545003fb1cc732065f2a2b0ab6f8d2a8749c2f3bd

SHA512
eba2f5391f26dd76157facbabdee646f4e09317c0f5c72366de359a1ed19a1fbba33bc192b9ab5523ac73af94b06fd70ece2dfe3a2ac6fb3c56a9b82c0f2b437

Download Submit
\??\pipe\LOCAL\crashpad_2580_EHKIYHNCLOMNNYTJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit