477deba71a5189c10ef6003fdd61a9bdb581943c80da5f3871a9360857d2a5a7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63a768650061a7c68fb5651c0dc20cfe_JaffaCakes118.html
Size

64KB
MD5

63a768650061a7c68fb5651c0dc20cfe
SHA1

eaa44c3253e74b8098cf4d619d0c9554ed11c1b6
SHA256

477deba71a5189c10ef6003fdd61a9bdb581943c80da5f3871a9360857d2a5a7
SHA512

26962af58a18b0277bc370962fb3afd8eee403ff3611f4616c0e804ceedc38a2f171f8de15cfcb61955a8089719af442cd791ef57c277a07b3856897a450e4fc
SSDEEP

1536:bjCTupBPYOfUCYlKOyyPeodNhOHaQ5kfatwpbzK:HpBPyxyWeodNhOztwM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1584	msedge.exe
1584	msedge.exe
2348	msedge.exe
2348	msedge.exe
1132	identity_helper.exe
1132	identity_helper.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe
2348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2348 wrote to memory of 2664	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2664	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 2548	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1584	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 1584	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe
PID 2348 wrote to memory of 4168	2348	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63a768650061a7c68fb5651c0dc20cfe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f4718
2⤵
PID:2664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
2⤵
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
2⤵
PID:4168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
2⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
2⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1
2⤵
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:8
2⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
2⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
2⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:1
2⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
2⤵
PID:388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,9642849375323590636,2436535646227510655,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
c13039c5945394ce10a6354c9073e211

SHA1
dc9fe1d46e9b7efe877ff42c6ed6b4ab7f548d53

SHA256
b664802965286a44273c9e317acfbb052b1944430e5b522913332869ac0845eb

SHA512
cdbaaef9eccf998167906d74c1e2269539effccb52c6c84a354d8ec3663216427305a3298c730c8d38cd5840099d2e6a30c58917dbb590bfbafb1cc8a84de4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
f38e20a6ece0e89444c39f04d6b4f0ca

SHA1
c6847fb6ff4a76cd8a2632c7da1ccf9889fd946e

SHA256
09a6d04bd47bf86ca90fc8e6f1515fc936e932fd4f7d91fa336992bff918f53b

SHA512
2cbaf0c52e32ce44f48a527de78757a88553e57711f615eb7a02eaff750dbfb090a92d3edd44ca7d8592fe4be86da16cd5a2263081aaf35cb5145f6f9b14b427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
94ec86aac7c97a3319ccfd3cd787139c

SHA1
b3f66f324f4490b2bf1ef35c66946175d0f452de

SHA256
1f07a359fdbd7ae2a584ea5361b24bbca59f56a05d6039e83447dc9595d68a10

SHA512
923529085a753ff5a1d98362dba874bcf0b4cc775395125785deeb154851d1c8290eede8b9cbf7297b0afbd306e7049dcbb098929375bf7b2184f8ec118d5d4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
f1e73b4fb14c73af545ba3e71098a500

SHA1
f8e62f950501b6c8d465ba4a80135f7f7ddc7e67

SHA256
86b06c05cd383d66b5e1edee0911e9ab79f4a20a4b13d134c2e26baadfee40e2

SHA512
51eaf863eb7b2a564c58ea6206356f81ea060cf3171956553fc37f3533e80f2f4bf26a27ec25fdec74350eeb99c3e46011a4e3588a3e6058b7186105c20343e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
ae8d80aa3cd2e2cf507dc734fe1fbc48

SHA1
7f68e260f867cc8b486ff9bf41a129bfd3368bba

SHA256
77852a7ac0b9c86a933e59b17588f04d280f9fd762e6c0396bf41c65bd3846fd

SHA512
0a75717b6a4ca21e6f81f0d1edf8a4f97d26168964753719466ea4e6b0eac02fbeb7489068a5deb4cf2527123c478843bed9727063551d338b441acb5a0c1670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f76772a6cf0866e697a72a4c129208d8

SHA1
cc5e570a2714c56e00b6f5be962377dbf473bca1

SHA256
62b063b27a47dd725540e384b2e594e4a135ccf992e42c89025724b5963015c8

SHA512
ba7c6db734d9094fc768d075b39cdd95456f4ee2beb53dca3a6cc0b82bb06bb5102782e12eaa0ef95a3e01b9f5b9b5d29fd696ffab3b7ba47d27e5178a09fac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2a7de807068ff4ce892b91d96944d610

SHA1
91323bd5b3039f853ddf13f3098826a0944821a0

SHA256
672a14182dd39ece0c607a954c64409b283d89f88f610b77cacf132c3d2545a5

SHA512
94d0f1c836939427b1df5923f35559aebc7d90089b929ebdd55a1b1b9eb829365ed58adad00a75fc7fa9474d555aba31b6154a3b2871e966609d431e16614e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2484ad9320f1289de04dc457dbb93b21

SHA1
1a3a59b9ec75ea6582ac664cac5472c268de58a1

SHA256
0328790dd6c430fa5895e86825b3551bab55c6d75f30d041e361deeaf2d11e57

SHA512
1f80e532245b2d2643493c7acf90cf1e2bd904835763914e1b153581b7db5c7179f08d98fe3bd0921aee4f994a6ae217950cbc9a22b43f2d9a45fd49ac7b067d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
f492712d4505c8b9be11e710c270f1dd

SHA1
c26000de491a59c344bd7b63521759709adf663d

SHA256
4d61f2ecdf60b5477d1936d0c295995a025220621f7b244735bc7174afec4761

SHA512
4a27e29f60c0dea167d1c11cdcdb0729476f29e5064ecb45fa1024d2f8dca9096a32aef70ea7a7ce1a8f01a3affa67a56457ac925d5a0ce96f13ea123aaa9d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581cf9.TMP
Filesize
371B

MD5
e6522526715bd7caf88318dc8ba07744

SHA1
158fee41c4e47d78aac822c5360e289ed417348c

SHA256
d3b3e37f94c9ccda47aa0fbbe9c40f3ba4405735c5f3a68daf5bf475e69a8413

SHA512
e950c4e7d25cfff93a82555d7b94354dfebe2328ad5f1f94714bfa44bbec31327beaec20936f99b063a9fbb1945945715467032f510e9bc1cf7c3cf3ab6a2782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b31a490f1cbe169edeb6b287780d8d2a

SHA1
7f2ae5c286724065172544d007928acae843187b

SHA256
f6d7daa43244ec89d3117b30237d6ba3746466a6b6b84f39cb010ce7bf80f776

SHA512
18fef883d46b848f9df9b06e9476520906ee7047a59be3c004ac3e6e661706d917ffb9ea1fc3748d434aeaaac606935145ac21f65b77fd4bed98f47b06a9dcba

Download Submit
\??\pipe\LOCAL\crashpad_2348_YCZCKXZSNKQZBWFZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit