b15e9175f39216bc19bacfd1fb1f28004df20ce197e49430ff782508606eb2b6

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65c13fe482e8fba142ec9a1a5116986b_JaffaCakes118.html
Size

500KB
MD5

65c13fe482e8fba142ec9a1a5116986b
SHA1

2719d9b6851baf79256ba0f450154e78521e6e23
SHA256

b15e9175f39216bc19bacfd1fb1f28004df20ce197e49430ff782508606eb2b6
SHA512

33dbf9738c2cb46ef8e5544e2e4b50fdde7715e78f47e02a384674c8901b91d4d84c174ed71643ac1cfd750ea51c0a03bfe01eda17b00c616ae0345c3e537307
SSDEEP

6144:vjftRLlxxTRwKpiKwPB8N9Rm+vZrxdHPB47vsrIUzHDUotT638RdJJSp7OIxsxgK:vjOiAlS/J9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 8 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{B1030C0C-6DA0-4BA1-8EE1-EBC5474E5011}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3980	msedge.exe
3980	msedge.exe
2016	msedge.exe
2016	msedge.exe
4052	msedge.exe
2572	msedge.exe
2572	msedge.exe
3676	identity_helper.exe
3676	identity_helper.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2016 msedge.exe
2016 msedge.exe
2016 msedge.exe
2016 msedge.exe
2016 msedge.exe
2016 msedge.exe
2016 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2016 wrote to memory of 4940	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4940	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 4492	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3980	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 3980	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe
PID 2016 wrote to memory of 456	2016	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65c13fe482e8fba142ec9a1a5116986b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa54ff46f8,0x7ffa54ff4708,0x7ffa54ff4718
2⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
2⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
2⤵
PID:456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
2⤵
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6028 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5688 /prefetch:8
2⤵
PID:3840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5680 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
2⤵
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
2⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
2⤵
PID:2064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6678572769363872515,9028464088116930320,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4fd65d25a9ffc4f8282a1dada5be960f

SHA1
872c7c44cd5e323af5b324a64a587e46b5c2c561

SHA256
b95e99bbecd40f9b8381ba5375bf69a15d87ef532f767e92b42ef9d131366b9e

SHA512
029037c02429a5f0929209907f303a3bb72bf9bee79ce7782dfeff20c1071c05740bd24dd2a2073d31f270dc75865392aef3d07dac0b60fb55801941ef7eb768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c970a544a5a0de449f21234640961bae

SHA1
999c096e375e907dd579122104027219e6df179f

SHA256
3dd4bc910e079db0541bda47946f46cafab89e371b60208a856e13508395a6cf

SHA512
018c64f55a486d003d6cb94543b9018c9decaeaae67e26b6a056d86454051c714d297fef49cd27e8e8f0a3c679d0a02a8b1be125a3c85f2b7f041ffa082567b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d27ec2adc565cbf2498b6144ee996ef2

SHA1
da21d39b9a5278b26aefe0e2228f76973b5adb8b

SHA256
3c643e88bd98a7e6177660cbfe212806db70b423dfbce592d11c90e9bdc0f522

SHA512
7698d7fb0770394e57c742c9a88ab84c78a6ddde2db60454103831a52669a75a2f60daa7b551efb45b68c52bc8f36e81bdcac654f21e33d28de0cd91bb514b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b286226c24d2cc5140b4b68ea26d787a

SHA1
846161458598ac89b820f63520c223833feb444c

SHA256
51c99af9e8aee5514e23ac0b58f1f584f22f00bca1abf96dc5a4a00fca81a3f1

SHA512
7c4432c85c040cb2e8ec10a12cb7a6775572cab9b55fb3d6a5154508f13330ad8c49899c32e0a292bca5a80df01e0472326e42007a99f9ab13bdafd3fdec2a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2d0ec10adc91a150824fe75dc440446c

SHA1
2d706390cd38bf5214a328f16817ad262fb917cb

SHA256
a22078d33686cd027189a1ba29f92639ae1a79fe3e0393d4e7c327f1c6e0b971

SHA512
2f94ed31dc55da911f3969635e44d852ad97b66290ad66a12240e6a801d14f9f1e26519ac6253fc1dd4c5721bc9cec0667f23e505da8713af8268cef5e1240ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ecc7597052f0134d910d3c728ed57939

SHA1
1d5437fa4bc6ce98882fb6d59862d6bf0cca9329

SHA256
93e3fd42016f7bd83f8316747e69969089b0d86f964030fba5181fa41aa897a3

SHA512
2043dadfbd1e652b2adc717dcda54ab6941bda10af0c0ad62576cbe61b09bb35fb3ee340052d73172b616834c94f27458c5c98b5231abc006cbfe0bc10ec107b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1695a80e470382d77c5e24502b504fa4

SHA1
d7bec36531cbc466556e72ff57661e6e5db0e25e

SHA256
85bbb12a42e2dd1f9b222be0e3b911a7c67b9e075b6b4030ddfba1689bae7abf

SHA512
87bb324eb11e7d8c008f1a6cf8588964c172e79f119a5f89cdd7a933883192c031aae27d96b0705df32264dabe86e546b4e6ade8ee70ceb88a05325a32360e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
494c2c67876f7167d6f0a7f1ed73b87a

SHA1
63734c63e2eeaf28342d8f969efc94303262e0fc

SHA256
efc9c900df3e5faeb79daddbbd83e0236d248f77f481bf6822a3f5d46f233a54

SHA512
d2c3ca47db27929dd25c03d9bf9a8df4d4b11447adc3513a554bee1f27206eae2a4937443223af1a3412419f23324307db6d1e4fb97462f4a9964708f0261a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
a0feb91e3474a1cf25e5e25a82aabb30

SHA1
10eb39e5e50cf6cfac6087f6834f7a85b3c1010f

SHA256
da3d7c84730a20eef03ba49a8c4b54f3f8842b5e148f189c9ef21d865f5fddeb

SHA512
3d0cbca67cee90ac3a054e95405dcfc8a1a05549f921718f45f19e61cb1b40cdc927f3c39958d229f740b17ececa866fc886c6b4867d4cd632438b182b1f2a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b8e0.TMP

Filesize
372B

MD5
936c5c31991f350a93122f674e895319

SHA1
420961945928ed9b1c9593c3bacfea1d8a480120

SHA256
396f913473b4c74d05c36bf0b75dbb03aedb64106113cea807a8b7a816967b62

SHA512
3ed77f1e43ee31a89578ceb034c45a588087dabffffa329633f739abac888ea199ea94b45b6c4b9e33160071428d29fcf12807be4a7bed266448eab0c0376934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
518c66d150ebdb2c8f5eaa3247e24502

SHA1
4cc4e2bb4c488fc5dca475e202f0c5f8277a0230

SHA256
b2cddf60683493077b424e7e6224f3d21b8f1f6ad49c9976e4d76b585b03b7f0

SHA512
aaf96daca93b1543545d770773a2dec4d9507e1358b24949872f64cf98a819e29d60ddc395deddf72e8f7825bd9caa976060f8906b0643fb031645489938f126

Download Submit
\??\pipe\LOCAL\crashpad_2016_PEUMJVGVBUUTATKL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit