d7476bf61e881402f85198420556b1035252d21fc112ee2a31f59e9e7ad0c6e7

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

691e53217550a77859690e4213e79c9b_JaffaCakes118.html
Size

91KB
MD5

691e53217550a77859690e4213e79c9b
SHA1

5b0a3e4ead43826e32ebdecaece6804b34149670
SHA256

d7476bf61e881402f85198420556b1035252d21fc112ee2a31f59e9e7ad0c6e7
SHA512

50215b06c1d96f3e9a753fa1c916377bef517bea96de2f819c091ed18b2562dd148658e800b6757f5e9982dacb68935d445740f5756e6c04516ba9f816929133
SSDEEP

1536:bdBHv7ynvCT7WhOjapypM9t1m/yIqKMtOV:ZBHTGCTqgjapypM9t1XKMtOV

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3216	msedge.exe
3216	msedge.exe
2540	msedge.exe
2540	msedge.exe
4152	identity_helper.exe
4152	identity_helper.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

2540 msedge.exe
2540 msedge.exe
2540 msedge.exe
2540 msedge.exe
2540 msedge.exe
2540 msedge.exe
2540 msedge.exe
2540 msedge.exe
2540 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2540 wrote to memory of 2996	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 2996	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 532	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 3216	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 3216	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 4524	2540	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\691e53217550a77859690e4213e79c9b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b894718
2⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
2⤵
PID:532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
2⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
2⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
2⤵
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
2⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
2⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
2⤵
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,13099668991050502474,2418153664719306735,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5320 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2916

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
c7b874076d29fd5680a4d26123c4cd4a

SHA1
eb8759ff6770e931e99be531e2008e653fc43bd7

SHA256
4b7f5d139cd309cc455bb22f828246b2510b414b8f032239f03f5a1da8f84e34

SHA512
0abd8df00bfabc2fc7d2408c79eb9c9904c8d9c6098ad4e4866b105cf03e9df4454a33782b73d1c8338bb0e3715b41f0f701bd2f27cc25188ea795246b057319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
e64f0ba004722ca9394402ec5fc19ec9

SHA1
03fd9eab9405a431432869017d6efc3607ab74df

SHA256
3414b79e3512a0d9f240ee31caca400f55cfec0b59d7a66399a7edc7470344ef

SHA512
cc8ec40eabe26580e02fc59a5cbd592e58096f1fb06701f5cece689535dbd74ffe98c20152ed6ae24b719fe0327b3ee55721e5669a48710bb573b043edd30702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
0e9dbbab0e785eb6addbc5115400c51a

SHA1
6b6e3d104fd8a1318c9b141414c2819e1f86055f

SHA256
b1c061d7391aef1c21efb783b1368c8f7cc9958a7093966510aa137ce2379bb6

SHA512
c7012767204f04d80bf6cd2a3193198ca3f8fc321815ed8a242186dbd5cc316bb3ed00d6f4af3e93503e6a0a3c0138c0bfdce36b744200265dc6e257e07f9112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
266b6b59a8b0e50641f28e414c4806cd

SHA1
d205226b4f414973f32f10d788b671f8c0d9b950

SHA256
ba859a01ae8cb39b2438f9dee211499846f36ef0efe92d9a91aff16ea57cd226

SHA512
b0229a6226afd495bfe7b41e03db6352b726e6e016992dc618d48aa5367d1f529c384ec722a504f52416de48a23c32257e647a5fd24b0597b27d533fb9356647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
9a70311e82fd1aea99a71f81f149c0b0

SHA1
a5acd993534567639635b619e72efa95caa10b78

SHA256
76fbaf12aac45c9de2532dff13cac39ec82b3af70ccff051d87129312bec3195

SHA512
a85d690a061bfc4a9571ade595afa369b85a3db1ca4c6e55d74513f7c240f4c7070611054c22d23648679b88745a85d3adc6c56c9137b49651272fe62308f9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
79be16fdb0e5a232020d3d3ae4960d82

SHA1
5f7d32b51e1df1dda0f03b856744ee22eb537c16

SHA256
49ec81c85f1a51bec0b7576a4f6ddca3986dc82ed495f7fa917cc9089367e32d

SHA512
dcdb06d47660fe089413bc74e2936b88f0546a492244244f465aa2673395e69a2bc0d42d2884597fdb92d48fcbbd18910733ebb5ddec107dd9c4faec0c1b4abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8696148e38499f7b75cd66cf1246bc0b

SHA1
70f7e3b26e6db9133fe257a6c1f42815a157b81c

SHA256
b8dbbdad9ad1fcf2d19556a9ec7c57a66d918c0d0b374ddffd236ee537f9bbad

SHA512
ef884c5136faa36bc49d781b0f332f9f2938218e3305cc29bbaf069dd154c0a7e72286982f40a44b24ccf1372e05d926473eced4f7ccc821e12e518c5c1dca2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
70f40da775bb9c96be8de353be885851

SHA1
c175eed9a6273abc730dc39810eb8b7cce4dae66

SHA256
d5ed2a220142fdb4eaf963b513d6d1aab211be9bab7114572cc63fcf0d3c4f8a

SHA512
41396d987437d789901c74422318adccea94338fb370e78a583c00c7f5b356c60455211ec4ecbd14499de1e67c3d4c19ed9a995aa91e9b8fcb75281e11633ebd

Download Submit
\??\pipe\LOCAL\crashpad_2540_RWJTJJCWKHXQGHMO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit