dac4ec04d28f0d332ac7bc1e299c687914201ff772a2b8dca8733f918d378227

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65891b1168a6bb7eb1fded64f6881053_JaffaCakes118.html
Size

42KB
MD5

65891b1168a6bb7eb1fded64f6881053
SHA1

c2a796695d5cc97612fa56121e7d79e7c26e0406
SHA256

dac4ec04d28f0d332ac7bc1e299c687914201ff772a2b8dca8733f918d378227
SHA512

1db2ca70b61033974bf974b689a8b116e81ef5a9874bf180ee1e4ceb275e1e9150c36d2672de0f4be5f4030bcfa1d325493f40fbfa1e6748d682270b5817209b
SSDEEP

768:/bWRWabO84pkt41BS0YnBDdvTz3t9dNaFGoTFhohs3+9+SpfpBvfMi5tyaXvhWyj:/bWRVbO84pk+7OvH3t9dcFGoTFhohs3o

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2640	msedge.exe
2640	msedge.exe
2764	msedge.exe
2764	msedge.exe
3264	identity_helper.exe
3264	identity_helper.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2764 msedge.exe
2764 msedge.exe
2764 msedge.exe
2764 msedge.exe
2764 msedge.exe
2764 msedge.exe
2764 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2764 wrote to memory of 3452	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3452	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 1908	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 2640	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 2640	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe
PID 2764 wrote to memory of 3032	2764	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65891b1168a6bb7eb1fded64f6881053_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaef7f46f8,0x7ffaef7f4708,0x7ffaef7f4718
2⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
2⤵
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
2⤵
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
2⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
2⤵
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
2⤵
PID:1980

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
2⤵
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
2⤵
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
2⤵
PID:1296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15296857477689957311,394422643931534072,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
2a1a3f3f7062a18bf46f7a5080b2fc6b

SHA1
4b03a51c79bb893ad3298de2d4c46caa76a2b44b

SHA256
b7c60a5d1b98abfe22898862a9a3c2c11cad43dadbf7228abf96134e92e24923

SHA512
ee29321c47a94caf976806967319cb64d877c520079dbdcc6795cc3b7b9880f06098672e84179e272c83a2d19bd81a4eb0513bd1e088f00beb1789a373cebb47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e2b73027cc304d476830f0bb4b1c8505

SHA1
387810e12f47403dff96a693360d9ceac535abf5

SHA256
a400ab5f02aef6efa3fe1493f6bd654481f055b1e3a14073ab6a49024d9fc9cd

SHA512
4854484fa9536a5aa9c031cdeded833e75d3484d1b445da3b6f00f30aadf9a0a96de44de0e55cf338906ff492b5c2abaf615a2c81eb96977904699e5cd6af47f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b9fd97163bf1f2761cd0a042025023d0

SHA1
27642d4730687add2c2c28f561cd205c6017f96a

SHA256
37f7dfd15d19bdf38b96e9d685b0322ebe0058e953458755dcadab3e0495c563

SHA512
3931e3437e124174182536aa1c013df81961beaed20a55d8c59dd6abb9cd16c5f0a2885ee71ccda27f9045eed3b6694e2795719d1adeb0ac6563f1e0e650aae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
114232f87e9b87d8e1b57817d02be5be

SHA1
a07de2859ac3d749a58a44653fddb23506625571

SHA256
6409ba6401d247ef860ce2452e60ba7db0f4512d12a6bc05f0074fbd0a942f3f

SHA512
590de296e56c94ed8972f1561af51a668f1d9e42d49ae383a7c5a2e41bfdf0e6b777faf5764a2bb3c109fad633835c895eaf130fa3f9cd8ce65fa3fb8e009641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2848be1df4732d91b71b768581ee9176

SHA1
8a6705af24ac10590c426ae26e9d149f55ae43e4

SHA256
b45c3945d3c53624a8182d3c901f9f4542a1dd9fa5be06d5f6fce8646f282b08

SHA512
c2519e8c5201a438b27da3a65aec60d079806322c9d807ae7bab122de8af49cceac263a9efd000a67c27e5e22eadc938218947c0ddeaa1f0f6d6025bfc0cf84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb5a6159c47f8e9609f1bebad13c5444

SHA1
4314d783e1e76f124cb7aba2d079ab8d4506c253

SHA256
973a5030d2c19e1332af6dea92ff75c4cc0f1f686f79f4cda62f9ed1029e4522

SHA512
7e8c38691c2ed7e00642e230551e5462acc96c641842c28c8d6d189ab94f687a42213a27d5e3a36700494ddcd9770e3cd00f696bfd696a983ed58bd2bc1d31c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ce036edc2cfd46cc371b6fec7144016

SHA1
86459c9016a2ee94821397b9d237ab59c5c880e9

SHA256
fc8e05fb673134e6b455fa4754ee17ecd21cb0e32aa6ed8392f29d55cd025610

SHA512
ab53db17baf6a152179417caafe2aa7dc4fa264f212aa9e4874732ff927b0585dcc73a29180745766b9006399f4ea08877e133396ec8eef5e1b8e9e11f328f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
4d91c69f86f85945c74552660dbe4959

SHA1
658c705684b2296c683123a3f6995f2a652d85cc

SHA256
a486eee638b95dc03f138da2582a241e64f02d8a5037b86dbfed0e1ed94b55f7

SHA512
56573a660e3945b6ab112db6104dee5af5c49fce1b158a6c5bfad19f8471c4d965a0789efe1c8eeeee02f45dccc9b9619614f5dab02b50f7bc478c1eeeaf765c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581c4d.TMP

Filesize
204B

MD5
af9df9e2d1b695f7dba93f35ea35cb02

SHA1
447a563233b725b9f70c15da023cbd00da22c73e

SHA256
8b9eb6fac65055c64cacbb661e75e0ea04df20ab890c323f2c447a63b106bc03

SHA512
ff04c896900986d711e8d2e60cc83bc999fe9166277e7f1d4762e084ea9644c8b4e3f30f2ad55815d937f7cb06f77e48476e0ce3e808ca78c8a33889836714cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ae835edd7ff23a38ff018e255d6d0259

SHA1
bfe33e60f8d41be53ca549acbe060215a891dc0c

SHA256
fb8f82fc87b5609e337ab84b5700137066be587fbded0ef3f48806de631c122c

SHA512
ae2d4a7e82cf718f5230159bbd79ec1dd1da65beed03d556f6dc637104c92582aae1ac4dfbeee341267b46665f90fb73dba2527d24a80a1219ec45ff0671e440

Download Submit
\??\pipe\LOCAL\crashpad_2764_XKXCGNKTIKORASNC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit