8cda6211cef509dc12bff6c9feca950587b62190154ec6ad65b9f0e533bf56ad

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6975dfb0fb96599e3320e9c9a5baed3b_JaffaCakes118.html
Size

72KB
MD5

6975dfb0fb96599e3320e9c9a5baed3b
SHA1

6f6442da86d002ee6e8d308128822c6926ad4db6
SHA256

8cda6211cef509dc12bff6c9feca950587b62190154ec6ad65b9f0e533bf56ad
SHA512

ec87a1f9896b8050eac76ea94b6915b4b91f7ccfcb3c4eaa28604d1ec823e1a55520f87a96c4370fdd5d1df5ac05d87c3a8f217dbb4c62e6ce5a174344e19136
SSDEEP

1536:cbA6BeA7Jsxu5LutU40Elf+3Ty/I4tFk27Mhj8ZxbijpjS9hezrveSeh2h2Nt:EA6BeyJsx8LqUxpH8ezrveS+2h2Nt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3284	msedge.exe
3284	msedge.exe
3076	msedge.exe
3076	msedge.exe
4492	identity_helper.exe
4492	identity_helper.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3076 msedge.exe
3076 msedge.exe
3076 msedge.exe
3076 msedge.exe
3076 msedge.exe
3076 msedge.exe
3076 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3076 wrote to memory of 4792	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 4792	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 5048	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3284	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3284	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe
PID 3076 wrote to memory of 3692	3076	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6975dfb0fb96599e3320e9c9a5baed3b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd329346f8,0x7ffd32934708,0x7ffd32934718
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
2⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
2⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
2⤵
PID:1540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
2⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
2⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
2⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
2⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
2⤵
PID:2900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,15350842467263310612,5725240371672543176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
daf68343532429fb06ebfbaeba410d55

SHA1
9c063f7a4fabfc95fed5cda196963759157fcd13

SHA256
0b99739bf1692c700bee366713d7b3c0a1b67388781687455020781bf710915a

SHA512
bef3805ec80bf174538de8641f25145ca282f1d783ddba7f33e40e6cfc2c2c82914cb09961b6264675d74e81cd27f34f49f96b9147ecebb326d1d1273c22bec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
bb10fd22cde7d37287dcb662a0635dcf

SHA1
2c40798a9ed4c070c25af32352edb052afd92e7d

SHA256
ac46e875de19977a1c53771d21a590b90e0dbdebef083de6416f4b9653bf9a49

SHA512
fd69a0507cb862aad795fde9450d039c360b9442a5ca7f92cac2d6933cae4c3a0be98a702113942699c887ca883e92cd873ca05df247cb90fb9b84f6bbc8c76e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
2036dd9e202779c5b5adabed245e8e01

SHA1
22bdf9d09a12812310477fffddce28fd5c1f87dc

SHA256
cb18c99de518fff1ee90826c38e04b4342434b03d58675f46d4914e6ee41657d

SHA512
7f68bcb08ff46b33c29568c047f71646f1f8c713685ce265d7d496fd255c960ff3a424e63d2d2fdb624628e7ec2522344003f54ca2a8d7656999525fc7d7e93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
daeea718175105df38158ab3df206bf5

SHA1
64cc4d0d9799c2e02a7417fd96f83a27b3ce3c8a

SHA256
70bbe4f7776802cb16d26f2b8c61cd5f8ea2b038932bc943dd33d9bc24f40252

SHA512
dbf10da4a6142e2f09b5dbdc467e9005f77460e83420e405171bebf1e0b4db623a50d0665c68808fa7ec2b218dda23ccbe1b9d3969f57055160539001b98c5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5ff9cf4e57c7e2174a4c42b37abc11aa

SHA1
814e161a0cf02601c8fa05f0b14d0a4ebd91456e

SHA256
e4c37cc7225c3ea24fe80eeacdbe6068e727836906df641c4654e876ffa52f6d

SHA512
1ea40041bcf746eddafac2f23a86af0b64c5cdd04416c1f3239adbf857c381cf1c4efea9d545892eb0e5313aacf125784931b6b06050c2594e57c1dbbb90905b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8c7b5b2a2877ce8c876dbdbfc2d8e7a6

SHA1
385ac16478fbd9cdfd8466854ccd28bde1b3fb3d

SHA256
cd29cb7897026cacec47efb02f84eeabe1e5c8f3c18dceda4512f4a4008ec607

SHA512
bf7dfd3ee753b0e64ab4d2a8382f07af1b0b27f70a751746c0d77c6649107c3491c7eaafd102f7d3d4d10faf94d3857e5683f2526ef3aaa58795fcd9f62888be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8980422bb8242dda0be0f7891d51bc30

SHA1
b958d4af6f539df0f8a5f4264eeee1594711694a

SHA256
c0ffc88586bd0dec0fa946e66be47970ad25714027eefe85551face0c5df8a5c

SHA512
8c9c0cb58c9e99412e9da607feb05d0b9bef0595125f509b0adfae9fd6a4fc2747d4070b4197a3fe10a5e0536e59c9b27b257ceb9852aa76957acaa79ae1919f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b7a7eb689a39bb2012ff0d3213bfc84b

SHA1
4da792794b6dd00e8fabdeaf0a034db10e6b6dcb

SHA256
d1e046b63b13072475cd3bd86c91005846905c32f6ae0de89f5c676bf3548753

SHA512
fff991310c10665448fff4c6838249fd8625cd27f4ed806a7951963b05bf06782f0a1522eb05b69c3b7c14abf07763663497ea95076760bcc01c050b5540b625

Download Submit
\??\pipe\LOCAL\crashpad_3076_QSAHWDWZHDTZIPML
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit