ac80285895d9b9d50c0adbc2ff5469a9c41deb516522e6e1aaa5566381dc9997

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68985c6d7caefc4dd5d2de7b64456d0a_JaffaCakes118.html
Size

256KB
MD5

68985c6d7caefc4dd5d2de7b64456d0a
SHA1

0b3a5392d8e9f647317b404c1101283ac1256113
SHA256

ac80285895d9b9d50c0adbc2ff5469a9c41deb516522e6e1aaa5566381dc9997
SHA512

a2fcfc8171c6b28abedf366ac306b8fbdd0209d6983f7a4a6e2fda622e4a641ad0883aa676c470a35aa0acedc71796ce1bdca446afae6e6c10f1c23c4339a292
SSDEEP

1536:x7BHv7ynvCTS9jW6+DcDzPLHio2cZU31NZqxR222kDYUvASin9h0vAXKMtT0p:NBHTGCTYjcZS5YUvAtr0vAXKMtT0p

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3348	msedge.exe
3348	msedge.exe
1940	msedge.exe
1940	msedge.exe
4064	identity_helper.exe
4064	identity_helper.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1940 msedge.exe
1940 msedge.exe
1940 msedge.exe
1940 msedge.exe
1940 msedge.exe
1940 msedge.exe
1940 msedge.exe
1940 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1940 wrote to memory of 2376	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2376	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2844	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3348	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3348	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 940	1940	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68985c6d7caefc4dd5d2de7b64456d0a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a47946f8,0x7ff8a4794708,0x7ff8a4794718
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,13521484443491791419,2308708098443229550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5044 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
1eaaf2707314165e24e1f956c10d54ab

SHA1
b10757c5bbc64ddb84a2d01381185cc1db49ee10

SHA256
eabbabaaf4ce7fc1b043e8f5187ddd6403b30709cf1904cd50fa6a003811c2ce

SHA512
b3abfc074b723c41cbd6d82723d5765516d8cac15e0733de04d0ca993d9c49391be264a5a3a6188f22d63f15994a97108062c17ed0bfc1c1170fa5b5b82f027f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ed6a2832bacdf7b2e796e718c8ae043b

SHA1
56f97c61ad973e0376fdd29227b7ea1616182bd5

SHA256
518f66b9fba1c3acbe44dcb5cd6dfeedea35d52e228686e24eae62e8771e998f

SHA512
803e2ff6fe63dad66c09c950ac0d520f9c024233288012a77bf45f80fe8672e2cdae67018305e00968277a791e7061d590295ad337b78345b36f4673c0411b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
798d0fc29a86e0bf963842ded2541f45

SHA1
0e8207c3f1fafc28d855fd814a13d27ffe6c54e9

SHA256
1a2d6401a4008a7215c605a93d67597a02285130416a25d41a625e120dbd75c6

SHA512
552fa349b5693c2ba8196d3faefcb25ea6750440e954c68c504a081d6e028686e3f52c12b3f1daf9b1eded9b1734f8995b5e7547f6728d02c98f000bcfd20c15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
25073b08c3583608c8506e7153ea96dd

SHA1
66cd215440ab6abeb1394cd7a1dc85abbbf6e07a

SHA256
0724ea06d4031474dbdf23180810eccc37e64c0e5be6764d286954b53d647761

SHA512
d4f53a8c5507318d2a66dda55f2eaf6da9960cc0893ad7a8cb7e61c5a44781c5b554e4ce21f4e895a166c4d4ca6c3a22e85696488599ebd09af5185208216ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b37d7c4fb043c8999f0f0db2084c30b2

SHA1
89cbcebce3e00076dda967e05a23ff23d3c23b0c

SHA256
92fefa4668519e680e213f348c88ee55b320f9e14c84a0332e6baa3c83c6e64f

SHA512
a058813a0197483877983cc4450b3b4b8bc62cb506cf51fd07baa77644c92486d8ec068d9b6c8757ff5a1b839afeed4b2a9984f64d59660fef179cfd1ef3df6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb1ca08db59550610f6d31b94e1217c4

SHA1
39def58a702e97aaf2c1523b450efd7bfc261fea

SHA256
5b4e1abb274253742c83de98ac69c2d1901a5dde00cb8dd2c3031e34449e1668

SHA512
d131e32633386f8f81ceb39b4154c7b7378dc9c302e51a897e7c39854de611ed1d72f509925678b83204e46709c99be8f5beb841258ae5cbcbad8c6395092a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58e49e08b279f13a0c17dc5eab59c4b8

SHA1
24713f0955a9c0c56a3af23e06562b985568a1a1

SHA256
a655a3555b41883296f28c0466338b9a677fd1ca970f7272553bd4ecd121edb7

SHA512
fce77ff5fb7994c18e9f117346a9bc2c8abf3cbffac6a6e2e70e99cfb7a5ed72a924e7355a1465474c67c9f764b2f29ca63859fb37fd45a10ef1856bcee00a79

Download Submit
\??\pipe\LOCAL\crashpad_1940_MPZFIAWLDGPEIITB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit