378b3236a4e00b0afd957a710b9352a66d30d6afa0cebc776c214072e4df6658

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06-05-2024 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bbea4a95dccf38b9ed2e45707869e4c_JaffaCakes118.html
Size

90KB
MD5

1bbea4a95dccf38b9ed2e45707869e4c
SHA1

d135507c0c4608bdf3a78910b3e50e50e10361ab
SHA256

378b3236a4e00b0afd957a710b9352a66d30d6afa0cebc776c214072e4df6658
SHA512

014a6936a232e21cfc6385daccd0c921c6c9c0c4c1427757395b84c40e4381837c5ef72fc22b9b27a8040f94bba4494a23271111ebcd95ecc2c49825dc6ca16e
SSDEEP

1536:QnWHv7o1HtfhsO2OAOYLKXSluMOoX+qDmabSP42kwBxB8CaOiupFqQI8S7mHBOzq:QnWHTMNf9dvl75JWstX8Oz21Ffp7bS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2880	msedge.exe
2880	msedge.exe
4860	msedge.exe
4860	msedge.exe
2680	identity_helper.exe
2680	identity_helper.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid	process
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4860 wrote to memory of 1292	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 1292	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 3288	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 2880	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 2880	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 432	4860	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1bbea4a95dccf38b9ed2e45707869e4c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdadfc46f8,0x7ffdadfc4708,0x7ffdadfc4718
2⤵
PID:1292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
2⤵
PID:3288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
2⤵
PID:432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:4144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
2⤵
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
2⤵
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
2⤵
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
2⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:2340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7296 /prefetch:8
2⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7296 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
2⤵
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
2⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
2⤵
PID:3416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
2⤵
PID:3384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17319707743632996728,9399679224552729255,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6856 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\040e69e5-0a26-4b68-b3ee-f30dd46cb80b.tmp
Filesize
11KB

MD5
778a2f9c9b58474cfe40ace632202e2b

SHA1
82785088a7c57ffcaaf8bb3e81a33313aa37f9e6

SHA256
d3d3a4d2ed6619ed624da44f8ed66916b44ebdbfce09309bd45415f0dc77f70f

SHA512
5b1feb7aaeb66a599f55ebce4ef74f9fb24313a8e6fd0cc93a2da38f9e91f56ab812ff83ca35ce44330b7a6d9ada99f721944cd128dc515ffbd81183f97fc525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
9bf50eb5c6363f291edd5f7fd5b3ce71

SHA1
673601a171f11cd6f5ba65a1266947f87f7202c6

SHA256
497c2ace358477b0d498d77c4510dbb6b27070cff04aa5c466af604a9b29f775

SHA512
ef1f6cae006aedbdf395dd2b561f6dcd4d7d38859e683ab1c7f3bb519b7315953056656c035e009f50b53c1e85ba02fb087d8284d2c3378c9367fbbb6e1c814e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
d3e1cda9ce510e6f13f784d996c0b6a7

SHA1
d907f901d68c1838df2e6c502627d4267dbb7e10

SHA256
345844721b5cd1a475adabb3595ca2305ce955fe570a3006c31736eb6c63aa72

SHA512
b638a7c7c9112e7d938473ef5876ce02105ac8fb80a27677ed12f1b1f734a359ab7d7e43fa3a33eabfb0cdd83b0992e34035dd3ec1b9f5b92532fa78ea2c29e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
8d169f355db615baa8b4548e29f13591

SHA1
60882a7fedba009fc13fc67fb476c1ac68b4ed01

SHA256
50e52cef7b909e7fd74e0fbb42aa2a9f6b78d56858e3f791dee25df3b7b394cd

SHA512
0736aae9b76928b5836a156dd30a8031c53770dba5103ccd2533773b54371c6bcbb0197fedd1b60981c8ca84b9791a34b48c7c41b13e57ed0d989346d9003cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
1304dd45257479c238a4a55c1ff61e78

SHA1
004bdb19172ff1638043e9f24b4d43313e45dd0c

SHA256
216671598f1048f08bca23c49ba24626db58d0b75ac2cef7222f876ff6c14c67

SHA512
53429cb8762033aec61bb6fe2f3b3a8488360b1b1d80bc2e6e1b3322e9cb9cca389f02f953f6de64f87eef3410f36d3fcc5446644d454330d9cfefce876109ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9b8b351ba604dc79aae49a12a8b6beb5

SHA1
937322b273cae98e40549aaeb7213ac1fc425ed0

SHA256
42cfc7c4f4312fb6429808c03b02d565971676baeedb859a5eb51bac3527dcf8

SHA512
b07df5bbeb523ba3040004421493af6a807cad1cedfb4ffda5d6565ec05b7ce8d4dae117615b16b397aa46a00b354b00f2743a5de7155457594f01d55d4463ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
58b7d6fcaba134d6d7fe3aec554fbb1f

SHA1
2349296ebe7ce5e13aed4150928bc41fc902882c

SHA256
36e2d1e5a29427cc7e08b2796cafa785a22391e548081bde5216964468d2ff0b

SHA512
382e53742d1fdf82aba0952e4360884945850bb6129a955fd3fd4f36c2240b1cebdc7ac1c04da950d1ee280817416d9ea0415d5049dc055abd6b8d15d658c10a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
aa659b51d817971f7e6e5705dc707f23

SHA1
3dd986e9f8b3de2198ec104dbf3e73800efaeeaa

SHA256
e88da853d4528e6b493dc41d6bdc66e90e2477d5345bbeade5e13e27868d092c

SHA512
f5d23ae26bad3d44c9a765ad588864b2de37ec3d87be5c663b13baa617dcffe459f95f2aaa7f9b3e2d36b42b5a410eb776ce49aef553a0dfd57e7f5904c337af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a75cc33680c74857dba26ed361464abd

SHA1
20c7c6ad5d8a74e83db5560d171f3b489dbb3115

SHA256
159fdd9b603e60623091dcc455e9441d739e44969f1e00b8ef148d76554720a4

SHA512
bcb5f853d709e409817be580ab4ab2b1d501422f5f6e02dae05f6468a508132514c65f06d5f9ee37457147cf5e4785da79262a6dee0aa4ac2f118e96497a2411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
203B

MD5
78266c94fb216b730646c0e5cb7f95a5

SHA1
0cb421f3920817a857122bc1dd0a5d46cfa2abc0

SHA256
257bfb9df7b4a36537ae4547f4cba2739bb7697b1e2cb2710de221b81244f385

SHA512
c1b47e76048838ad58a38c5121202501fcd4f232a5b7f60ec05a0a264af54118a4900c0312bb93b361fef6a44715acdd4547e16dc66f0f00b513376a109e2fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a3b2.TMP
Filesize
203B

MD5
c6bfb45fda56a8c80d9e1247317cbb59

SHA1
82527dd707695d8f510d4d3e3090fb19c525ee16

SHA256
e134b4f2a484619f9057ceb4a7cf08a8cd13975ae53cd32925fbb46db850ffa3

SHA512
1a4728596828b5fd406ee29bddd0a0c391327bd6bd208bf583e9802f45688340a9f382bdf5fdfe61dd93a17c61fa92614d52cc86665144a67ecfff72a97df0c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
\??\pipe\LOCAL\crashpad_4860_RMZTSUCJHVSIACAZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit