813ce5be204ecfbb06e85db85039a4fe0179ea4e3651e614bb22bbf3062224e5

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

658e0bff01bae00006fe58d941d5c4e9_JaffaCakes118.html
Size

276KB
MD5

658e0bff01bae00006fe58d941d5c4e9
SHA1

178cc27ae31781b3508bb1fcc5477f5dac919ce8
SHA256

813ce5be204ecfbb06e85db85039a4fe0179ea4e3651e614bb22bbf3062224e5
SHA512

ada823481e3b8f8fb99184dd20bf3e13acd6d79c7d2c1f74d4682bf221cf2a07d78d777c9e8336480f415e89b743bb4fa0ebab8140ca0f6bd7fa8996b1262769
SSDEEP

3072:ZMal1juDZ/5fQE6GB802kr5Jh8Mlla+fiw1D3wxfDYFZFZsM8VwvaX:Tl1aDZ/5fQE6GB5Jh8Mls+fiw16

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

11 sites.google.com
15 sites.google.com

flow	ioc
11	sites.google.com
15	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

972 msedge.exe
972 msedge.exe
1648 msedge.exe
1648 msedge.exe
1768 msedge.exe
1768 msedge.exe
1768 msedge.exe
1768 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1648 msedge.exe
1648 msedge.exe
1648 msedge.exe
1648 msedge.exe
1648 msedge.exe
1648 msedge.exe
1648 msedge.exe
1648 msedge.exe

pid	process
972	msedge.exe
972	msedge.exe
1648	msedge.exe
1648	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe
1648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1648 wrote to memory of 3892	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 3892	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2332	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 972	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 972	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe
PID 1648 wrote to memory of 2528	1648	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\658e0bff01bae00006fe58d941d5c4e9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8eb9146f8,0x7ff8eb914708,0x7ff8eb914718
2⤵
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
2⤵
PID:2332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
2⤵
PID:2528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
2⤵
PID:3816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
2⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
2⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
2⤵
PID:484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
2⤵
PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
2⤵
PID:1468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2296,16884319373524419543,9926057053119023437,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
19e24660d2bcc62d1f8576ced4d55152

SHA1
5155b4b8239ce6d5e6a07c5c76f285b3d5a66273

SHA256
4a91a04fc5f7bc89eb5a2e24224b0f65c4583b3872d13f48fd8c5ba10f75f0ba

SHA512
266115b83807ddad83835b7e4fa6486dfe4495992360e8f10519a3fe72eddc833920573e75a15be132b2c3abdb692c05dd506b9f92bb871109f1858e662f5e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
923831ce1c7e563f56fc0a4af6418860

SHA1
9c4bf5b8e7bedb25213ebbc15831f43bbf6b6c6e

SHA256
761c4940ae85c9d81ea675522e5681d70f98bfa4b7c64fbef10367291f55585a

SHA512
4eddf76ce5ea71f2f13714e4999fd4c8f285bb8a07565508605df6034bbd0ec95a5580c5554c919e850d3e896d85221f962b3bc14b64a00191c1858200008b13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
26b6dd447aff4e36642697e9c2651f97

SHA1
5023fce27dfae646efcb68060e816265e0846d19

SHA256
4d51e8ea879634fc04e1223e3e8e0015d26a37e676856ca9eedd63e12b47bdd2

SHA512
b2ffd2544f3bdd3de9d8728ae5eb45aea50be03a379292aac3b10527fc10e234853d582ec11cda4766a555ebc7c248d443dc86e4dc0c04eb3357d1b9c388518d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
74b98e9876ab0c0e4cbec0185c84d7e5

SHA1
592f03880d4540a63bc107d9e3a679567f3bef2b

SHA256
eeb32b341784fec17efeca469245e8d945dd97536e0feb04276e4cc3bf1dc4d3

SHA512
1d2ed7b84eb9d169f0faceb3f100472df4cd942b9f3bc225011ebd253eace5b00d7290e75f5cef0a189f66e08e3a398be022ad23ed43905ca1df65f62a943e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
70b5c289062d65948af78dede86476cc

SHA1
1e532bd9a18ae2f301bb0d898b58021f0e238ab2

SHA256
bf6537fa962e08f52a657697557a95dc4fd09607c22d58a3c2ff3d2ddd4cf9cd

SHA512
f8faafe1c587883d67f79669ba365e4dd9d38d6fc27b2d7b9c87f6167d3ce869a6ee05cb0e63fbb490595aae49cfd41a6f08c47198ebe22e6ad15a7daa625164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5fb96ca5473735ced6cba6640cc755ed

SHA1
d65c70bfe970ef5b5529e044ce2dd668f5fe9aa5

SHA256
36df82aeaeede5e15cddf91af5444ff8754bd2849be534500a187df385c240e3

SHA512
9a3ba546b368d0b1fe1ca3ca57c0df00b74c039737b53cc04cb9cc851d5dc112a776fca14395930fd4657a27517ef0a4c8765bc7b330544aedcd2f48ea9b1a6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1535b132ffc842186bf97726ddcf9b72

SHA1
a089de6fbc1e7cddff55be49042ce0184700c1e0

SHA256
46dfcccb21b2a0d93e9b6fb32c1a05255767c8a91ba9ceb7d2839749d8383be7

SHA512
388555a489075203d210c4bf62194fa3f1c3e422c23c7f7241116225b520a2ac0bf7384d64cf663648f89222a070d5728ac5afcb64ad6decce0557e090786928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
c35e9d9a69a310dd8768eb5e28034fea

SHA1
5de75564fd16b1fb4f07f0ff2c7feb2b56b5058b

SHA256
57680d1a70045ede0ffe43a5a35829fab5df32244e710d22a8a13e9fbb7bbc1b

SHA512
87a6044461725c9bb5725810681367899bc7d23c196a965ecfc8272e8ec600a88c218d6c3ab5aa1b6e948e002cfa7569797d91831886414b42e551b6edbc6146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
787eecd986e349f60d57800ab0394ccd

SHA1
7c6889022fc48c6657a34748907621ec5905ae09

SHA256
017238834fd556738b2c82d47ae533da2dbab6166dc5fada00bd087937ccf068

SHA512
c3505f19fb6cb2e3c6a0e672b859fe18b21abb39b33b49d4bf4ff5d29a9d06b490fa896d3a321035e510bfde5e320f0db16ee06eb17a0ad0fb9b889d6da9942e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c8ed.TMP

Filesize
203B

MD5
1b32bdb652826a93c501eb3a793b1393

SHA1
71e4bdb5c072f003b7c6480c0839813ae3777ded

SHA256
cb03da34433483b69691f9beb389660f09bdb19e60c8e340556904b113d75df8

SHA512
4da63167c34e5c2d00d765d37a111bbf834b83b4623050c4f432eeb604ef964eb9a9cde1f0d569f381ff355ac739f0d62b704b26ad8b4d37977b44bbdd8dbb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f63a94de7c1e84f0a894b01759c35565

SHA1
761848fc6d18a3bed4af3c8c769788eb22455ab9

SHA256
474ad3797aaf69229cafd812a055e2f350ef88e81e2426ea1504d48c79302a18

SHA512
c18118c9c4c30a26fc974944b46badcf6a5247073cf5fdf6273268313c8d2ea3f789041f8ffb83ed393127492c13cc53b57f68c7319d6eebe8f1c578beb5b726

Download Submit
\??\pipe\LOCAL\crashpad_1648_ZUYWLPXREDIFBSAU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit