522265bc8033811b64b6c4967bb5e60d98749fe9228f0b194af51c85b25ad7a1

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe
Size

78KB
MD5

faa21909fafd0de6d6ceb7fa0227af70
SHA1

053b8d82db39eeadd3ccfd1f0374d017633f140d
SHA256

522265bc8033811b64b6c4967bb5e60d98749fe9228f0b194af51c85b25ad7a1
SHA512

bde3a1917b7c815704a2d288156b6832bcfabd534fa05fa07b797aa083bf0ce29f2ada25a512aff53fcda99ed280514e6a9034080edc941c06e07125d7e2320e
SSDEEP

1536:e4tHHuaJtVpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQtf9/H1pQ:e4tH/3DJywQjDgTLopLwdCFJzf9/M

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3100	msedge.exe
3100	msedge.exe
3600	msedge.exe
3600	msedge.exe
2732	identity_helper.exe
2732	identity_helper.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

3600 msedge.exe
3600 msedge.exe
3600 msedge.exe
3600 msedge.exe
3600 msedge.exe
3600 msedge.exe
3600 msedge.exe
3600 msedge.exe
3600 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exemsedge.exe

description	pid	process	target process
PID 4988 wrote to memory of 3600	4988	faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe	msedge.exe
PID 4988 wrote to memory of 3600	4988	faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe	msedge.exe
PID 3600 wrote to memory of 4732	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4732	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4956	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 3100	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 3100	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1668	3600	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c64546f8,0x7ff8c6454708,0x7ff8c6454718
3⤵
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
3⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
3⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
3⤵
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
3⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
3⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
3⤵
PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
3⤵
PID:3244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
3⤵
PID:2832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
3⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
3⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
3⤵
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
3⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,4305946518725960170,10442965518704476919,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=faa21909fafd0de6d6ceb7fa0227af70_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c64546f8,0x7ff8c6454708,0x7ff8c6454718
3⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
b909f47d0164210c4cddc02b36f1a433

SHA1
4afa32e7e4261caff6f9924824d388b9191f79da

SHA256
85f7354a5272f44591ceefd785765221b62b17059f9b2ecb668b4e41ca1c2a13

SHA512
3d5e599e4464866d044c21b1e0b8dc3cce80d92337dbbc23d6956de242e27223bd552c07497b6ca659355dc94b5ce538b8668149de06261c2433583c128f7277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ea6a0b3f5b8d9e1573288096b83d3a5a

SHA1
3c3f8ad3006041377d063c4cb6675737fc76aaaa

SHA256
393e8186b2fd3b32895cde693abba7163ec5573c6efbbebb27ce2479df69d272

SHA512
390ad8324de98b31a532014a93d0299f4cb4cbdef2d417b63f6954997cfbee474587b2f5c31732a61ee44b6458139404dd51b47f016f12ec18b03ec4c06762aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
bd3a147d94ce90e84b574adae4473c73

SHA1
33782141f2279ce9e3314a2ac76f3d95dd50dc07

SHA256
4f32c295b9e00625fceb7717b2a90bf7ac185934ec293f607f10f1b22f01419f

SHA512
7cebfa65d6a9fd538572bd9c1211a9f6ae51cfdd0dbf2e4bab450a80d7fdc26abf527c358709bd7cbd172e21e705460f3e21dfcbbe7cc306fefb5dfc82829e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6273d0da0d522ffaf42dfe49b0a5a895

SHA1
b5d76a63a7b6dae6ff505dcb67e7333d2b75ef60

SHA256
ee536eceb597b14873638d2947208ba18353eb9a22c8cde87e9f61e8da61e41f

SHA512
e1d9ace6998eff36b767466693e39b1cd2ffeb4cfe078292dad53ddd162be29ab1dfa806f84100adfb82b1aaef5cd17794938b26f24872534bc10cada526ceb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
ca1b15a7bb789ffc5bc5b4b876075605

SHA1
1c1cc06936f3b57c02b4a878e7e9a98f27fd48e5

SHA256
f58b0e11672dcbaf49a0cb166da27411d77c812344108bb69058c9473d78673c

SHA512
6c91a1e569b6e3f5d0cbd358de044ad33956df28c2c1d03937b6809c31e1ff74a34e42c3d050484aad751fd8fd9cf8588fb672776e88cfc857bede75bd017326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
2bf60e81e237d7895f67bc235f1693dc

SHA1
aca0c264c330ef3cbc6c0f7bbeac40da7a38b871

SHA256
022d3fb84cce45f9d0ea638f87bbe3c93d61657ee87f04d6e2e52c1fd0219c3a

SHA512
15b65441fcc51d47620ae0f98708248b554609877dbfa02e52b4368706da7e4449f8ec05224016bac1a6ba26d02005c3f7ff92fa784cb7f6a67d53900827dde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ab05.TMP
Filesize
371B

MD5
7c087cef9346f7cffcbed1a4493fed6b

SHA1
d883ac0ecda312fa9e5d7e9cca4eb28b9a282f0b

SHA256
aa3ae2feb7ec9a8a2b89682f999d83544451f8e36bc1b6477f3bc54c56a52bdb

SHA512
085314d809cdec87c12a34640ac6c6f36d17112530a43753528709ca2ae4dcd72266ba62dd7a08b216394b4c1780fdb465497cc605c90176354806e2071b37e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
950a91a52f1b27d54685927f25a382ba

SHA1
367833db89168312d195a73f838ecdab55ff5454

SHA256
b7b5760d4d3a9c1fb880858f8f30c107627eb07d7a6c179d7dc887a4be013fd2

SHA512
1f7eadbae93617b70972ef498956d74e7018401eb95e58313d5503613a185a968d480be5b05963d6eee90e11910bcb8f74c68a501f05b4c694c78dd8b72e509e

Download Submit
\??\pipe\LOCAL\crashpad_3600_SAHUZZQQRHSDAZFG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit