5c77f76fdb1ca1537b3fe05e80aec68e748ec3bc83e01a9bbe02dc855ec3f04e

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64b76ba50e34b6b862b29ea27dc895c4_JaffaCakes118.html
Size

106KB
MD5

64b76ba50e34b6b862b29ea27dc895c4
SHA1

249a7c0ac7e041a36b17321745e2b59230378d94
SHA256

5c77f76fdb1ca1537b3fe05e80aec68e748ec3bc83e01a9bbe02dc855ec3f04e
SHA512

370b5cc558dc992950c4f81dff3d82ee91652ce10d34020b4b0327d69c264dfd652119676479c6b568bdcb35b282a046d3b7fffcef205bcc17c6538e630f5deb
SSDEEP

3072:Y5Lp1lKKic0/1IoZlcXmNRSjsvKhTIUt10:Y5Lp1lOcs1IFXmNRD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4068	msedge.exe
4068	msedge.exe
1908	msedge.exe
1908	msedge.exe
3220	identity_helper.exe
3220	identity_helper.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1908 wrote to memory of 3420	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 3420	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 2912	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4068	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4068	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe
PID 1908 wrote to memory of 4592	1908	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\64b76ba50e34b6b862b29ea27dc895c4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc840f46f8,0x7ffc840f4708,0x7ffc840f4718
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,17195698368905392306,10299342787953775243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
69a9a0ebfffd5ef09afcb02dfef08e2f

SHA1
200cddd9035b852ffebbb373f768ac6794d54093

SHA256
55f4f5b8564ba0b0b9acfe42050389570c17a5097ecebf0e41641625f3cfe4f2

SHA512
88d359520c5ef57e699602994dc6e588ebe17939b71060e882836a74004272a5e03b83b89a7dd7b09e217070207cbacdd5a9ed429932596d96a149639b8e43ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5c2a04d1624468887ef30e60801dfeac

SHA1
92d44fa0a5df2d258dcd0cd6785e522c258bc3c6

SHA256
beaff87d3b399cad8aa85ee17e466ad4e196604ce170165233a503b293a6fed8

SHA512
f642c65d59337d52508ecc2c31a3b30405b1a46c0c7de926cde87db83cad3665521892280bb320f99459acc3f073ef5027714362018ebc89538150362e95071b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
9ff4864d3c065e24dbafc2758d2e2e4a

SHA1
65015423b7be29ec224ea8b1f5378d4c091207bc

SHA256
2fa314b56952d955a361242059a89d9be7dc9d55b033c81dd903ec2b7a05eca5

SHA512
39051caa7dcb93f6abc56437981dc847910d585b1552c59e5cf844fab45e2433da854f6376315557a237d2919ab194f624ae156e31639b09239f9131103d95ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
daf9f50e3af6a4ec6ec4a8d22424c6eb

SHA1
73d109196cf589d2862cfb29e4b7b74a66b72376

SHA256
df17b7d6d50dddf754d8b47f22dcec3e5d92a84a926307a2340d59d8a64fdf74

SHA512
c5d517b23be4ef11266d5fdf19fd65abf1932993d900e52e0e15df03c88f75a026d79677f09513e8d2ac9d6de72b6576ab4fdf0cb1c8b862b70dc6687cedd0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ede4b5989697fd763e53db9c8b8cb1f3

SHA1
151f9933ef087e87e6a05b50a561dddef641af8e

SHA256
cfcbf1888a73f6ad5d7545001eee566dc37e7659c5c9f99cf4a148ca6ca07ff7

SHA512
e7a2ff3d64c1578a857d7a3b7bf7dc65a56f6da315e0f917d92c6accde904f46d88dcfe6eb7c7a2fb61549a890787fd2649131486670f08577e17adb6cd262b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a5cb692eee6d294218dccf13d6c72ff7

SHA1
5b1dbb0b3700a97c941ea67a3b86cae2974bf27e

SHA256
60f52ac3898ae7d7ed0045abf4cffd61b69d074e076d96cef7d71a00e4b71441

SHA512
cf055522217a1971aeeff6cc37323617045f4f17c4cec68294b111cae4cc7f82542beeec7661a2942985c12ac47d7ac846a1c6e9a8f95de5c6def45fc95c6c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
76751b8c3276721491acd372dcf86d3e

SHA1
4225096aef61c2235f0ba04e63aad2783f1be5bc

SHA256
4b26e1098bc6088845f500928a1f74eb4660ca4d8941f87c8acabeb1f53f9236

SHA512
33c7acfdbbc4bb079d863d3e6afd9ddc23a80eb70e950821791185ec286dc57ac68442d44fb31aa0aa5b9d1ded85370b955c14de82cfea4acf21618d44b88297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eac6d827887a453a6e1850acc5e36460

SHA1
614738a6e7c36bad6774dd8aadedfd3c5c7a0ab2

SHA256
c5fae8ab0375f98fc1faa772e2a5948c6ecaa8943a2962ecdf8137da0fcfd8f8

SHA512
b9dcf991bf00a616c0fa609ae7cce280d1a5e07f6e0ec588c6e025e1540621c09439e05fb5af43935776bf6c6f1537a719671885ecf90949a3012a5e05377835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
7ee4da939268ec8ac36810e31b2d6b87

SHA1
c4b8035884ad842556b0e0744373eebb93c5cbba

SHA256
e0330f538fe64c4edad3e9ce3213fbba74045408dae5713581217c1e2dae63d7

SHA512
8c4ebae4ceacda46dac4417559a4215004d042dcc2b9c663a3e4b0adcca246aa363f7ecf4a2718507125310420ecbfc2afd5ba82623665f9a56734e0dab51178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b381.TMP

Filesize
203B

MD5
452008ffa85893b2597618a3055f3d03

SHA1
9d5f8525ed928aa8805aa74a2721653d427c1c59

SHA256
1ca3b5c5c30085b3b0377623b425ec34b26dfe4631ede720b293ad35ed30aad8

SHA512
b467649793ea92660eace945acb9ebd7b403615d609255741b211b176569538abf88ec14d412ae5a64a4aede85ae8371ee01e1259f612862953a54c0f3698dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
19f6936fb2f422507a8deaf337875801

SHA1
589da3f0fc5a0e5fd9962e9b0fa8b518c6f09f2d

SHA256
851addfd9a12aca72d8e92c0283967653ca108aa407726ed776799d383ef22f7

SHA512
e67975bce8d380c281c99bcadc85349e222c08677e5906a15cd58378a826acc9bf839cff6a7f1600ca64e02f1653a65b7b3d27fb4f1cc2b0fd10c2117ba7fe3f

Download Submit
\??\pipe\LOCAL\crashpad_1908_USQGLRYVXNBHWSSK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit