7ef3128bd7545ad8e781e03345e1921a2f6541e5f040e9217469c76dd998b7c9

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65a801618772e96c4c61f9dc40dbfb4b_JaffaCakes118.html
Size

88KB
MD5

65a801618772e96c4c61f9dc40dbfb4b
SHA1

0d9cd75cb88382d7d2364a53f0dbdbd8b6a2d6b7
SHA256

7ef3128bd7545ad8e781e03345e1921a2f6541e5f040e9217469c76dd998b7c9
SHA512

52e178e543cb2dfc29e290064bcb80686e659b681b4b31b7e73b446651404a2f74e98e7a11060029340ee90871d30d4f9665e2594d9aa00b211c76618a1f53e3
SSDEEP

1536:DLSGIpBVJq/Nal6wQMTipVVCCHNESp5Q6Tucrwo:DLSGIpBVwNaYNMmqQiSp5Q6TucrB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4792	msedge.exe
4792	msedge.exe
3536	msedge.exe
3536	msedge.exe
3212	identity_helper.exe
3212	identity_helper.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3536 msedge.exe
3536 msedge.exe
3536 msedge.exe
3536 msedge.exe
3536 msedge.exe
3536 msedge.exe
3536 msedge.exe
3536 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3536 wrote to memory of 3520	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 3520	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 888	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 4792	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 4792	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe
PID 3536 wrote to memory of 1480	3536	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65a801618772e96c4c61f9dc40dbfb4b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb65e346f8,0x7ffb65e34708,0x7ffb65e34718
2⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
2⤵
PID:888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
2⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:2116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:1340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
2⤵
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
2⤵
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
2⤵
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
2⤵
PID:184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
2⤵
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4061372182445345169,15083228830173979506,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5184 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:212

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
a7280e5bc128cd4ee908e490e788fe99

SHA1
faafe77e2357ef537a886f7c2b1ce0c882b79963

SHA256
403985782c04ec8c99aaee6160c2d4df760289955a938f70974199897d97fa1d

SHA512
5a617e76dd86dbc2450ce753db3adc9b680dae99a03fa743a9ff221f409479baca7fc7ba6905178b3ad0627925190f3b8a9c0ebcfae76989828024bb44321714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
dc49d18136bd9820f86133000f6be89d

SHA1
22cd5818350c766a8e226503e8f4ac2e49912d6c

SHA256
494623263ad332212eb96230161875ef76acf8139db520ee87ce39876d9d8d9c

SHA512
75607f6943c97096e671e12f1f2b40e675fbe6aeaf27fb6f28c7293b3969e9caa8a9bcb8a8d627667346b11768265a7a3d2d4bd1c08c7343deb0b23f2467b474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
c841edb4cb32ea95bd14674436e3e65b

SHA1
f14564f3e88f37d0e0659ce8177376b593ca23aa

SHA256
89b458c6b09d2257fc3fb3ccaede5304062df11a3c62afe21217673e45c5aeaa

SHA512
f0b7ae8ef194d14e09f5d2baa029a816d9a55fd5746a7804de1b4cc0abc2a10edc854d50b41329f2dcf206a18fab09281a6af9f8a37449de2101f399f6bcf7f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
fe9eb9d316bf298784a27bf8ccec5f77

SHA1
4360715dd866dc96d235d3deb929f5cbe0bcc4ae

SHA256
c916a969b4caa018ed982eaddac3f3096c2bbbb278377d4c78bca9ac541124f6

SHA512
dc3a20fb18a7cb272202c5a52512c6125d9a6346b93dd6a3fffe1998c6ddea3694400ce78d18bb786c7d4624b1d940eebb5d396eae48d8c73f8cf684c203bbe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
85333cc3a2dc45448645b39dcfc1e6a0

SHA1
f8e06ec211e43724e23d744992bfb7014f238ac3

SHA256
ea249071f7f44e6a69cbb0e2d8c9048236b22e0e0ae3a38fdbe7aff0e8247a1d

SHA512
159bc0a15df760f3f406f2f818c1c28f030aa4caa4d4a2b4b5716aaea80caeb8f5e242e946c9552426f3c877e456dbefba2f19d0aac7453455f552bdf57c330e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4a5cb0e3647a4c41194e015c0fa03f09

SHA1
cd1b419141a92f37b56f4d03f55fc440a6d1c015

SHA256
d6fd5e403551b71de97db5c746150523d6c13f2c53541d93a87337efc9a91a5c

SHA512
82ee17e617c4b9eb8bdd346932263ed465f83dc618fc03c54edcc11eed105f927fc2f9925ca56c27877772bdbfa7db0f8fc4c8be0b158e56811fe51302b41d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
898e3c02a139584b440ca416d869e720

SHA1
0873b9413917c5385feb5aae22341c239a937cd4

SHA256
65b2020a96cd0ca9a7a850ab99aca8b8e411f8c11e5983dc9252c3992da54563

SHA512
90bf901ea61c6be2c48f3bf88e167b21847490a150b8575db60108c95f11057418ff2b884e9ec353c2aacd683eeb3cc6c397aa2d972c70a27ec9093e0f4b943e

Download Submit
\??\pipe\LOCAL\crashpad_3536_JPDOKIADNDFBENYM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit