096c1686630a69894e15a85571e7e148c8aaf2e18fc385a4b69e361ff6a97754

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69695a67f19c3696ea47deeeb42cb382_JaffaCakes118.html
Size

175KB
MD5

69695a67f19c3696ea47deeeb42cb382
SHA1

e42c471b6a6952f08b4ebeab8a4e34db20a381aa
SHA256

096c1686630a69894e15a85571e7e148c8aaf2e18fc385a4b69e361ff6a97754
SHA512

6b1a3f578f055be4315f78d7a7bce4a25d2edb246971e03a2166b3f2a0fa5e1a9dac7a4a1b7f52635f58fe140ed9abfea54582fd847ea18a078a94e6be40ce12
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3pGNkFEYfBCJisw+aeTH+WK/Lf1/hmnVSV:SOoT3p/FxBCJiSm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4880	msedge.exe
4880	msedge.exe
3248	msedge.exe
3248	msedge.exe
1572	identity_helper.exe
1572	identity_helper.exe
5388	msedge.exe
5388	msedge.exe
5388	msedge.exe
5388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3248 wrote to memory of 3024	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3024	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 2476	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 4880	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 4880	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe
PID 3248 wrote to memory of 3008	3248	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69695a67f19c3696ea47deeeb42cb382_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d3746f8,0x7ff84d374708,0x7ff84d374718
2⤵
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
2⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
2⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
2⤵
PID:2088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
2⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
2⤵
PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
2⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
2⤵
PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
2⤵
PID:2608

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
2⤵
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
2⤵
PID:2400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
2⤵
PID:5356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:5364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,8884961971818009148,15633023356086021007,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5544 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8cd139ca4bf3572a_0
Filesize
243B

MD5
e0e260a571868e980e970b15ebf24623

SHA1
4169e5b4103b137acf86a5ba067ffac1d355a7ba

SHA256
72d0ea0cda0a0da98a59d9818eb9d4cef0cfdf79921fc1f2914ea22cdf2d443d

SHA512
905a555ca2047097b9c7d09c052f3e09a94ea89a87571b773e8ef5e08ac0b62b1a868da501d37f284815d642d6dff5fb64abb23573a03440b402d96822ceb7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
f18234b8f73f2f486a9ac20d3c16b267

SHA1
af9b432dba9938e514707f574d22243c77df7955

SHA256
8b3cb8a04f74198642015b1b760026ca8d7b2b645ce5a3cd93c853eb5f60dacd

SHA512
66a0caec6b210b82aefc1a258f5dc1d85e6f9c790b80240620e86b8b4ad16fc0ef666044f4127372da870a4fd3003dd7794bdc9b0ebf5516f5f4580d1241b14b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
ac211007c05a340c9b67a55904d4229a

SHA1
05aca8fe4d956bec7c6feed7ccd614ba04af0d1d

SHA256
1ce3704edbad80ff34fbe3189fd08d8c3aee093c35ee0f561f4d7722657cd8f0

SHA512
33f77558fd299d4dd819ebf03b990cb6abea11cb63e57e53b4b2b0f4d0379f5ea19af1c98e6e663a2c07c01a210afeb0f4faf27fc5b94b90755c0e8b9864e3f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
f90301e3b09a062edcb03d5c27d63cfb

SHA1
faa9ae37da20c673c8334dbc4483fd5a604ef181

SHA256
822d0f2ce943ec8756e46e73604dd29e9f8872942db6bd1d08fb10d1e5877ae0

SHA512
c20cb55b7b53effae211c1bf4e35be9538c792d1d305b3ca6149d5e89921310e37482b57011d036699f5342d48d9f24861d70358e000428cbbea77f5cdfe529e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d488b24244c277ac875454cb06bbe596

SHA1
2d65ac6b65715c60c14cd05e0a12792588777102

SHA256
1e1d0d8ff53459a38212e0ac6faf3a3adcf87d40aed70bc3fa9a594f42d1d8d3

SHA512
1658cea143a88fd245f16e4e87ac70dddeb25381730181173d6e44b3c65b360c8eb6a748a506cea7b9b153eeb43c8110c8e59578736d0a6282075b8b4fd3ef80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
cf1cf06aebe54033985facb96aa9e825

SHA1
660802844d3610f6ebd3a55cfc9c6c115b09bccd

SHA256
e3d03fb540e9bf25e5c3419f960bdb1ce311cc241cfe01c5c05bdd8f8b27335a

SHA512
48d2f42b98e829c30259087dd2286a21755c28be1999c9003646135dca42198af7417e7268d5b1dd354152b09d4fcef19f9b7c24704d9fc86b41f8ffce9f0bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2eebf6de9f3da46c7a5f9cbf3ba48a96

SHA1
f16a399a58243feed7a5409de8a13287ac392cc3

SHA256
ae6ff69b0fbda7d300fe736728640c404a5c0f5f60d8a03172d7692bde004921

SHA512
4c0d20aa972e5ef20a66ad3a761155163e7964cef54608742b00845a98d772920f2962ef1a2a0f0afe940bfadc4f0be5c89f4e41a90503ae2de264ee0b62c503

Download Submit
\??\pipe\LOCAL\crashpad_3248_AEIUJCHWJDMDIWCX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit