1618a98aad70f7d7be9001ecf13c7b4735d4426f95aebec64f882ee32806fecb

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65e1ed65d8756a2a09072239b6c0d010_JaffaCakes118.html
Size

175KB
MD5

65e1ed65d8756a2a09072239b6c0d010
SHA1

68f7e85f904031cf3cacac6a015998d1118072b1
SHA256

1618a98aad70f7d7be9001ecf13c7b4735d4426f95aebec64f882ee32806fecb
SHA512

bb969f2cace657919f567dd179cef9ab4818602f3ad64392c8f2bfe79e554b5e28a05677a8a948e60c55894517422cee298c5cd8a79887966e1fc6e3f6bd8745
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3CGNkFvYfBCJis/+aeTH+WK/Lf1/hmnVSV:SOoT3C/FOBCJirm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
856	msedge.exe
856	msedge.exe
5116	msedge.exe
5116	msedge.exe
4292	identity_helper.exe
4292	identity_helper.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5116 wrote to memory of 1860	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 1860	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 4968	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 856	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 856	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe
PID 5116 wrote to memory of 3092	5116	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65e1ed65d8756a2a09072239b6c0d010_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2e0646f8,0x7ffb2e064708,0x7ffb2e064718
2⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
2⤵
PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:3196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
2⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
2⤵
PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
2⤵
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
2⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
2⤵
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
2⤵
PID:3740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
2⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
2⤵
PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9968081438564690707,10244846314756427134,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2892 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
f1f795fb01110e6aa650b63722d85e4d

SHA1
1e23eb43533e63df649d89f01704957c477609ef

SHA256
b27a317f2e806c7237aa9bf98c4863164082929899706be896037ffb7de96741

SHA512
205844cd65777e4af5992ab3f0d75fefc3a6c2f92565b842cf1d28b17c7cc9bcd8d82e96976c9a6182549a95855e4b039b2bd65f5ccb9341a3bc168a5fa0856c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
f04db01a7b0a823e51bb9e90408ae552

SHA1
4f40c45ef6f9233d7c6221093a5e69268c34cf85

SHA256
718d8dc4bb12d581d9dfd44a85c07c90b69e8d3989f21ef0a911e07b8c027b57

SHA512
28c3ca3472c0c75ea2750506cb0ea15c5934ae443e07c4bcf1b321706b68d7b518966d50ee2171e66132393c86affebbe8ade1b2583efc0b53f5217d4efd9207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
ac88da16061dc0979bacbf3891661fac

SHA1
68bfabb997a6a4eb56ac39c6df56762770306ca7

SHA256
38c0963de438d75d254e49859aa1b8a3462a4d68628244ef005c2e034a2fd21d

SHA512
ab845126d0adeee8e9e05b48808b1172a0b1ea247033ed33a12310c4a6ae3bb489566d80ef7c752973ebef494fd3e1d202b38fa2fd5de3dec50d4bbcc5b8f9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
47223ecf31b15d1ee4bbb1f3c9d3dd46

SHA1
45ccc5dfb96ca5d665645b7ace547aad83c67a9f

SHA256
c815342d917c4bcf6e6ca55bd8b8c1d0a2e966fbcdb5776ae924e36e57e72c72

SHA512
07ae6855dba0ca71b6856ef8b654c35b5c6c22cd90d601720a725753b6caadd761fed4cd79d1c69c5520a12c1495bb5d39004b0dddecd31d9a195c23cb2ff81a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
862a528ccbd3b97c55cbdda3f31ffda5

SHA1
0577fc4622f6269a14dd135c0818a73060061111

SHA256
210ed3336a59d90678c7e5a728ba1a13ecef1fa09f2f813c8c451d44f71912b4

SHA512
2d2da59f634ab3667c190c870b97eeac6b3cee82c81487a1962f1df4fa1f1c302dd7cc2f0e9f0dd94e52b7df829283c66477eaa0eb503ee73fdbf99837686e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e4fdccf486f99377500c6a0e8a472bce

SHA1
0c86d5a7625605bec2778f524f4fe989eb3f5ccd

SHA256
99ccd54f5b068f6861a47f48609880e10497f806f8155c4829e7e87d7e49ed12

SHA512
bf1e896f6eeab65cf8644c4c7bf47805d28a861e0bc62e2663e960f68e5d46bf3560dcc721bb53ffa134f4996489964093f2b4c29fb6741c286aea8ee1fd000d

Download Submit
\??\pipe\LOCAL\crashpad_5116_SZIUCFIGTMCDAATW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit