4408ca3d4f0ec717b53f213dcc3a1612556054e837940e4942f1de64e840d772

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63d2c935c7c7c1ca8dc66e0a79bcf0df_JaffaCakes118.html
Size

101KB
MD5

63d2c935c7c7c1ca8dc66e0a79bcf0df
SHA1

54e0c2f3a58a4f7e1665913a9bc51c5fbf3de38d
SHA256

4408ca3d4f0ec717b53f213dcc3a1612556054e837940e4942f1de64e840d772
SHA512

c75942cf1853387ef90c1e4e14c8b1e6461e0af7db817a390c2e19dbc32e83bfc362806eaa16a3f0fef01300405f350cc41fa907f4e23878c0759cec55ff929d
SSDEEP

3072:6eO3xsO7wC2zteyiOIRnxOZodDhvyltMl3L:zO7VO6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1904	msedge.exe
1904	msedge.exe
220	msedge.exe
220	msedge.exe
3596	identity_helper.exe
3596	identity_helper.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe
220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 220 wrote to memory of 4484	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 4484	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 3368	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1904	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1904	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe
PID 220 wrote to memory of 1340	220	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63d2c935c7c7c1ca8dc66e0a79bcf0df_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bed246f8,0x7ff8bed24708,0x7ff8bed24718
2⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
2⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
2⤵
PID:1340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
2⤵
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
2⤵
PID:3476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
2⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:8
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
2⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
2⤵
PID:2292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
2⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
2⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:1
2⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
2⤵
PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
2⤵
PID:6024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,7173791945025885509,14875522998956389555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1e8e0dc03f87fab3f233622ef7fbdbf8

SHA1
1b69b5fb01500601c1920cc61be20351aa62734c

SHA256
a1b134d22eab2b2fca1a3ed7674bf0ccde5c829633d8b968ca375ef8ed20a651

SHA512
d3d19894d09be598dafb9b99cff3b63dc6062b7f628ab9cc6fa2d0b3eaaf1a88d024150ab9e7c668542bcdea9335b23c69a6bd67693047b0c7962da22612ed3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5abbed667c43f02a25379e81c8346428

SHA1
09e80c2870dccbee9d905c8f4964b625c4a56513

SHA256
3b7fd1e82475bedd325ef58b3f611f0fb51d9d89e932d8e2bef1e6334cf29ac8

SHA512
42e4845c599651b562dce06052f5ad4a455cfd29b0aa773b2bbd6864bd5dcd0d97946d177d004c93bf3a6e0c8715c2f70b11068359de043609c5e3675e53370c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e00c4e498c30f468bd8c53f44118490a

SHA1
b4d3bf5a2ea4569ec729bf1402ab26a7251ca3bc

SHA256
503719de7e8629d393f27f5127965cd16a3bf8f25bf98c0b5746fab6cc216826

SHA512
9311ac8aa0a6a36e7341dbbaabba8a9b5704206c58ee6f8b797215f3995d1c23e54afc769f60b6313487d91b9ee462358dcebe636b17b16c41df783ef4fff1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
158eee193e8011a04577c2c43edc0cc8

SHA1
137b5061818bc2a8b32a97bbd1052404791db19b

SHA256
6759308cede28fa7dc64afd5e22d8d9c2da3c70864b71ad4c29630fa72b1e1b0

SHA512
5b14900d3dbbf4f23ed7267f6e6bbc449c7f640dad9924bae8a4c9876a0b1dd9d7e44eaa9e9d3e1d0115d4fa4d755246348a53a07e71ce7d9718c77354798411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9147ba174c6349d06d4d6a8de197cf29

SHA1
3b3c5eaae4d5dcd77fd3ffa16893fee03f2463c3

SHA256
859311460ce8e445fbd6a442fd8e7b4d2d2975d02e4c9941c0f4bb69a5600364

SHA512
109ea3a4417c0789f08e66c7fc03d2806af7f22c36e947dccbc7493cebfa21b32ce9a81072cd96fbecbe9bd77928c350b912540860e2953ba9ee1360056bdea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
576d899e8f2b0b1be04f4f1d3544d05c

SHA1
11d80ca3ff95912cc0199d2cc0c77c0e56f74751

SHA256
e2eeea604ec5b990949d61c4fb2f84e5b658b2a761bdf4c1e163ccd7f2bdbbe9

SHA512
343f4f987106593be06bcb930d8d27bc03175cbd35fc942e3fd81d36c5a737eda702233c8154d8e89bcb18bd891d1b9c1f994182815389d5b0f075fd4d2dc0bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d84ca68ad068fb9a97da5bec7c644c3a

SHA1
1619b88e1bb2b6ec90e5ce7e2d3386b59d627d66

SHA256
5be4e8e22082a32cafe09a61ad03ca908aa8c3025abf5a9ec87db02ddbbae2b2

SHA512
8b2f3e6bc0f29d71df395824c78d664f65d5cc8cf9a0f2fa356c16426639f3a42f7349b35db72a69b301f0400d1e0738e547d6d2d0db44303b79fae0dc72bd56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8661e72fc84e45dde220106af084f178

SHA1
3c6c5f5a19caefd5745421cc063198c52964f6ad

SHA256
5b7466ab2d110b553baa763c309085293fd959364e740a57e6bd73ed63020659

SHA512
7b5d697207f1bf67d16726bbcd731eecc12ba844a46cb9ba2d0f6023a6e0e6fbb5299f0e154699ac9116b7c5614662175c4a3f5be19d20852137f735231e28cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
92072cad81ae6c2a4c5af026da3ca95e

SHA1
fc93dfa93ac39a7784bbb217607c10549e7471dd

SHA256
bd01b50d1dcf50e6363809ab90e80ec1b054b1af834a3344a307f484ed5d821c

SHA512
1d63461c6e32a9c841a7b9b6b04a586a197afde18679221a0913195ddf648842ef6ab87a59ff3b0c7acbf949ab0913505f5c53733ab71e57f6e574b1ea4b8a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
5302840b957633b422fd5820f598676f

SHA1
64b9f0a3f888100dadc69077c60efdaa7adbb8ac

SHA256
70c0393d7b3c5370c385332428e52661a461f20e3f0ffe232b149e9d1f6b003d

SHA512
e2a58cbc44e7ae5fb00d2048e3c4213eacf57c9c2592512a87b1e27ee826a8a64395da2714e5cbf66e3ae64f55dbfcbaedfd9740f151da80a043988236def4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e388521247acc6d2427d9099f92d4adf

SHA1
13af3b699b1f98e6b31449962f674f335a06631b

SHA256
0a5cd2f5e5063a6e4068a423149892ba7b5fb695fddc0defe478266f254764ee

SHA512
42c912532769baa22f1f0594f991c74a90d0a157a8f6177d9632ba204142158177332e63faef7c59384ee739f6aeed1a2f964ad9ae7faee9fdc5f6180129f9bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cdb0.TMP

Filesize
204B

MD5
be6a0b46bfd751da5c991e017deb9a78

SHA1
75f946cdf86588cadb96bc678ffb0ff2f10087e0

SHA256
a148173144299fe1ddca43f1992c59a989d6073a0b007d78e277375af815241e

SHA512
f11b4d582fac290c19e176753ba52911d72a8252d9e4f50f8314d4a6c537e28bb19fad63ba2cc81f265f0682edb2daad98c076c6cea70d45a63a0b4d8a1d1148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3a14922db618b7c72f16194c771956e8

SHA1
e6cad328d830628f50f98d023e2456cdbf289e07

SHA256
f3aa958e22756c2d6de4f1802b4357772efa4a17988cbdc4fd9c21e6158e992b

SHA512
7e54fc51abcc81e76a90ed8c1b5ce1dda69891bf501b34f93b32f2225c9e7c075b845f468eee98c4f02ab39b344b26efcf98971c9894da9c1c45e477c2c5dc35

Download Submit
\??\pipe\LOCAL\crashpad_220_BVEKGYMWMHSCPEEJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit