37419cd16e2213a3158ba8245f0528cd3ae4a5e14c8aadc03c044faeb04bf46e

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65975621a6b59b3d4546c2ee1b417a63_JaffaCakes118.html
Size

40KB
MD5

65975621a6b59b3d4546c2ee1b417a63
SHA1

ea033449b340ae972ae334a46d8ecbd1c2a41356
SHA256

37419cd16e2213a3158ba8245f0528cd3ae4a5e14c8aadc03c044faeb04bf46e
SHA512

d1c0388b310119f72d7744045b5b70630cf453bb6b859fa862fb5f2150329ad98ae3be3df253e89e9f00482d3609b857b2f8743e34d27d29528b01c36ae131e6
SSDEEP

768:zjFr5ykpwvCJE4SU6702i1id1wPOdCXcSaDDWXpfS6fV/hBs+:zjFr5ykUuSJ70T1ibwPVMSg+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4756	msedge.exe
4756	msedge.exe
3240	msedge.exe
3240	msedge.exe
1020	identity_helper.exe
1020	identity_helper.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3240 msedge.exe
3240 msedge.exe
3240 msedge.exe
3240 msedge.exe
3240 msedge.exe
3240 msedge.exe
3240 msedge.exe
3240 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3240 wrote to memory of 5024	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 5024	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3532	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4756	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4756	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 4772	3240	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65975621a6b59b3d4546c2ee1b417a63_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3ad546f8,0x7ffa3ad54708,0x7ffa3ad54718
2⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
2⤵
PID:4772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
2⤵
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
2⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
2⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
2⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
2⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
2⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,8971438310287203140,10037589857044607224,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
fbcc38f4af0e0da1c71a71acdf499cfc

SHA1
2cca41ed21c9ca51af03195a03ecc9272bb54e25

SHA256
3c181efc57ae60085453a2a30a5c75ad507379047d3bee0be154fb0203fa98c8

SHA512
910893373b95e376b5b166b848b2d36304c304f2566310a909cafd920d7b3987ffc4a98e42399d350e53c1839535eb0db7901f9e65f979fe2e1daf1cd259828a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0956a811c5caad83160a020fc2d38093

SHA1
00dd26595ed88f8fe2e6d0331bed71ef27384bb6

SHA256
8b25e90dc0685e72383ca35e5538e98dcc1dfec5b94d42e1c5ebc6e361da3ce9

SHA512
13f2f115e71998203b864fbb7a03edbc9c9c825f657c0230d56317bcd8d05d963b4d03dde9a0531d5aad7d6f9f817bfc042536a0542b8edd564735685161f675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c3322ee7cfe5891046712937b26d92d9

SHA1
c26eefcf6ce2bef0cabc8f908dca637b9dbd03f9

SHA256
8ce726c8bb1d5591612b5cdc6f2fff9abce4795ef1bab080fddc1f39ead1cfbc

SHA512
28c15261843a85b409d7683d6297ca8734aac63111018724202d35ff4742cd0f91c175e35566a899b634aeb6145bdf50e65a331bf90ff7e434d0912731f940bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9a945a5128c07216b36465314a8b7c0b

SHA1
d5ebcc20760efa42348366394fac36638db67a9c

SHA256
394c8cfd061a67801e99640533af7a13e477feed1d12466ba02782718c18f8c7

SHA512
9d67a79e8f5ee8d16f0ae89e3c95f85b2cd5336d56f5c67e54a887c41cf87d5886ca5450bf55c2a30312c75dc65b46c0998e83afe601bf6577d2204d841abf53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eb2406241a48ffeaa9b0a7fecf23bf51

SHA1
ab4912c5f40a425f0fa21953be5498b57feba6a1

SHA256
f18d115aa0b034cd2c95fa564e75c4bdf493944bb86c918b367eab189b04d2e8

SHA512
6955525a16c32c4c33756bfcda35bad3d9bd87df89c513713eae6477385d0c1f2e8e1e3561dd0666435dfdf53417dc17eb0edd84e093de5f5ec7ec0e37d46b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e79639113352ec908e242dce228667f

SHA1
33bc3daab3f4b34c4116dad70ff7e24c043ba4dd

SHA256
ae4534f4b81725c78358eaecbcf4b0128c16f557ee51e536f3a3b971cd5c98f7

SHA512
abbd069692cd5a2a723eea2c938ce26f282c43c17218b0b0a88d10de87f0b3bd052f9d01c48674ebc9bd704d7d0af2b00ae351d64da5c65462b1f48ac4f58415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdae4e052561076f83461d985859c292

SHA1
1aaefa61367c416abcb7a0eba138b870649f0413

SHA256
033813a3b2645d0d8765a6922c17ca775f4a719ec5ce1ffd1d3f8071ea3fd33f

SHA512
52029a7f5f40ba63c447dd5af4225c2fab9f832ec027ac22fd747431bb393c459ed2202a62c8dffd987e6fb1bf05ca4c1eec9ef0e0b1d284f005cb2013c0d1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f274d774f5745aa06d30611ce3dba00d

SHA1
3faa048d5a3812ea6737ff67f226126c7d4a3a9e

SHA256
0ee91e1357d7f1cebc586439f0ff92c55376b650dd6d5e3e88cdc6387fcfb128

SHA512
be7a8d528332e5bf200472cd4e73533c2a8abc36195124581c1000f8ad5c6b2afa0b1074ada56c5fa4001a4c2896fa10ff50578924dbf55618e8d07c64458ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c525.TMP

Filesize
203B

MD5
b4cf1df732eae93849ce6e6a8a2caeec

SHA1
13a42b53b6f25f86e2decb38f2dd265a8866ca3e

SHA256
5e6b75dd8bc71f49f17189db70f28fed640ead1d30a9bace3e0b3b5efbc323be

SHA512
b3551c4d040a798119eb4205147c37ed3ab87851b6064c7ff10738bf49f410a60f11f1e6bcbe613407dcffb9fd34cce69915a4259e36fee2890519e933cd91d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4d6f30489d1dd0f99995c610288d6e6

SHA1
d7519b3983e91a154bf8ebef202c5b2a8b36aeeb

SHA256
ccb58d48b86eb947f590eb9c90d886f814e93ffc7ebf23fb9beda8f68b2a8495

SHA512
e32240e4894967a2699c7d401cb493ea95744ff8e1da425ba28975a76fa2d4b5d42741685ec2c2ab971324ebe91f580235ae923b5c8b2cc38021ddcd6a63002f

Download Submit
\??\pipe\LOCAL\crashpad_3240_LFOEXDYCWMQWJCWT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit