142ebcf22e6c7fbd125005347f52bdd64414e6a8dacc7902085a51b75ba7811b

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02743b29b43560ee8f7877d305001777_JaffaCakes118.exe
Size

104KB
MD5

02743b29b43560ee8f7877d305001777
SHA1

d6f98f47cb2f648747c8cedb84766f573a5d6148
SHA256

142ebcf22e6c7fbd125005347f52bdd64414e6a8dacc7902085a51b75ba7811b
SHA512

fcda9df168ef0beb0ba0b65a8a9dbdfefa359d3c652086ec28d13906e57e4bfa313130e188e85cdd95215466623f62f31aa97bc7149b46c450ff70e374e84463
SSDEEP

768:wNjuxqnTooRNOk7neUV86IV8KR9Qp1xs0VStrWhLQzTGfmgcz3v4z7VP7LdGSu2Q:wNjum7EEnwRV8KPQp/d8KpQVg

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{F7371EB4-E402-4835-AB8F-5D21886A1412}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 648 wrote to memory of 1156	648	02743b29b43560ee8f7877d305001777_JaffaCakes118.exe	90
PID 648 wrote to memory of 1156	648	02743b29b43560ee8f7877d305001777_JaffaCakes118.exe	90
PID 648 wrote to memory of 4900	648	02743b29b43560ee8f7877d305001777_JaffaCakes118.exe	96
PID 648 wrote to memory of 4900	648	02743b29b43560ee8f7877d305001777_JaffaCakes118.exe	96
PID 4900 wrote to memory of 3124	4900	msedge.exe	106
PID 4900 wrote to memory of 3124	4900	msedge.exe	106
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2116	4900	msedge.exe	107
PID 4900 wrote to memory of 2272	4900	msedge.exe	108
PID 4900 wrote to memory of 2272	4900	msedge.exe	108
PID 4900 wrote to memory of 2016	4900	msedge.exe	109
PID 4900 wrote to memory of 2016	4900	msedge.exe	109
PID 4900 wrote to memory of 2016	4900	msedge.exe	109
PID 4900 wrote to memory of 2016	4900	msedge.exe	109
PID 4900 wrote to memory of 2016	4900	msedge.exe	109

C:\Users\Admin\AppData\Local\Temp\02743b29b43560ee8f7877d305001777_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02743b29b43560ee8f7877d305001777_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=02743b29b43560ee8f7877d305001777_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=02743b29b43560ee8f7877d305001777_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x34c,0x358,0x35c,0x2a8,0x364,0x7ff9e2402e98,0x7ff9e2402ea4,0x7ff9e2402eb0
    3⤵
    PID:3124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2232 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:2
    3⤵
    PID:2116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2752 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:3
    3⤵
    PID:2272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2896 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3480 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:3536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3660 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:2224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2008 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4672 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5024 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5164 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1344
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5764 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:568
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5764 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5828 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5840 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4968 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5352 --field-trial-handle=2236,i,5219148571091857525,11737670437712739215,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5484 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
1⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5128 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
1⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5848 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5928 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
1⤵
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5732 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
1⤵
PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
49341fb58cd462f32a59909c6d27a857

SHA1
2b540272bb4404a1b65db307ad10db1aeab4d388

SHA256
a0066d044b9babd8ee5cbce0cc5839f3cbb3586ce77616bb2d82492f15650487

SHA512
278b9526966c3d6ff3d2ef5e6780a2767af645b1a6f0f11319e7b2dcd5e1f58b8a310c6e662cc64f3561246fceb34bee5e512b6b6afe549bf2fd30ac6d8a9145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
98995e263ca5dc924e3482316aa78fd5

SHA1
7a477c6f85f63ad698fca05df6b54960f071f8c2

SHA256
bd67bc2b751ca29fa6b4a7ccb0035a0c5d96b12c5bdae6ac02f662e77bfe526a

SHA512
1ce33d1d52ab40a59fcdbdf9b40f693b65616037482bc01e1c909de41548c928fc26d6b89d9f222ff187fc73cf0e57b3063c932d6875fdef0f588f0715a996eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
95ef0c63f33c5aca6c1db0b3362eedba

SHA1
7a381804c6bb645f89df46ac9c2d990951258bb1

SHA256
351c7344835bff823e907ab5746bcea97c3bcb24a4f520ed3e3d0d5649717af0

SHA512
180b31fae03c9dd1aff3dd92a9c246f0f55690a8933f632dfc169652028ff62c0882981ef347b14b79afe7910697b6c8b739c64120284071e70e0aa9c30de7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58ec7e.TMP

Filesize
336B

MD5
dd7b5ce3046155d5ee65305b9c1bbe16

SHA1
9114dc55574b817cd05c34640dbaee88f67af692

SHA256
671286ab5f8fd4f46b58597481521e20d1de54d71a0c41187558ad0b0f0af3ae

SHA512
8946836ee663d43902928e10078673cc06f26b4e5cea6752dd124c1bad5ed6fd999d0fb39f6d3b65e07189cfb7575c1b4461f264c915fa75f6fbdda1805fc0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ff37348d97549a03f08f19ddbc69188e

SHA1
e13400467a642acd648afb5914bb1420b5a021a6

SHA256
24fd78951a0a81e220256c8567420bde32eb4811e5ac5167caf91e2662936146

SHA512
e4d359c02b853ebbf6ccff5fb86b2e9e1b9b96154a37766c5dc04928ec05ce440b3a8036a35cb0967e54bf61f319380c5561d5b8bdb70537b3c1b87e5609d0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5f529f71516ca0352b682e2a4bda78bd

SHA1
288fbe465d34bc780adc2bf9afce5fa4c38a4f04

SHA256
ee73cab99d0433e08756029b1d3489bb9aa6994348be8c68e39821080c476e5c

SHA512
1fb3325887bd51f95e32b75ff1b012b448d32d0f5dd30ebe34e0ece4138cb90ec259e35647e6afd5698934cd23b18406a886d69b6229b06c987021e4864c2d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e3c5b649250cc056ff0179da75a80f8c

SHA1
9b46795f596f816d9ebe37ce54637aacff25ed58

SHA256
d898c64b5f799c6a88546c1df020099c6f0b9d81ec8ff036bb008e4f9e515a51

SHA512
045a069994d7dc990f741bea4f46137b18bec3cbad8debc4471d907c8d1ce3005b0b97b4915772d887225656cad7566651fa19684569bbd6b66f2559307efb63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
26bbd848ac65cbaf6510bb5ac60cd2f5

SHA1
a81cd98e6a97a6fbb42c2b1c42ed4b332b3f577c

SHA256
4315231cd1925e13b32734725f0ce8cc0afd1d1bab2c5b12180cefaa59f1fdfe

SHA512
fab0209aca0a8e6cfa71503bd5994d97a825f4779ae35c56f6c7f404ad345e49c5df8aebfe9d10e340b943e0836d2bb6b2fb776796e76a3849897259340946dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
e03348179d39a23306bb1aec83d79396

SHA1
9efd4ee5a820f458cf681aa43d244e3419ca0a3f

SHA256
8a77af1503e6534970dc2c14e258f94ae62b62896753e295598a0fda65f4d640

SHA512
31092c11759c8e1dec333a8f0b82192acc43365017d6c540df38f29073ff55519eb95d8bb0303b9f37e56b950ed8fca7add612646589ce15fb12da967f0b449f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
0f08889b3fe286841183d6a4a0fbf5d9

SHA1
31a538c62db952073a99ac90105d66a20b9a7972

SHA256
629f9212d9591897d3c4bef06b735759908493c1200efa5a3f3ce7a00c9d17bf

SHA512
cae683e0f55e85f1206a559a8ca29806b734b00de0cd624e6038675049aa89a4bb60300cd015779bd38bb76b059ccb3b9cf7186ff128dd6eda287a0fdbd55b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
cc4ef34a951fdec72d817ad9c2f50461

SHA1
f657106cb8b29561d732aa32beeaab4f355e7b00

SHA256
4766479653d07c0d51487ba96721abe48c2a97f2413700d144b99974c5d4613f

SHA512
b0a8a92c5d8dd45e59a37e3688ae5d0d1ce35cac2aca3277682f0b03f0db80ef2647be786ed7701d05884135db7865123cfc8df3d5209560af2fee8d50d2461a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
45KB

MD5
32644857b36fe9e5ac3289ceb5eee967

SHA1
1999e8d267b49ad425ae4ef46df0e73c7af53b1c

SHA256
4eebab56b701c7814c67d706f4339cf15f3f664d8a1ab86d27fa144c39d64b1e

SHA512
c675a8b19d3f6fe485958a48ae3da153915b4397b04343e7d3c18536157a546ba0b79997614ead6c43d0aaf9e876ee383e9b3d06520941390e6fbfd4f407c62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
78d8a7a3b40aab3382a030950e2ffaf5

SHA1
a8268965fe11b7ec3fbea5f7364d6300ebba02ac

SHA256
40ad352e68554b9f3a2d91e9252c3e9fe053dc0278da6d5676e77bafb10ac8a0

SHA512
e746e3f9d54e7df7caf75d8d4c2ce5c4a5a06f1ca7d3197b236dbcd4e52c8a5897c9ff00e15f58a36a7c7cf320ca8372c5304adf03ad306e6aea736b64473406

Download Submit
memory/648-0-0x0000000000F20000-0x0000000000F46000-memory.dmp

Filesize
152KB

Download
memory/648-1-0x0000000000F20000-0x0000000000F46000-memory.dmp

Filesize
152KB

Download