e7b455067b96f71b9b5ac01c3b8c94e70b858dbc1eb999f21a25f0fe4a64acfe

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

693b5dce0e0734323c50994e9beb28d5_JaffaCakes118.html
Size

52KB
MD5

693b5dce0e0734323c50994e9beb28d5
SHA1

962c5ac56a69387f57e6c4eb819448e0115e3269
SHA256

e7b455067b96f71b9b5ac01c3b8c94e70b858dbc1eb999f21a25f0fe4a64acfe
SHA512

f401d08f7e8cd52f3e1d80803fb352bcd4c78c4e41f33a3869d731f2ea845cf66ffa41d470735de28c3c551ae6a1f90211da5a0b7815d231e92b3fc5f2987ec8
SSDEEP

1536:1IP7YP7IS+/Q9GYFtK3j9xVUfQYgzvnzaic:1I0h+/MGOtK3j9x2fQYgzvhc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
5024	msedge.exe
5024	msedge.exe
1612	msedge.exe
1612	msedge.exe
4032	identity_helper.exe
4032	identity_helper.exe
5476	msedge.exe
5476	msedge.exe
5476	msedge.exe
5476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1612 wrote to memory of 1056	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 1056	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 4580	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 5024	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 5024	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe
PID 1612 wrote to memory of 3912	1612	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\693b5dce0e0734323c50994e9beb28d5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aa2a46f8,0x7ff9aa2a4708,0x7ff9aa2a4718
2⤵
PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
2⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 /prefetch:8
2⤵
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
2⤵
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
2⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
2⤵
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
2⤵
PID:2744

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 /prefetch:8
2⤵
PID:1892

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
2⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
2⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:2620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15116809288362224224,9646592474270198078,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2668

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
4e4c465dfca2b9d63ed0e1e9810650cb

SHA1
cedf3ae412d405360981a9ea71d1b869604c02e3

SHA256
1e9a87fcd9a2fb5af601055894c84fba1a8f31df5e6c78051aaa2e301a7f1679

SHA512
6906f51062f2872b0e89bea1dddbf8b4db2911c809b6d7679ed672a2066ef3c764b1e5b8042b8119ce1265c696a46ea65b6163e76d1fde911446b27c997dda6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
cfbfe27007679be2385b1cff8677d33a

SHA1
3c91f9fd9196c8da1d9e975183390d540fd92e9f

SHA256
cc23527de0378b23f220764c18bc95a38941369f725f172397ebc01e20f565d4

SHA512
b53df5cf611ba95a661b4a0e32c6ae6275ba203421f174351f778725001623e81df758de6b064d198ffb7e520fe62890bf969ba7c00ea1bfcebe3fabb8ff8746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
84f637ba3342fcda9ff441cef429d2b7

SHA1
f2cb4752d4c344c44eee74897530dce13d91e108

SHA256
278e611bda9dafafb68c686d474bb269ef966546f4448320a5933e59e7241c67

SHA512
a6dd75a9238213c3d2efa75c2c8a91d780be628a3806fdf4fca43b738181a7d5a7463aa372faca927a70855a6f8514487067a1a7fd9243a70000289fd8c19b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
77b786c1993155272a24e575f1829835

SHA1
968fa4bdc9d1d438517c7e5d61a49955f676c1c1

SHA256
37b1fdc3f390140ec23358121a71228e56db086362bb225763b1b1a1e3c14490

SHA512
3304cdcd107611767a95eb27f3193cb14877fe24d278084d41472b3cb428679ecdb39a9e7f40656bb342d80710bd51ee4ff530eebad5b77f4f1fc06955768501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
053fb7eec4b35f12e0d2f51fb2fb9183

SHA1
5486b4616cedc88a73a07e6ecd67dac479ab7a75

SHA256
01b8c4b10bc7d6cd60adb1a8a4ee2d9b154b4dbb1af094d05a85f6da81108a8f

SHA512
806dc8efc47047a4a80baf94c176d6792b628c0ae7716a2866304db22d008dffa320afd26a9c5efdbb2babe8da125f7f0714193ae4afeb375df15f39ce48c41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7d4149dbb3c413b4f06d37c99fcca32d

SHA1
7bcb1d3ef88a7e3d4b7b6ce020188a3aaea72c15

SHA256
fd84212bf5d693cc40f42d63e711497be898afc4f4b19013b7ca40265d3734f5

SHA512
7d281abb66dd78bbd75550102ff068d96a380858dc14cff8fe66e147d684ec5d2b3ca9cd1ce82d386c84f5261546532d97c2b5613b94e421d04292dd2ba8dfb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
704B

MD5
43ab6419a9c7f1f02bb776dd27858168

SHA1
f57f5cb55cb536673043226f00a5b2fadc6e2be5

SHA256
764e41946001187d94a9008ab3aeed9f0fa695f3b1959042bcdbf904a5eca0a8

SHA512
e7c19f1a2edd9d35f330395a36f2cbbc4d61ced43d62e797c0c73927fc9b00a685dbc94d150b0dd469c0ba6a2638dad6cae0fe8d2969dbcdf17aec57165aaaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5822e5.TMP
Filesize
704B

MD5
28742a38a19e60c06eed352c6c1cf0a3

SHA1
c010935146986238172b7be5a90b3777ee1d1d0d

SHA256
4300a91caa71d7dd7a6c668d472b49f3e471b34b470574377f32b1e44696e538

SHA512
2e3f7334ba45bce6ba208c5d8c09b159c4440bad9b263613607ad188097af423a395434d378dd58f8abe086674c511d20b36690f1dfe5e3f18cf6a4f487baa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d8dbeaa0f13652ddedc22913a47067c9

SHA1
acff2d04633b6cb5fb939bbdec1aed61d812d0aa

SHA256
130a163528695960d13bc70e24304f665c0855af7a567e93075f3d8918fb9b22

SHA512
4b6c1710e8bdf8c8597963c99593e7d99601863508f68369e73e710701f4f8f23bfea34f37a8a32053853f07e5b9daf223da261d72710330e7a17d01e7eef510

Download Submit
\??\pipe\LOCAL\crashpad_1612_GIZNDKWRROBHJWUZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit