f823885f8faa427aebd47d27cba273111f71085a25b479b130029408fada8d99

Analysis

max time kernel
139s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bd74ca762bd27380b0c9d71fd09c700_JaffaCakes118.html
Size

56KB
MD5

6bd74ca762bd27380b0c9d71fd09c700
SHA1

1753db33676af5128f4893e62a0088e82ea9298b
SHA256

f823885f8faa427aebd47d27cba273111f71085a25b479b130029408fada8d99
SHA512

03154157729c6c85ea7dccf8b2d95dbc6c824dc2ef7631cf8ed1aed7288e45ff459b3241ebd284c2369616f571e8d21f5b20a11485268bb4ea134ba46dcb42b6
SSDEEP

768:48U6jTih/e9mw2WMOER1hLhT4tUCe/6iiGX0JzHB29ycrB:dU63ixeFIOERFIUI+XYHK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1268	msedge.exe
1268	msedge.exe
3372	msedge.exe
3372	msedge.exe
4524	identity_helper.exe
4524	identity_helper.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3372 msedge.exe
3372 msedge.exe
3372 msedge.exe
3372 msedge.exe
3372 msedge.exe
3372 msedge.exe
3372 msedge.exe
3372 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe
3372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3372 wrote to memory of 228	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 228	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 5080	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 1268	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 1268	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe
PID 3372 wrote to memory of 808	3372	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6bd74ca762bd27380b0c9d71fd09c700_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
2⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
2⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2484 /prefetch:8
2⤵
PID:808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
2⤵
PID:2612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
2⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
2⤵
PID:1508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
2⤵
PID:2056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
2⤵
PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
2⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
2⤵
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
2⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9955908553424149166,17909663459149907518,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5896 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
bb69dd4f069188b38ad5251887f2b922

SHA1
67ecd7c1715cf7ab4a01b5956e0ae392f3454bb6

SHA256
c0986f80c0fb17b777f8c6a65c7af2211013d3e481952cd44ba2640f0afca1b8

SHA512
8b50535c17689e4c5eb3b4aefee439e08b3e0d186f73f6fd49f2e49599321acbd3e56741e10c6b07599d602cadc1217fe762808d8e669467c90f4080d852d2f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
2b7e71446d8e160ee866f64b4368b31e

SHA1
eecb3721984fceced2f5ea2f81cf336fdf3396b1

SHA256
fd09924ba902da64b9b2413ffeb8abc41aee15da9b00a93af31aeec692508ad4

SHA512
8036307738547fcd16db7c53ee5ded7bcf2a9b96c0292568e53e71905eed96333db71ffe3911a4fa5a0cb5c6479f643e25ee2976030a7b4a11844e53bea02061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
d2e40307cad42cd84c1f72de8b09a2cb

SHA1
4b17410fea183fecf9805989f781ed8ab1d012b4

SHA256
7874b08b403c18c2cf7a624deff1fe684d9496649b149ac56b19115f10890afa

SHA512
403d818accf7eec7b4f996096aca628330a1e964fa68ab21c22e67aeeadc9c59201e61a536a9fa208f8794abe50f0990b1a3fc6a39436ade3c70daacd5065cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
56a40717b750e4822e93c183ee06f427

SHA1
e973046285cea8a1d5da2d77472b24df207c49e9

SHA256
eed84bad887862a23ea801b07d4ca70fd7dc62160d34c4bcba343e8be6a0b49f

SHA512
63646490bf808b78757d7583a3d4ec467b88a14b2fb5e0352d17b7b3b202357f9d5a310afe9f3975910cdc3b4d08fc05e41bd500491616924c6404211ab72132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5f649ef75b80cdaf68da9bf8d01508ae

SHA1
f2c53370106abd983773dfb571bfa705c5b674cb

SHA256
5faa76ad9d38bb4bbd34ee35be35a921d84a3ee793c37824c007cbba3e631469

SHA512
6b568c1885fa2a0b7c523176ec74350ca7828801231ebf3508748d6c58afc915a3965a3b797539cd14a1aedeaa9ccb692d08da4d5c409b8396ff41b66de05811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
dd6cc279fa077cd44b5a55a6927923bb

SHA1
69e9fdbf4356ff946a8a961505162beef899dfc5

SHA256
7dd6ff71a7647e9e97a890b0fdaa39eef0e0398c9d5034d5004dad6dc44b146b

SHA512
1f53c3db34febddd9316096abd105b15d20efe3478ad956809289eab5a8dcccad27d8b2b34d802266536dc88f963f5b03723e3e55cdb9f1a0e5cf5fd9fe0e0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ee6b6b0f392a35fc56e67126928dae3c

SHA1
dbe0bc8d55304b6ff80679ff9626901a04ce2419

SHA256
00e56559995a9d5354222338ec29cb6113a9b280dd5e7d8ca6254136acf79dd1

SHA512
f001afde2b2ec7a51c9ebaee63ba28be0a1beb316362b36ea731500047ee45dc999ef074ff095122c8506aae825fd1a52f1205505b55280623796e29b735e674

Download Submit
\??\pipe\LOCAL\crashpad_3372_GGZQMQSRAWCJPEFF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit