54c3475b62d2b7ec239d30ea670a1efbee289a9420827a9b6d6a3c93c01f0842

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63c0595e308f3d8e19806ea9b4550f7e_JaffaCakes118.html
Size

93KB
MD5

63c0595e308f3d8e19806ea9b4550f7e
SHA1

a3b71c5870334ba01fa357d0ba0d292df78b367e
SHA256

54c3475b62d2b7ec239d30ea670a1efbee289a9420827a9b6d6a3c93c01f0842
SHA512

67ee0ba4e51356492e8c84c99a66d72590e22652d954173c6a668eebf7deca8dfb791a74316ed8a7f3f76f6ebf1d7fc0bd57eb7f4e3f4079e85afcea8d4d15cc
SSDEEP

768:cEyOLr+SS7qY+LiocLd2xlYaVblnrnKDYowY7eCSN19jg921Drom818udAMolCQ6:tkqFLi1elNKsSEvF08udAWQaZ+QWi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2084	msedge.exe
2084	msedge.exe
4996	msedge.exe
4996	msedge.exe
4420	identity_helper.exe
4420	identity_helper.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4996 msedge.exe
4996 msedge.exe
4996 msedge.exe
4996 msedge.exe
4996 msedge.exe
4996 msedge.exe
4996 msedge.exe
4996 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4996 wrote to memory of 1564	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1564	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4428	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 2084	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 2084	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 1128	4996	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63c0595e308f3d8e19806ea9b4550f7e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xfc,0x108,0x7fff0aba46f8,0x7fff0aba4708,0x7fff0aba4718
2⤵
PID:1564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
2⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
2⤵
PID:1128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:3868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
2⤵
PID:1688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
2⤵
PID:4252

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
2⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
2⤵
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
2⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
2⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8527606318004369893,92808569126838755,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3908 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
4570b140ee4562078b3fb9490469cc8b

SHA1
864f99a00efbb3183a1a333f69f1629a3c91b423

SHA256
31dac75c9d3e85db5c7715b2ccf5f7d1ef909ac209b9526fe0ba8c1005a81be4

SHA512
75aa363718fae1db7ffb5e3176b2bb76cb38f0e4a61c3f0889aafe33c1f7a4ee6e4cb62fa391829e7fd499c9b7064dc70bd1d9290205c3206de8d0b3c60bcf11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
ccbb731c7f7279782b1b3d9c7e674d83

SHA1
061cfca0a15bb0b0ef5183d81860691cf90056e3

SHA256
e9a0e4ab02c33e3ac13b59d147efb360aa0f7c360646d0f37bb13f508d5c1a03

SHA512
943a031df3c0758bae824f10b3a1b01f1fd7deacebc833cf68919d5266e6dedbb75af447279ee7f6bece59dcdf0c1f367d549be145ec7959804276a5b71ddca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
37474033e94a6270c061b7a818e4546e

SHA1
22138ac9b2fa3f87ad2c4cfc27005a996c57b156

SHA256
c8f67c104fd6d0595dff8c581391e465d19966beca6f98f0fbc3513f9e12274b

SHA512
5017e9aa0c32f381093a230b538e48fb9dc909331c2f756a48cb0e743fde9649251fcfe3ca21009c65fbbf51e78f3e29908fb35ec01379204ece0fc4e1a77559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
1339f4aec4516123952f925353dafb89

SHA1
0f49b308159180f61bfa25a8ec438a5f39543954

SHA256
305fe725f42dc9c525e51acd9ac2699f49f80ca64c3a96a5e419b6d12ecb6041

SHA512
f7ca82096ce1429dde52dd31fa6c8ca5c2cc3d6eaae93b4b1dcfec50067416c4eb8ef2369d6c21db5e0f2e87ef15e79caced73efd23ca79dfd903f70baeb2da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
b0fd9cec0829f74e9953831ae5020a20

SHA1
8ee9cc2044c99e473446c9f5aeda519535eddf5d

SHA256
c70f6fc662985a894e612c8f3ba73cf536594d1b0ee689488c834325612fbac9

SHA512
1a9cd7f0cd3b2bdc7a2291a91323e354a883fd81d3944df0a146d0564f29358272a014d471d3bfa58cd4457b2fcdd315b5506125bd937afd3d1fde9f1f8b5edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5086b56abb39787c15611cddf35233b0

SHA1
e869a4f021af5e7bd14982d7d5e63466b747b7ed

SHA256
2c3be3853219e803dacd570e8e972271e8e0307b7c1cf798e77a8812f00cfac9

SHA512
60d2e6b5fb9c450d8d7a52ae9d2d747913b2f90d399019d672bcc7298ecfc31db3a2c95caa451a13a10d339744e307e7bad4e0f65e33765aff95238256792b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
3956c2d8444531fd4e71171c60b1d5b9

SHA1
1a6753746ab21013eaae265cf01b859e8406b832

SHA256
cf14f735cdd15dbc216e8becf9ccdd88f283bb90520659d8f454a4425d283a41

SHA512
40d95dd3beac10089c9465ceee8e72a84ae777cd2ba545092d331085badb242fe49a4e71ee2a62b45bd6087c3052cbbb8eb235aebab3e7be72f90dd6a585d692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7459117ea2ec5998e0885848bfd6d755

SHA1
2170d8544333abc8256597f34597f61d40784fcc

SHA256
5602d435a28ce0392c210539f89a9d2867603e628dfe2c5ccc864b2945e48a80

SHA512
3ed77d5b66875cf53274ab5709c1b8f6b0acec2b71725ece1b7b03adc65a96c7e712675cbed946de4b0d71427cdaf9b455f5dc83d8fe327d13bd79017c0f7c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
43dd503b3e7254a90a6eab9a8607f313

SHA1
8d23034d3a69d6a767e9b800534910c12fe949e9

SHA256
d5ce4aca309722e4fec19307d9487a41bd52fff5d18d0f5d6d13497c3268a75a

SHA512
b9c8d641f1a486e20066ccb4bf9314070409e488b063795c83e363bad2247e23c3e61278c1f0af5c3da02837f688dc5da6fd8f5b12bb4ca8891a7bf78e3898e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
704B

MD5
693748745b366dd59cb129a82f1cbebe

SHA1
7a49782a6630e0703f06363f0294a4a08a51ffc6

SHA256
ad8f855dee35c0cec8196671c0526366e3cc48d0307f1f95617f9c995dfe6f1f

SHA512
6d4bd7bd5347c10b51074b6db3b424a96f8d8b0c25aef9bace5697cc3c39ec07eca9bd57a7c383df743a434408e3a865a20ac01cad4589e1a9b111bb183bc154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d011.TMP
Filesize
537B

MD5
898299387b1e5a0df650a69bac111ac6

SHA1
bb419346946085ffc01938a8ebfa7bf9fd4b6b80

SHA256
c20ddb722fc7a3a637f1e4f3ca19c36d55fe5d165aa48761c72f892f9c315718

SHA512
d733a00d8fdb63903604161999b9128133d4fe530cf19f6e2ba7c620bfe5f2a26f5e29b0d9c492c68d57afcb10f2821dbee0675e7fee6cf629b2331432ed8f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a271381933c6d3ad0425c0c62971f135

SHA1
6638d4a1ade0f77fc575ae30201b6a5a1b89bd20

SHA256
9922b9ad206db4d8d34464364dad8ca5d39ec28846b3856eb3f02af296c283b7

SHA512
6431f8fff864c59af1f879444aff929f65c9d23a25ee2c04e31d19658a7916a7c2deb5753eaecf489439f77d488096f44878f8203033d7e50194d5b90aae36fb

Download Submit
\??\pipe\LOCAL\crashpad_4996_ZGQGYROSXALKVUEU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit