58bd8d14f03c9068a50bdebbc75b23a19f795760c867895145646019476add65

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69783c09e77eae0ed319e9a81e81c27b_JaffaCakes118.html
Size

127KB
MD5

69783c09e77eae0ed319e9a81e81c27b
SHA1

4eaf08df8c1bcaa152df3ba083eb1b1579d632e0
SHA256

58bd8d14f03c9068a50bdebbc75b23a19f795760c867895145646019476add65
SHA512

71a31d7350bd3fcfca6f90d7cbcf036920a60c8a978efc8169761a2be0496c50b593219cd05830c395f41db99d91e0a7a0415755dd0c5d1d6b769f06c8c8f3ca
SSDEEP

768:UakIUBvxPLuHa0AA/fpIVAWJAznuBBVn0lyN8SHNbMKqqagPzr4WQSJPdhLnPgv5:dfmC4anuBv068SHeqtPjPlDv+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
2984	msedge.exe
2984	msedge.exe
2532	msedge.exe
2532	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
3848	msedge.exe
1084	identity_helper.exe
1084	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe
2532 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe
2532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2532 wrote to memory of 1512	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 1512	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 640	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2984	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2984	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe
PID 2532 wrote to memory of 2196	2532	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69783c09e77eae0ed319e9a81e81c27b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718
2⤵
PID:1512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:2
2⤵
PID:640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
2⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
2⤵
PID:2288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:3224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5868 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
2⤵
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
2⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
2⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
2⤵
PID:3824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
2⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2288,8690512286812123750,5135370879057380273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
2⤵
PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
9984c04a362d014b893c4eaed1f71aec

SHA1
697c3eb6c0c4ae72cd8195c2a51d746e4dd12683

SHA256
977156339f27cce199e52ff172165d86909e891660784fea39627f132aa892db

SHA512
0a662d4138ca7329f5c65107d0a685b294ccfbcaa0d2ffebd9001b414d2cb5eddb1ec1e9bdd422cc6c715551c7e96c03d90ab906663f8f136744eafd0891ccae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
285aa1878315552f88bbf1250b09c764

SHA1
9651dfee5a70b635cb2ff9d01ac7d98c307e1140

SHA256
9572645daed3f74fb174fe850194e9bbf128ab889a1cf47459cb81c09fb4ff98

SHA512
4d4a20a697ed9606a8d9d2e731bcf901ef553445b5675e0c26cbf937509b3c76cacda106a324d54182cd7f4144a6448bb8fb991fb63743bebaf50ba3eee0af97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
0b8af2a6ac83d101581d0f90fff2fe3b

SHA1
75d3dbd8c2e159f25b7da4dbff55aee96cce2b6d

SHA256
243a700bc319a71bab15ee59fc597d37191c06422123fb38d85fa24d19459a94

SHA512
e46d3de3f56bd51fc7a96ef6c2fcaaf0400868b83ffa4d596e7ef50c403d5715453a265d56379fabf56f5f3f1e14955408060c6df1b8e2d3413988980eaadc8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
156998638adfebe01518f8739a287dd0

SHA1
ef46ea802a52cdd1582b00798382ce225845e683

SHA256
b5bb136e9cf5fcac265caf10ab5af6f73ee7b41789dffbcc00a7c0aff48bd4a0

SHA512
9d67088a4b246926fd1d73e5a393138fac8212969c33ed48f8e6d9b596ec54be442cbc46520ad2c15aa6c80ae375072de345317b4b974a1bd1dd9b6a1e273c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5704f1ba933cee2036061fe82f2af8ec

SHA1
10ee7203fe644c27062f088a780ca2bcb7f0f8b5

SHA256
0261a835fd44e5c548d1728fb332b7c7ee6b87444570dec72aa242b556fff8b0

SHA512
e0823924df5b04463abb4a78c8bd3fb8bbc3912f006b212e61d9411a0a7c351e5b2522b5e9537fb09d0aec89163eace3443370d95d9b83e3e143d944be6e6927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
0b47fdcc420be3aa2ed1127c15f27a35

SHA1
87021b1d4f30c45b49af1d169e9f46f2d2f5857e

SHA256
957bcc583fe1496ad6e2fc33fecff3d41466a52eb4d43beb395a53f9e895f17b

SHA512
f49a8d6f6dae138bab96c0dbab69e487d5887f75290e9a04f089934b672f0938456ff326518db6c91cab75b7b1607a8b60958354be10d3e4007eca5102318c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
df817e17647e3651100bd562a6b83b07

SHA1
7abec1997cc9a17aecbd82b5100fbca54adf366e

SHA256
6d149228523ca8b770eda702fa7fbd4ef990b3b03fa7559c9aaa45859ddaa736

SHA512
625f926160799f953ea82e13885fa1e2405757e73415b69df45d331ef9d943ef5bc7bc73b02eaf0d6765c7df7c9a08c0ee2870f907fd53dcf7d8dca637e7d09f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
b684f9f5e82ab2cd166c0f7533f9c27e

SHA1
49c663b4773f2f07d8e9c16fb1d75eacf978974f

SHA256
e4f50f45415d12733362c3830d8df7c51278e2fe0eff247844fdd4fe598b0bd1

SHA512
5d3235ca40d7d4b6d52be9696fbbd0aefba84f2499ebc26ce33b320495c54a55b5cd3b14bb0eee0e7d83680dd68820a4927164e9abb298d49ce66c5bbedb72b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
12650545dc77f7979fa4523ff32ad136

SHA1
3672fbdb843cbc5adbf96b6082550f4bd3e7f29c

SHA256
b6cf59e92ba3191329063e9a0669883c0ed4d296c90a88c15f55099d83a73287

SHA512
98cb941394d872bc0ef9eca68b8b094d2f3ca4c91f2702d0d62a396a92d74324876a6fbed23fa75d42aefed76f21fbc9681c2e7f44c3dc4bebe2b43382d3a4a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
b35c1fa6d8b400753931da9884843958

SHA1
631d9abd68ad951feca1dc6e2b944281d2e14805

SHA256
411efcd13246475d23a083ef1c31d542b43f0eaf6ceaa616e08d15de43d5ed30

SHA512
667a71bf2438cbf5ea371d899ebad5a0c23b2fad5902183eac99372551815069717102f1e7f2e3930e9cb7627475a1ec8c485cb9f37b5c629f79ede510619960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58269e.TMP
Filesize
1KB

MD5
bf03df3641c6120e64ef5ad5c9f57ef3

SHA1
a7b974f8d23749a0bbfeb6bc7141c9213708cf5b

SHA256
11a36de3f6b3198e580809866c5fcf25bdf7e5d96b422dc9b8cbfb590632046b

SHA512
e9eb5e8abfafec44f4a268ddeb078821b27a14ea7dbe463af6c544b2c7b56c5f3ced3c10cabf5556bef9bc1064f5e753401c0100ac0cc3e9d9620794eb86c7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f238b0a72e2c623b4d9264916b8c429f

SHA1
66ee9a38c7044a27e397fa210328408ce7a9b31a

SHA256
d5bfc7b7a70efc62a2c82712c70ad584edd130ee490dbbe9c10ee468ebb5d46d

SHA512
357b8de1bdf64beb28d55c617e5c7808e90b140ce900d280888bc3d46fbace40475e4bc7626de5b442ca0dae327a6f44ba9838e9cf1e71f403065e3042534875

Download Submit
\??\pipe\LOCAL\crashpad_2532_CWPXFYQCCXNSAYIY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit