e964815b648c738edde20c120a60c986a59f0a42a7e206054c10eb4da6f691ff

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6920d4a3cb10b6b0d61b2c852ccce1bb_JaffaCakes118.html
Size

300KB
MD5

6920d4a3cb10b6b0d61b2c852ccce1bb
SHA1

a45b1685ed900fc2deb0351400b9244abd6d3931
SHA256

e964815b648c738edde20c120a60c986a59f0a42a7e206054c10eb4da6f691ff
SHA512

40cc2563e9b331b21b0d08c53f0bb521ed8f4f350bc01396bc5d538fdd0be0d77ed87525b0d7edb0f93f81474c2d236ce4afb7394f19062e4d781937e9d79845
SSDEEP

1536:THz0D+SbTTF1SjTLpEsNNkltM/jVII3IbIre09X9mD6o6Oo1Hxon0O+JLnvIW+cP:C+SbTTFqNItCVI2e9ccCiTCH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1648	msedge.exe
1648	msedge.exe
4664	msedge.exe
4664	msedge.exe
1424	identity_helper.exe
1424	identity_helper.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4664 msedge.exe
4664 msedge.exe
4664 msedge.exe
4664 msedge.exe
4664 msedge.exe
4664 msedge.exe
4664 msedge.exe
4664 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4664 wrote to memory of 4520	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 4520	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1104	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1648	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1648	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe
PID 4664 wrote to memory of 1308	4664	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6920d4a3cb10b6b0d61b2c852ccce1bb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb2d46f8,0x7ffedb2d4708,0x7ffedb2d4718
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
2⤵
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:4308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
2⤵
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
2⤵
PID:2592

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
2⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
2⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
2⤵
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,14096784027932718523,14776939851003438608,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3836 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
199210fb94f2b52c0f0e3804a691c6c5

SHA1
75e6c76550d9519f9e4d87aab58e50a4100fe651

SHA256
303e314444e61d1572fb255393aae19331cfb87eaf5ccade34e8e8622e0e9fb6

SHA512
11007d6048509eaf7e21269d6df6edf516c204e5d7b591de4d5a6a2d8f57814f6ccf71a01e0245201b4f831b6edad8b10d2ecae973df3f9672ba7f2ea5b79faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
b6e69db273579e8f3bac56f9d03c4d6b

SHA1
57d0a0d49d31131134c9f5f1d0498b265f85f332

SHA256
b5332f761cbfe8acbcbf44395ed5c306113d35c6efbc16b6e027cf805e85d165

SHA512
7e5228088532865b87845ad4a190da66e49b56447eb34917d3498f706ffb8ff74b8c2b6e409e0fbfc7f18341342a6553afd2248a1fecadec8024011d94278682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
a48f1525b8b05151165a2b2f254b7dc7

SHA1
eb84a1de8111c5c80c2e28c4622ccbdfe80b79ba

SHA256
f00af8c31bb541134a860fd3ad5dead07772c2d0bea44c655b5592c3eb55c7db

SHA512
972da7c654dcdf5f13c62aff1bd3e07f5fd2ff0a22780d4883714dcdbef6ac5f8afa7468f92cc83f6a4e398cd620bc4fb4546271a5d5767680cf5081f0e89289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
201bd14fda751a59d6a27aa5aa48880d

SHA1
603f5c6d0aa3077d384ea20515745352918e8c12

SHA256
00de87174c60422082cc9c3c9a166c09133d48fd818561f50aa8eb65ee074a2c

SHA512
36c27dea3832885da6e572509734ff8aa909bf2e22de4f81d830a9ac77730acd937b2ec6c687bdc0806eb5f81d8afb0a069480de03fbd4c3643d81d8037a5cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b0839a4bb6e121d1c689122bf882f730

SHA1
011f2f52aedbfec50cb515e7eb5340943d4b372a

SHA256
09eb571bc270b5adf9205e3343e5882e70aba72ea13fd9dbaf5895b231f03bcf

SHA512
aff795d63bf8de81cd93b2b827a61440c313b1526e5c4305e7a6dda60c8c73c544cdc3d8497b9729f649aa7a29716a99c8401b773fd012d4f4cf0b07da689f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f90d6db3c0842883d9505e347d2b9ce2

SHA1
31bed4aa8c74a90e94bd56120585e182ef699783

SHA256
9f774d89190770c1fd400b081a5549c1102ef4f7ccf955d88279d1c884bbc88e

SHA512
121ea3e765b3d1cb6bb28f741d7d2da5030ce7c35403882da9873235f31b1f32f13e69467c79a3a09bd75f8b9147485e7486bcc2638847b83cc6b8fadd088cad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
82f37aafca0468a46b14dc16484ce7d9

SHA1
c25195ba814e5b72c101d8a43ad66276f4b88c70

SHA256
bddd7ba63d12ed23bd08b481f78a22e441a8e6ee33809c798146cb34bf0b7852

SHA512
9c287f7af965b5eb3bc16fe54b7f7308222319d70cfd1eef528828cb90d4ed480bcae908794137583154db1cdf2956ee3d2a51dd5ffce7bc76e2b9968b61298b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
704B

MD5
777e314edf87738a59fcb11cb2c3e430

SHA1
aa2e577b837a8ffbd208faf6cc28f1893bdef9aa

SHA256
ff2385f9025cfe9dda4a52e10822193431a05aeb090fb457936e9b6d51302d10

SHA512
192fe4a56028037950164b3523e66754a961b42c527b839439ba987545ca29d5da37684990d4c474d7d1630b6792b05bb23392030b14219395a5c70ecead01a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb5e.TMP
Filesize
203B

MD5
9ef5e22fe6d2740ddf9a8a8ba63460f5

SHA1
b6df3aa2f2d9c7a6b364fe74ee1b7488628e7665

SHA256
f70c7076fdf52ba0a927293e52351660547c86bb223202828afddf99540eeda6

SHA512
cf72f402349288353118dbe3355bdafd512ecb12b4179463d8701190d065fff4ab5bc8e8ed38f848f4a317e7219ebfec7c39c8116ef6a7c7d0761b8f76a68c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
599a7dbf3d17f3486710f4c2e678917d

SHA1
63d280c023c9baa9817729279a55e3c413aaa5c7

SHA256
53fab9f01f38475c439e36e3811c060c9595594edac28502c7c9a280accf6a4a

SHA512
7212f8594dac7568e42faa712b1c66abd17a8d6e120ba225956e8c860c52f257dd6a94f7293edf4d683671cbf8933a97e447cede6649db096b2c5f9dbda4e4a6

Download Submit
\??\pipe\LOCAL\crashpad_4664_CJZSQHJUHFFZUZMX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit