910f5c9038998bf9801510d73dd6339dbe7f11be6ca65409b1d0c88ae7c2c646

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65ba3e9b5317f2ceb76328bc2394deb2_JaffaCakes118.html
Size

52KB
MD5

65ba3e9b5317f2ceb76328bc2394deb2
SHA1

1bfb087b95b8a7b7abc3909b523c47f5788db3db
SHA256

910f5c9038998bf9801510d73dd6339dbe7f11be6ca65409b1d0c88ae7c2c646
SHA512

e53c2a051268377d87a828cb63a0048e826046c7eee36d0154e8f85698426af7d027eed1422871df3aeb2d40f8d8a351a0a476a83c7a6687c878e0b732aba4f0
SSDEEP

1536:7mvXvVySoD7+dnui8ksb3vjaxpVdjhv/yF9eG3ihwc2U:qfFDsb7svJ2U

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4892	msedge.exe
4892	msedge.exe
3708	msedge.exe
3708	msedge.exe
1248	identity_helper.exe
1248	identity_helper.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3708 msedge.exe
3708 msedge.exe
3708 msedge.exe
3708 msedge.exe
3708 msedge.exe
3708 msedge.exe
3708 msedge.exe
3708 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3708 wrote to memory of 2120	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 2120	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 5008	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 4892	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 4892	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe
PID 3708 wrote to memory of 1704	3708	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65ba3e9b5317f2ceb76328bc2394deb2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aa2a46f8,0x7ff9aa2a4708,0x7ff9aa2a4718
2⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
2⤵
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
2⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
2⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
PID:2868

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:1
2⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:1
2⤵
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:2148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
2⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16571412113401166753,5193283517696311576,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
aaddb632f365a7e3c461014c36161ecc

SHA1
f6160f9cb437da8daa2577093b0cfdf383769de4

SHA256
1fa0d73e4bb6ef7f9909f4979e5b62487914d986187cd1605101e3bf5ba66219

SHA512
e04b66e61244120f54fbdf6cd8e7dc9b7431baa8cb4ee6d2d697850213c72fa00d58d1cee20b6cbc38a2a53be5543207297f1ba411bfa95aec88676480e10010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
15ae149e767f99c41632172aa8dc540a

SHA1
3d2f1e55f5d6294211e06102d7e1dc86a4c1f653

SHA256
68c132cf05cfdb9f5fe500b51d875f752a24b6d279c6d5848b2f1de1404d2903

SHA512
6d48b85c4e0154054a3c81c870a868f8231d469acd60d98f35d5f0bf87d17bf3cfce643b0c21224da1dd29fc24bfecbc702ba3c7aeac70eb21c08765d3a834f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
513eb19eecef1c2779b84242d8b606f7

SHA1
178fa4888fb6510e3558c32d072c08e6fc774c6a

SHA256
8083d9c60239b5ee0f132250b96c79bc5f470d85b69fcf139b58867dc3152231

SHA512
d3b48ce4d188db5c1f13f4121e22beae5ae9c83f0baec4659dbe9ab78d657d5ffa5a288c7e88f9b0765b70cbdc3e0555d3ccde5198d68bab96c09a7818f7b3be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
7fdb1360a7f566003c6fb3f13faaa7e2

SHA1
53adc508ab5392981d6145b76da004da0f53334c

SHA256
8f66c55103366061a1123fdb900682e752be74d5468276d8e4ed78682ed71631

SHA512
bbd4b9e335ada1e49cc40edffd16790cfd0864de218224728b5d7a95e3466b762ced0dd11fffce23ad0f3de3d08948453056a376ffffb5cf9ca14c5aaf9b3936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b2e5.TMP
Filesize
707B

MD5
d22da6b33f479e85d874c3035d31fb0d

SHA1
a1b3a9b6fc25ef2e0408d06c02b4b43cdc4886f5

SHA256
bef79001f64ebd2a3235528225fbf8aaeedbbd3d70d8700ad3b0506a47545a97

SHA512
66b299a558a3185727dfa4e9b1e88f760a879a49c6704b35d58d8754a3fcbeaf22460b7f0dd44d75cf46b718ab54e86015a0cc3307ba1669870ae5571cefc9a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a5dcc2e0-5665-4836-be7e-d5f8b6ec0d6a.tmp
Filesize
5KB

MD5
cfef77d6e40a1fd421dd8f3ea35bf71c

SHA1
ca82e5f7a4905ac1476af9cccf5f72051e9b7c36

SHA256
9be24ab2513cc746e4756f4bb4b6eed9a0d57f78e333cba812dc51ac9246ba0c

SHA512
b0da6ca1b741959e019c10af1a22ab27cabecd620e514e750ef01207789a73a9e2d3023d0ab01c8e3949ad9ca21e517490cd899be8f482eda1d528daf330583e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
fa7a2a1d51fd146ae3a93081f624ccda

SHA1
2acb23db6332d84f40f33e3dfb87898dd0554ec5

SHA256
787649b7897e6ece3cd7b86a5659a50ed9b857393f7caef21cfde2a45e3637bf

SHA512
45232c110c7f4347605b1a584d4a5d3c4df8c67aa3602aca1fa387cc77ae090c0ea39e9991c4208c2ef8682edf2dab9aa83456476e9c8e11391457f41a86cf88

Download Submit
\??\pipe\LOCAL\crashpad_3708_FXTJUOSIRAWZRQWF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit