4cc56343294dd4e48c8b277c97f3e1b7a3bb5b1c63513290707b79e6cf2b003f

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48459a97cdd251be4d679fc4a11e9894_JaffaCakes118.html
Size

22KB
MD5

48459a97cdd251be4d679fc4a11e9894
SHA1

adb9efb35b71046f45d884fd3ec37a1184271c9f
SHA256

4cc56343294dd4e48c8b277c97f3e1b7a3bb5b1c63513290707b79e6cf2b003f
SHA512

11b5cde7b4ef44fa20e94d03e1b498fb71c9cc0a4b53cb7d96c4e1b385dad8cacc3171323e9ac00fc6a207087b1d05dd809df6b56facaaa488f8e60f304440d9
SSDEEP

384:A+FkBy1G9HdxIY9JpsgbV327Yvq2DY6E6UH:AGG99/Jo0n1TUH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

1616 msedge.exe
1616 msedge.exe
4864 msedge.exe
4864 msedge.exe
1320 msedge.exe
1320 msedge.exe
1320 msedge.exe
1320 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

4864 msedge.exe
4864 msedge.exe

pid	process
1616	msedge.exe
1616	msedge.exe
4864	msedge.exe
4864	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4864 wrote to memory of 4492	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4492	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 2864	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 1616	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 1616	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe
PID 4864 wrote to memory of 4640	4864	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\48459a97cdd251be4d679fc4a11e9894_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0f0646f8,0x7ffd0f064708,0x7ffd0f064718
2⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14783965419045797622,7980628418361381649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
2⤵
PID:2864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14783965419045797622,7980628418361381649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,14783965419045797622,7980628418361381649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
2⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14783965419045797622,7980628418361381649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:2108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14783965419045797622,7980628418361381649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:3824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14783965419045797622,7980628418361381649,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6204 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
73KB

MD5
b42a42a5c556e7668d2bfafbba022b33

SHA1
1afdd41dcc58a065479e45d93571219c3b8d3c36

SHA256
a558bca9118e756f1a156d6015bfbf6b2b281dbd3236d7e69ffed72e025e560b

SHA512
8c12d795d9a41045f22d609b170cc650fc6695c447770106660e1390525a0aa5fff4aabf8a036777a3628c97eb51306eb36bff8c0cd0fccf0729d8bcf6d75faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
88KB

MD5
afa16eca76db634139f1af9ec86a9025

SHA1
b42500d73efa21bfda9e6b6408a742086a309bed

SHA256
a7c630fa6604e5cce189492355639916305f2fbe533046ba29d21ee4f7d2fd9c

SHA512
402afa71f4b4ac239d4efdd225eaa27dd5d0a431efa2f88d35dbf1b5ad58c90c34f062a894e3cd5c3a1b1cf62756d88a8520455df8cccc71e07543a50e7365b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
73KB

MD5
c0105134d38a07cc0cee5f98b208c60c

SHA1
e26a29e996a94cf77e1c3473232e009e4e9625d6

SHA256
f5cff92299fd98008b43365ebc73504ebcc0b827bde115e3bf4a4eab797ba46e

SHA512
91a83dfe38f8e903973c17b39404f118d1a6579b130c6c68364b4d9bb2780befc97ff8ed63b14db06dfd2a472883e4e76777905a0876da96685b7a0c3702f8cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
73KB

MD5
e73635898766f114485f735c05fd76a7

SHA1
f235c6477d54e4c36ebff3af29974ce611fcc035

SHA256
c09f32106cc84ff2139b7c3625c9d6d9c8d682e739d110d82d215984965db0b5

SHA512
b7382fb50f3e157f95ef231fdd4ab26a46463c43a0a65bb694e4cdc5868e4c76d2de617da4d30a6d28e0a84a88638e4adec255aa27dddd7e36709e38459382b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
73KB

MD5
b072ace0d12227c367d82693a635d641

SHA1
2b53afb1a9ddbcafad4fe3474f3445bffdc3f355

SHA256
6e98bdabc67b4e199f5c21653515d27ebd7b57f80eea144ab3d776e77af7dd16

SHA512
86d3360df97cd8fb291e919e5c4fdfa832f09ae42c4d047cacba4d550444b08ffd921c8300c430f8c8f219ebcfb3542219961689c91f32ec366fe5f4fe693e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
801B

MD5
a8147be4bf92bc5e8b626388de63b525

SHA1
7c6341cdd934317074eb369d6eb96864f17f9e3c

SHA256
4e9fc1cd2d2be00142c4842b3aa7c1cf7f3e18d6fb628c8aaea7201b55765291

SHA512
1f4129aff64d767d9ec070b752df679441fe82e9fb610b298c01be8d4b411cc7cb62f3e8780b210bdd29a89a8c0cad8fd1956446e62a7d485eb61df07a7ceed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b164e9c184175c7136a41084d529b32e

SHA1
a69becdca43a1a50610097a03d00ed068313a4aa

SHA256
874455a83f8417c205ee66490aa31538c3c4232c6a50342498417eb11757251f

SHA512
c7dcfe93c17744fb17c8537dad7d3bcf68e78ba15dbb90830aa2a5a7bd8a2657ecef482a95a1f0e569838be1d7ccd95e7471428807eef90c819f154cfd89f3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eba8910c44301a27fe70a3fac2874266

SHA1
3e322b8d3db4ee78e94328bdbb5c8c42797a7dd4

SHA256
ab57ae0d61ac7f13dcd9b1e304001cd1e8a91767e58998deef4c111357525e48

SHA512
b93e5139e005e69e542f469694b6242b7d1550c80b8506e0715ce9861d38e8c544e748e74efd157eef8ac68295ae7f66802f7d2e33491f7d834c428b8c259b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
740a166ae6b40a0a690b6e019a07e0d4

SHA1
95f112aa8e76c7358e5befb5176e9e0e109ba4d2

SHA256
2f719688d00361a51ae86a830ca5eabc684d9e5d52f19bf23c892d7fc750d437

SHA512
c21cca39a3e1534befddae93c8e5fafbf0c29fa00967290b8e5a8f692664af8aa5670d9394b78ce46fe061d38ec08b11c47f33837317f945c82b3ff8e4edc531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
091cdb27010c309e31cf80a632a828ff

SHA1
70f3784950fd1f3d7608765ba31100e33ac5cf7d

SHA256
029491f3e532c3b36851aff1b818ce82028d86d40cde954d889bd17db6a25bed

SHA512
617b7377ea9110c2ddcbb6fd3b51554f152b9cb34c31d997b2f92e8160f79829c16e3287ca87fd2d6723a445ed58fe9986976d59856d0d373f9283c12c4d2d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
1e30cb7db56d7d64f5852c32788e9870

SHA1
c7697a1522472b7cd74306c383820b3404eb9d14

SHA256
61630aba29fa7f3330cbe5021c79a160550a61db9e76c83e31b6cfee87daf3e6

SHA512
afc8e0f629f6fd90575aad75c5401a8a9f8146188ee388579bee96de252ab05349f504885c20935225673c0d19f945aee1b3c6b5bb9c3cea9cd30989821c21d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
d1c05173bdc6074edde587d2c2a5dd17

SHA1
67748c45dbe5a2cecf5a6f578c629c8696db0990

SHA256
069f94f25c4d05d67eb63efac062c93e76e3883d536fbc30eecb8506891b1767

SHA512
8aa951de15c76a7bc3b9c292629c337282a2e188ffa051e22b20d92c7c3fb45d350f6c0e40c973fc01f9b511b5d23e177a4230d5b0de44eae6b28f52488d6ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
99ae46f4480ae68c339ddfa58ef12d53

SHA1
517d77752c667c14b60e0b01b386c40f7fba0dfc

SHA256
53ffd983b6c82e21f78779c718f1b4ed3d095960c9611a6e48ea02f97c8d3fdb

SHA512
af88de4a5c2591e75c807826798fea87d306de1d5e5354e12c57d3dee41c416f311a6d1d96aea7ba0d17dfdf4f2313e465b2b18e62ace86bdd64e67246eebab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4d6b4d3479d0c7694491feb962d85a5e

SHA1
4b7f8e1122f085e85f1efe97090b97d10a3a84c5

SHA256
09167d00f422bd0df5ff7acb9a93a6de99cede76ccff2a61879beff27387b127

SHA512
572276f77058addc4f9f953ee70b05d65fe377c9ea0e44e15b4ccb34eaba3faf0494f84595c84c5ad39383830fead5d079515544bb04b0176957a850415a6a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
6aaebbc56110a821fdd029f13ac7eb9a

SHA1
0de4b45d503032cce6c8dbf646f2a2eda06f8e66

SHA256
6b1a3d1144651396fa89ce8f1962e948092aa5ab85ed702d5dca170dcfb0e6d8

SHA512
a491605041064583653989e7ef641f9ebd19012251131e3b8b33c5d08c4e1764db5ce46efe386cf0180bdec97b7306a9a600b3a44587ec12e2d3ce8ed5e1142d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf68.TMP

Filesize
370B

MD5
59e7df128dd5a48b00141dab6b173030

SHA1
f9c9ba34940b829bad0fb55ff07e218dcc496cee

SHA256
b536a1d7a9597b185d5a7e59935d66b1af1a55642958e26091e5cf95e93cb538

SHA512
366ecfb70c5047e2a3aed2df5370b0df083beac6371cfe9ad023bb988783f585c6f59495589ec834d08ecc884d25a88e17b9922d90832bfa894c2594773d3aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
977e482df9523ca1a75714a98ddc86b4

SHA1
c66a04bbe70a8057b17672dc549cbd34649ef98b

SHA256
330bccc8aeddb55d971b5420d7bcdfd6e4d72b564585e33f6f4b4b215d0d3945

SHA512
70d41bd043e4f7845468bf975e05fb042a1a1ca9a4bb3c4c95a4ad5b6abc889b9361d5d5cc4dd886f2b3772f392d2f5e8ab535671b52f0ec565d4c3403b9740a

Download Submit
\??\pipe\LOCAL\crashpad_4864_FZEFYEDVBACIWJTF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit