364392562850352ca694965aea4ae77110a9ae30515fc4529380bc2392b6c74a

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6933e3f6aa45b90a7f50d5569f69d1f2_JaffaCakes118.html
Size

108KB
MD5

6933e3f6aa45b90a7f50d5569f69d1f2
SHA1

159ca5e26a55e0a23c2e16dded870cdacf9c831e
SHA256

364392562850352ca694965aea4ae77110a9ae30515fc4529380bc2392b6c74a
SHA512

9c650cb8f80ea097bfcfb32b3a416d9ea91b0d4eadba5ddb1636a6b041884bb72578aed7580a0b95b49a824bacf32b93fabed556ce8f10271ff59cfbbf9c0853
SSDEEP

1536:IJjHbEw2AqfhmJKuCMGzZs0gHHioydB60s1ADwKuCMGzZsvp4zqxvYDFFA2PPD5b:gjN2nkQzZsfHwBRIQzZsvpgqd6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4840	msedge.exe
4840	msedge.exe
4512	msedge.exe
4512	msedge.exe
3304	identity_helper.exe
3304	identity_helper.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

4512 msedge.exe
4512 msedge.exe
4512 msedge.exe
4512 msedge.exe
4512 msedge.exe
4512 msedge.exe
4512 msedge.exe
4512 msedge.exe
4512 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4512 wrote to memory of 4076	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4076	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4556	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4840	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4840	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe
PID 4512 wrote to memory of 4744	4512	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6933e3f6aa45b90a7f50d5569f69d1f2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aba546f8,0x7ff9aba54708,0x7ff9aba54718
2⤵
PID:4076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
2⤵
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
2⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
2⤵
PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
2⤵
PID:3924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
2⤵
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 /prefetch:8
2⤵
PID:1224

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
2⤵
PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
2⤵
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
2⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2976396327804478859,12805999463800802840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
d0564d9a93d9d66539f155e8f4676062

SHA1
e3051476024b77d380249832d7026a503efce927

SHA256
ea92e1a2efda4281c3c5f59a694329915fc168a4ba5a1dde0e0081caa4cdac8f

SHA512
4302397c1ffea9c929162044d6be5cccddab74f2a01e0012cae526b40646d1c097e18ee789cc1f80d3e85f34631335d93ddbf44f460a5009eef79f701a54f5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
ae3cbbdeaf429516d5626c7b74806d0b

SHA1
4f56471c0ca7430dc300eca32839a05952519133

SHA256
cf74c53cdd72865c94b4c4c2110202825c98fc37cc68992079e55e13143933ab

SHA512
8e2d478fca252a958a6525dfe3dac0acf2a76b47061fdef37a71f86839b70694b207ea92bdb8b8d28e7173b08186548ec8298d00b457b257350202ba3b4d34c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cf30ad49789171996208259a52de4f77

SHA1
fe61a8349ea9a61120554236b2a08fafa29a21fb

SHA256
54d3d5c066905ba3729e47643edd611e61b9730e16a0d99b2cb861ad1de9c4ad

SHA512
5bd4aedce12bfd38168fcf56d6ff627bb2751d46112cb18c1697dffbcaedda99b005c1819471ce97a185597a401b7f6e2e164c07d54e121ba6804fca338605bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a06959a80ef8cc52c309e6a22bc29361

SHA1
c2ec45c226c59822ae0248c28191e3ef3636b414

SHA256
9e6adb99bad044360541b6bfa7f5c9f51965674e2704452708eeff2ee3ce2d2f

SHA512
be74d194ae9af4bbe81e11d6d86fde4279831fbb4e062df722b11c422a7e31a57ca29261f1df642f2de3d75968aefae6082456d7bc3b1eba15f362e4545e8c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e5161dda49c017f8acf9e55fc596762

SHA1
803b81cfc520ba4530281b196364e7f9acad651e

SHA256
339ca2e7b822bf2fd4767e560539abbf02eadb33899fbb3c81a737e5dbf0ef8a

SHA512
6ee1ac276d4bb17aad87c4520918b3ba1dd3a9e71e2e649c624a613880d62d9a0f852bebdcb83f65cdf30f21cf93f7ccfb134f0c15e0a12c92e5420b85f4c81c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
28d254fa38fd37ffdaef5b5113d0d87d

SHA1
e81fe7e24424ea0dc342a869a06fcfc0549c87e1

SHA256
d1dacdfb126c242ffa7c83d58855ec94e550575cdf6931f4b9b058a66851859b

SHA512
2667ffbe1bde9967ecda13ebf330ae515cf136d8edbf4aa5593753fea13c80120af3c1c3781018f7f9b10e62c6cdda459e2fa8b2e4dd00e6b4032781caee2953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cd484bc718868ac4739f291b0812f24d

SHA1
f848d3a43e728d9191b66180a64aef506370d061

SHA256
04208b572a4e4ee1159a27dd62d50cfe7c7093b8a5ea8c3e2164c4a33466d607

SHA512
636de4394d7229c729a621817fd0869ee4c13db7c828af37b3afc491654f0a188a20745e9798dd040c96bf5e8f46fce1f3f7aadddd7d01f18b84cbb99e1a4e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
9fe64bb19e8ee366793fd794f951f37b

SHA1
a6abf08fdbfa508ae030428632b2d1e222366f60

SHA256
0fb293898e7ddd258087e7754dd39452259b99244ca7ae33ed3ea19262dd7a6b

SHA512
dca911d731c15c0c51d7dd2ef6e079a54faa1f154df23d3f843ece8b5fc221eeb006ead431ae7af814c72814a6c85b1436c8430545e104ac53544c0f898b96ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
699B

MD5
e9be7befb69891a971bf54d9a704b024

SHA1
422816408465cffd1a0cb3d11a2ace41f1cbf8b2

SHA256
f6e06151fb72a0e7dd8a872e3589f7b5842cbafcd1b01ad2ee841c7e0a3abb6b

SHA512
7dd82b8f5a163862d8d9f05b1642d0b6ed5da70bec52603e7a6fe62b96629076191430854afc86970061bed3428ff462d0cdd955bcd9ab6cf40be5a2005aab0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d2ff.TMP

Filesize
370B

MD5
b48456e1bc9b7a3e276cf60ad5bb23a5

SHA1
bac5876b025473b1343bbcb09ae6ed7ec350d596

SHA256
9eb4f2e7359c3eb08b44a7db53a4fb828587d20707c91460023855107151d878

SHA512
49996efd3c8bc5e71d3e318b276ff87dca828e5ee7c7baa261e2c8be26d768de561fa07581228b1cbf9c71e55cdf0a1fc59182cab4d2665e16612c0df4c7ab6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58933609d3462334caec0a44222912d5

SHA1
b3336a21057616cb943caffa016ab10763a7b4a7

SHA256
fcacc62d3660ac31b295b3a48332aeb287e24b319f82b1e66274d950616e0eec

SHA512
abc86764b54cba4766dbec027524a2712f3597a14ce2a11e5f67d34480d2754fe4b1f36301098fd4c9300808d1521fd4b8c880bbe51787fd2abb3c321cb16a16

Download Submit
\??\pipe\LOCAL\crashpad_4512_WPZFLNYCBAJATNWL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit