c75b137ef06d0dbe5e2b4845d008881cfcd78684267fd899d5f7722ce3545cff

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68fd0a2571341765e8c12742cb7fb334_JaffaCakes118.html
Size

246KB
MD5

68fd0a2571341765e8c12742cb7fb334
SHA1

c26007b97386ad8201f953352d207e51a894d335
SHA256

c75b137ef06d0dbe5e2b4845d008881cfcd78684267fd899d5f7722ce3545cff
SHA512

e46fdd39a4540b205c7afc16384922098f8ec0814ff7b32dbc038f2591bd969a22d6928700f275df4c1dee953eae8302f8328ec3dd6dd6d9b4c700dcb7d4c68c
SSDEEP

1536:6sKhOPweTCyhOshImLJXTd9xZj2du+4OeKZO8KOw1e14T16YW/j050ZYY6wV:6sZxIm9dHZG4TKk1e14TQYKjEAYG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
5000	msedge.exe
5000	msedge.exe
3772	msedge.exe
3772	msedge.exe
3128	identity_helper.exe
3128	identity_helper.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3772 msedge.exe
3772 msedge.exe
3772 msedge.exe
3772 msedge.exe
3772 msedge.exe
3772 msedge.exe
3772 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe
3772	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3772 wrote to memory of 2040	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2040	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 1848	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 5000	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 5000	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe
PID 3772 wrote to memory of 2444	3772	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68fd0a2571341765e8c12742cb7fb334_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3fa246f8,0x7ffd3fa24708,0x7ffd3fa24718
2⤵
PID:2040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
2⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
2⤵
PID:2444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
2⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
2⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
2⤵
PID:4772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
2⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
2⤵
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
2⤵
PID:4308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,9128720113019990772,12952661044708398650,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\641be34f-a706-454b-9d26-fca82c091160.tmp
Filesize
2KB

MD5
af7b357ee62efe76f2722b3f0a19aff5

SHA1
940cc7cb95c64e054cfc646edf6496ef3f026df5

SHA256
716992b95e53d9ce9323505f1cd8af84b962492c36b0a2b9ac2ca5dd29a7ec64

SHA512
9f5954f6aa721b80d37cb9eb23acd38fd654d8c314f64d441e7ded68fb92ea077d9ade5f6746daa62191902befa5083392c8ee5c673ef7b71d312bc690b99319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
6be0ab2b20206a6ed977b1f969bb4679

SHA1
7a8dd97b37386a707667f3546b3617af4b486221

SHA256
92602712ce7c709a272823b1a10afc0c3ac67fb8792035abc88ab328773d423a

SHA512
d122cf11ce6dba6b87142315b2b5ea7a553e7dbcbd044db3171359622bc6dc918fb70104d815eb96ad7941dccc4c5fd9746d0bc262ca07d3cdc0532d2857c7c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
f605b27f3fe755ff601da584308e89dc

SHA1
933f18d96467b1c2316b1b803028062864b71e8b

SHA256
a4e874d6c047c6edfc6f3a78240960eea9ed0f293427d148559ebf35a44077b4

SHA512
91d016f86e7ae749c945154745c717ad82785c1bdc4ccabb52940dfb3c5653696cc47ea09df8e02411eece239f9a218a454be06b50322db464457fbd023a987b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
6b014f799e9ed8bca92527cad881fe75

SHA1
f512fad6fe6f362689d4efcf691f39f8d40c5c45

SHA256
c0303755b19c4d5b4e2635d4d88760696e8a30243360aec419dce3a33e464de7

SHA512
f7ddbebd9264336eeaff296713b81d68ec4113b4673bbb08e970ca9d3bab59b10b2add8eb9c3589514189160e17d6c9010258094773ef39954be30e7bae63036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cdc83a2440889b17cdd6cf47bb74738b

SHA1
cf642366d308ba354cb8ecc7d3dfb7865d5df427

SHA256
265e2ffaa46bda97143e532481bcda5e869dee6f3dd342b7482f7e434dcc7d39

SHA512
c6821cb0819479a90595f62bdbafde48ee29f1caa8059a2d2817a3e9521f2fb8071e3283ba3e2be59609d25a914263f834ff0c1792b41faf9bd308e76df02498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
161e2679f719eb56667d9671c01aac2a

SHA1
5b4b41265ba3f6f111422e223d78b0d55b9469c5

SHA256
1c861ecc3e96d6fcf617a834b8471dc3ce2f47bdb00da366b68e1577ee554d00

SHA512
7f35e303c7d4412f35a61d5122a4cfedefdd1f23be71b5bb12ba53c8adda8e3bd4880708a9a975ff9fbfcd72d850b1a83d0c902d3ae016cdd202c937d924ac14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7f3880ba86e7b4b411efa208e9e6a44a

SHA1
f082803c2732df273562850cbd24ebf161514c40

SHA256
f9a200ce8b1fedb04dd1b088daed5f86ef4d0408fc34ff604ed5cac6d66b0db6

SHA512
930af8c2fc2e672cab46f7dbc3f2a7aabc8e9459a13ea990f33a50e1ad74b8873a49b86bbc3f2b97e1964b9af60599f9555ba6ed78c8f7da392cab07c514cc41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
537B

MD5
718f1e3cc33796b93f9b350001e3bd10

SHA1
66ec0b2f3c7147810f12606377f36dd347053176

SHA256
e8b24dcb84afbe34159d33a799bc5668e68769c0236d43dffe043dbc916bbb68

SHA512
a5b4828de211b8bb4184ae545cb5a3a9dcfec6f6c136c08f5b97bb59b463e586f7ce66c55977498774501d17de58134a73c55956f4196d7abaa4c25c9c8c61b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58125a.TMP
Filesize
370B

MD5
c270774cb02c7c9271b5f2a6bfbc65f8

SHA1
4f87d678c1a863fa714112b84774ee1758cbbd50

SHA256
3da31a6fb5e3169024faf816d5598e4665a35f317e2acbe135efd510998ddd4c

SHA512
48086791d35fc0371d35307b3253aa1b58f9858eccca49745ccbc934fffc1b55c748a5de1a401f39daee2b04aba5ef7a1bfdebdf5a19a3e2d0b7e918c3390e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f93e4b21-a671-46ad-bd4d-2ea4d1b5edd9.tmp
Filesize
6KB

MD5
a54aeba1f18f4f92cc717fe4348fcd40

SHA1
669ff1499775945bf349ec2eb153cd4b85348b1b

SHA256
a6f370f8d5f8fbbac169cc55d7ca04921c4a0d668bef1a81c3937021cb23b1ca

SHA512
91677e940744ff2a76f1a614924d4ac17c6d2c5761375b6f4b7d43ee7663f870d9cb7e4807ad4999718065a5c9639e170144adfdc5270be2282f3f8babc58b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
87cdd26853c2ce6e03601c917f0b2b5e

SHA1
a0454f6b6b0401b092b415b1fe8275637e76e70f

SHA256
11224df1fe4c3b2fdc55c5322ab2ed8602c09c0ec58efea01483810bbee50283

SHA512
101c5b777bebd83a1c1719867c0ae68d0d7b3542bd363b2060698c33bf880a6a85884102ba82cb21c83fdc223ec19c8fdfa50a3a10c8afd75552084716fd0131

Download Submit
\??\pipe\LOCAL\crashpad_3772_MMLIYJJLRFYYUWBN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit