9a0b3255daa09073cff7d06cc1b991d13f7c570865cfd3d1bea1ddf7cd2dc233

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d2b9b1030c5c540c76771cdd5b5cc5_JaffaCakes118.html
Size

126KB
MD5

65d2b9b1030c5c540c76771cdd5b5cc5
SHA1

6f74be99f04da435022d15ff5ef19295677198d2
SHA256

9a0b3255daa09073cff7d06cc1b991d13f7c570865cfd3d1bea1ddf7cd2dc233
SHA512

97e8c4d127b4508e952156ee05475c12aaf91d1152bc1782b7fabcdf47ea3dae19a2c8f69aa03094dff3fb3ef38c81e6285925e315472ce2eaf183cef66f769b
SSDEEP

3072:0Q+k8kuCppAizlZ9zzxbAF6ZQFAcQ74zxFm:j+k8kuCppLznd2RFAc7m

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3152	msedge.exe
3152	msedge.exe
1588	msedge.exe
1588	msedge.exe
3180	identity_helper.exe
3180	identity_helper.exe
5428	msedge.exe
5428	msedge.exe
5428	msedge.exe
5428	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1588 wrote to memory of 3264	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 3264	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 4600	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 3152	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 3152	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe
PID 1588 wrote to memory of 2900	1588	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65d2b9b1030c5c540c76771cdd5b5cc5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86ae746f8,0x7ff86ae74708,0x7ff86ae74718
2⤵
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
2⤵
PID:2900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
2⤵
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
2⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
2⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
2⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
2⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
2⤵
PID:648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
2⤵
PID:4628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
2⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7200 /prefetch:8
2⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7200 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
2⤵
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
2⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
2⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
2⤵
PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9585629878417785260,7760603979813738954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5044 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
5beb6d029f3dedeb5561efabef4c9807

SHA1
8ab4ec6d58f47dbe9dfdfe3c5a43ee2c2d22a9de

SHA256
fb7426896b9fc87965301650fd3b9a751297e3a5ccfdbc243004a3c738f6f2bb

SHA512
15ceaf2bcea40f12505f5a594fe97983a808fc46b3b40819d9a814f9cf0b467b737b50a499a63c260df5566bba5857f678ab9153601fe238222efbb4e6272b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\42d80935-83fb-4d56-b0fe-1108c1bc41db.tmp

Filesize
11KB

MD5
a383d2ed5bc32f300d96ed130df62693

SHA1
6cd44c7b1dd6022822e94e9d892438e8ea245130

SHA256
6f140b6cb46048601de0488d8ae45fb031482c91f47f9427477f75bf20dee579

SHA512
4c04494d2f6172a7182ba4a9083bf4c7be51f0394605156a326cf0c82f3fceabb61b4e64f033dd3878b049e0faa3d80cf3b4ed9b3519eae9ef26f2d1683710a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
bd882fff36ca415b523baf43aac01fee

SHA1
eecc0dbc8a15aeacc5d774e1ea202aec469fa7e7

SHA256
58f068e1a2d9951d9ac19d1f9e04e1166f536d4251326ec0abf6b1022022fa0d

SHA512
b77f3ad0d46d5c961762eef88f6f3190fdbf997d99084024443c8001f74fac56fde04c92c5062afbb74e261baad860e009cf6176a4cf04aab75bcbc9ae9b3044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
907a507f9ed0835a2860c8aa4166b0ab

SHA1
1575199c82eb6a2588594c8f008e53988c9f7bab

SHA256
1deeea39db61df5a9a7739c330efc73d1adf67af72628037ab22487b72cbbd3e

SHA512
81e3de698166ce669fc3a4249362d14b379ef45f6d57e8c808263f580fea149588c01fa114f8d666fc34674f2ab612b43bd035d9cfbaf8746fd2981954a0f661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
661c14f0ef97735c3981c80cf0da84c5

SHA1
36441c6f2e8798768870bd44ca52f351012cb75e

SHA256
20386dc5a0267ccad734acbfc1f25febcd43cedab6f5e814531d969476012e83

SHA512
f8433c88374ad37e4cc66d113f8cbdd53bfd8c2070db45c3f739d6fd8140d1935c351f0a4be0ca3429afdd01a16b9722fdc2ddf458c602ba802912801dd75b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b2791f25738beda2536f0c17c9a77233

SHA1
21b83777c638fe899eef4e9e4238d7e18ba9ef53

SHA256
4b4951ad691ddb04936ff9150ba32b55115edcfcf040d4f241bdfcc47e419617

SHA512
778f22f7a48b66351d35c1664194e3465a2ad51f84ea91a376e2c0d67ffa0ec71e79cd45dbf7ff895842a954c4a75d3d0b88563d919152a41dc333dd2705ef58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0629a121f551116d10885391db9db46a

SHA1
ce2580a89aef1692d3f93a7fea1fb030329c8c50

SHA256
603c9893f9dcd0c1a7a97310bda268b8183f2fdb9b70ff542d2403bc6e4009ee

SHA512
7dbc37a01b2f3205d1d92f2423a370103d68e8c5c8338d3ce77e0f120ec38d17935fea5192fa5fad6df735027020aac2df66a99813f2335b0ef0dd25b1e8e57d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac5e3cc8fe416600ac7d61fa821986ae

SHA1
7ad84d15bc9a7f86937e617a658f18b272d6e969

SHA256
261e341d37cbbc5d55d90189e8ba471e844e6e541c562183a36fa5a1b83e99c0

SHA512
e7037d31cf8ff97fb1e5478bdb0459f843d623b6870be5a2028bfe66a6cb9362c93c287f0d645e98d3b73dc62f35b7b72d415f550c832af1159d412105665d9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f78890ead8cf33577b7f5258ad22cd82

SHA1
372b25b4ef867302e12800a0c35a8f2e9261545a

SHA256
6e77819da9a482fb39c2686c93ac845178abd71cb76586ed7bab50644dd2ba4e

SHA512
46568e29215621c98f96b9d044e8e5c8d0c85a48a423f1e17dd0eab9b773244d448a2c1c671fd17bfacda6af4b89642055b0d67888c99434c3732bc4a4f9ee48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2d8cda9c62ba27591a57981cdcfc651

SHA1
a35e49b44937aca5fa6e1cad57c7ab3c3f696113

SHA256
bdc5a9fb1fadd56ce40aa96a3e282b9091e00a06eeafbae088673c44096e60b5

SHA512
2801e034ac9107e3fd45877a253eba13f1445f3bef4ca8e419489ff246d5deb29b78bdd9d306fce156f0ea21c6784d4353c7066fdb584f543c4f583713144564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f064a32248627753b758a940b42acae8

SHA1
925c3152d660c2d2e4965289e59aed027535003d

SHA256
44944a279660927f0feba3db03e1e0e2bd870992a714e964787fe0b092a2caeb

SHA512
d84ca335fc9a277382058ba9e69c51a29d31e9cebcec13ff8422d50567be260d6515c8d3b1b336b278cb0a209bd5a02add776832e1b31d250fe4f78128033b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c796.TMP

Filesize
203B

MD5
c053a5cadc36dd94600fbb2c63489be4

SHA1
933878950b4f32d8757cd4ac8e0dbf3614aa6d56

SHA256
b491bb372971975e7535afc635b626433e5c727aad6c3d5ae576cd947f20a64f

SHA512
902a6974d21383cb1cdba0ed32ec3e065d2f668c2743564913ea8b4cb9e9f8fefcd73352669c72b764bde9c472e277e066faab12a76d39880a29b1e51cf5a984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
\??\pipe\LOCAL\crashpad_1588_EXRZGFMNNLOZMWSZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit