39368f04d165680a7df908369096f8417525a7ddbf731b2270aaa618ebaa72b1

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69755c83b5d42919b08c8df92a4a350a_JaffaCakes118.html
Size

175KB
MD5

69755c83b5d42919b08c8df92a4a350a
SHA1

c601e080e462b008af27da4ac413c466f6626084
SHA256

39368f04d165680a7df908369096f8417525a7ddbf731b2270aaa618ebaa72b1
SHA512

f81a223969ff4cdf1ec3677a577f98d2985ce75ffc5698f48b3d0182ee0758e5bbc285617275fe136f46eb90590f2259f22d3d9e0038caf22228491da89f33e2
SSDEEP

1536:SqtH8gd8Wu8pI8Cd8hd8dQgbH//WoS3fGNkFIYfBCJiZX+aeTH+WK/Lf1/hpnVSV:S9CT3f/FtBCJimB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
5232	msedge.exe
5232	msedge.exe
2688	msedge.exe
2688	msedge.exe
1292	identity_helper.exe
1292	identity_helper.exe
5656	msedge.exe
5656	msedge.exe
5656	msedge.exe
5656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2688 wrote to memory of 448	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 448	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5968	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5232	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 5232	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe
PID 2688 wrote to memory of 1108	2688	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69755c83b5d42919b08c8df92a4a350a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa688b46f8,0x7ffa688b4708,0x7ffa688b4718
2⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
2⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
2⤵
PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:5348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
2⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
2⤵
PID:5644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
2⤵
PID:4080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:2620

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
2⤵
PID:2468

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
2⤵
PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
2⤵
PID:4212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13022529717014887674,14026799356989450199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3248

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
77bdd67b8264a6ce863a4f687dff3f0f

SHA1
fddbd329d5e0b1711cb7f820194c306417feefca

SHA256
2ee5c13d9ac9fc4f86fd2cb2bbe852b9d627921b23736e4b484e9c0e61703a06

SHA512
76226ca50c277d1f238fa2e22ef37ec81b0440af1bc1f4f8889f4f2d232f0b3f10fbb88c572ac669adc319233c5d5c0680cee4745b3a2d3dabfd6b264420a8b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
70e21382716844fb0d381a900eb916f0

SHA1
e7904abfc5c5a28b585974b539a3f67bb5d1ec77

SHA256
2f37b80a3db8d2bf19c5308a47c11589de7eb9ca20f1d8111975304deb210a55

SHA512
e5c0f586f4b0534bee9312c2c0e6721fe472221d6230862a4479f59f8718aa6c8e58189b06963d7e5329ff0623f3b330c19483d88364f5e7d7e32892b3685cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
4652df1ed2ceef383426463a1e769053

SHA1
e557aa627a96501fceb025dde61e60f3f29e4cb4

SHA256
c894672aec7d664d324bd77adeac159b0df1a2eac438a358ab296bf8f93c7518

SHA512
89cb7cbd6c2039277a1ba387919b0a03b95f51514085b2c95f131eaead0b6649459ae9c12c20ef92efab014f237ef67a57b049faaa463547439148d87a820291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
ea9c4f026bea5bf2fa7e6dc2df62a52a

SHA1
c1a42ce9e2a17e371ae47077a3f454633ab2c8ee

SHA256
564c123e427ea7e22950cc5ca9ddaeab01d8459af2df6a9cfdce83f3c407e7b3

SHA512
e9100c79c339ab461fa9f1ff0055feeb03934d876c53818497d4b05b5b29df7232df806b00f4aa05e2297c03b96b0a1552f8c03aae7e1bf64d69f973b645e7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
489c87aa51b8c080ed546d6a8ca335a4

SHA1
ada9cd14c305e264e162c96e8f2e40ac0e3a8f10

SHA256
50a91b7576842f208442343ec2b4452c88be47230c55c45d6f2accd42022da2f

SHA512
3a180e500354a95b3417cad4396a92ac6a812ae6c3cc4f18a60c1f2dfefade0f594269d8ab8921279aaff2fa3a9531ed9b079a6a3f3603242a328c416c189a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
64e5e74b23d1a2b334d2e664f8391ec7

SHA1
52402587ce9b62cde029a16b879756118c61a56a

SHA256
bb6e1e451533c7d804c719301beb982d4346ec12eb5bc84612f68ee324f5bcb5

SHA512
a76acdbe4e6fa1b599cccc703599efdbfece934d82f85797a188d23f93834bbfbd7a4fafafeb4215cd318e6e85a7c8dee6badf87488006b7a976ef87587b04e3

Download Submit
\??\pipe\LOCAL\crashpad_2688_OZPYFKDQCHEEXRUA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit