1df6d8006e6e1118fae5f6d1dbef39c8c29bec353fd35bf5138b0f10e3319e26

Analysis

max time kernel
149s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

687c93cac111a4053f81ed30b3ca8685_JaffaCakes118.html
Size

115KB
MD5

687c93cac111a4053f81ed30b3ca8685
SHA1

d3b45b5218aedbb732f130fe5f9bef1adf0adb00
SHA256

1df6d8006e6e1118fae5f6d1dbef39c8c29bec353fd35bf5138b0f10e3319e26
SHA512

58d05b87e3845e92818ef7ecd2e81c6c4182e46f806048d245972d14e18f918f06f1a6c61f673789f8444b01fc5c294f0dd1f56c2543dd398b8684e103ecf9d6
SSDEEP

1536:59imMrbKwIFdOQy4J5Zd1OOQhg+PObmDStOQLn7POQYZJObJAtOQ+K3//prOQqlx:5YmMrb/x4J/dfKwV9/9aIbvclq3EiX7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3628	msedge.exe
3628	msedge.exe
1464	msedge.exe
1464	msedge.exe
2984	identity_helper.exe
2984	identity_helper.exe
5792	msedge.exe
5792	msedge.exe
5792	msedge.exe
5792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1464 wrote to memory of 4220	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4220	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3132	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3628	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 3628	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe
PID 1464 wrote to memory of 4180	1464	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\687c93cac111a4053f81ed30b3ca8685_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffe403346f8,0x7ffe40334708,0x7ffe40334718
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6420170973740986622,13923989488936537274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4640 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
57b782d3827764fea4df02ad014662ef

SHA1
efc3e24677642894797718e575cd7581b8032955

SHA256
cb5f20a07b074993c52f7b84d7b4582cce719b935a28612973977c0601d79c43

SHA512
10b597a76dcc1eaaec22e378cd45c392675a7b03bbb4d63f5533ed6d274eec8a944fb3c5482f7fc340906cf64088245dadea7bdcd83c91dba644b7af126b2df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6018fbcec43941d4ea51fa29ef73c1a5

SHA1
5d52976246eeca8f5b89bd53b7315c7000386053

SHA256
6c5680cfbdb8c1dc6b3dea304b056123cc65b887e84a498261c922abee26e3f7

SHA512
9155a30a2a473d84c76353ad8cd1ab798be737a93394e572bae4a8a39c515c7a8c4e528fe786265fa68114652f0f807413ed78263468e2aa4d8494f2e65ac831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4d2c430243d3447d8fa30a3e4b8468ee

SHA1
d4672d9cc24b8eeff8ee15fc47ed2be902afbfd0

SHA256
f42c0f160760994ab062f915c3963f0751995740b616450936d4f9b0d1d88314

SHA512
8ff1ec3a76694ed532c2681dc83576d179b9e1adf1b5c7fda954c5ef34d9235c83c301e0afa092140f8c30d304dffa26fd0407b4fd7419954ae98ddb8a0b008e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bc57bac5f00293aa7962471b3349c9f

SHA1
6981d25723beb23a7ea85b268d86d01ebf4b8418

SHA256
b29d49c86b924db142a3b10e545ba75cb51c1129f07120c042d671d6d1cb5a88

SHA512
bd088ea64884a610dd89dc78c99a60f5ac8e6022e76adef9f8054e6d679c9c33e9a5091b9d1c8738e92fdb666f809a4fa11e97bbd88b994e04af57273402b04f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c25ad0fdbc69407c2433b68ddb69704d

SHA1
f4938828a7b31eafb7d088099c685316c5bb720a

SHA256
91b3a54e717488e0a550b019ddb6739fe257ba8cb4d65fa5a84eab65341e5f89

SHA512
d4063a4007f5b755a9d586bc288a05f974dd22afb370536f5092ef58d2c194cfe02e7a4710600acd2ca2baf77cb31eae2272211e32237c7ebc342be291697e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
db1096cf1d4ed8ca41cd7597d90d0bfe

SHA1
2c0758074ef7604b23f68fe0156c8922440a72d7

SHA256
e82ba20cac54ba63e338ecfc7aaff99bda26ae5b8cc1883f5f5fd0db832827c5

SHA512
e29e8dce78acdda812bdf3d65f124f264098bd58484993e3b7ab9da70263039c07e246f33a5621eda6f4e420ef5ed103602dfe15cd1e18fe8e2971857763e955

Download Submit
\??\pipe\LOCAL\crashpad_1464_ACOHHTQNEHSRDGXL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit