592eb35530f42e8ea54746fb389c62c200be1c7f6e4e42337b1ea1824f64529a

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65c9cb7b4bed359d359ed2108cce2a14_JaffaCakes118.html
Size

340KB
MD5

65c9cb7b4bed359d359ed2108cce2a14
SHA1

c5d6373cdb0796ac4cda2bedf0ce2d12eb6bbf2e
SHA256

592eb35530f42e8ea54746fb389c62c200be1c7f6e4e42337b1ea1824f64529a
SHA512

63cb2f5f6d46c99aadcb8da2d49a69ac757b0589b11df07b971c43e61919e306036e944a3fe1b4649c8bbda2f582def5fab5bca0910fa82c932ae6365ae2ae0f
SSDEEP

3072:IYaVSn2kgUxVt1ILRDDD9ZwlYiIR9FnGmzZgWdo1/a:IY0kgUxVteDMlYiWZgC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

msedge.exemsedge.exe

pid process

4408 msedge.exe
4408 msedge.exe
1824 msedge.exe
1824 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

1824 msedge.exe
1824 msedge.exe
1824 msedge.exe
1824 msedge.exe
1824 msedge.exe
1824 msedge.exe

pid	process
4408	msedge.exe
4408	msedge.exe
1824	msedge.exe
1824	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe
1824	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1824 wrote to memory of 1680	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1680	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4896	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4408	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 4408	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe
PID 1824 wrote to memory of 1504	1824	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65c9cb7b4bed359d359ed2108cce2a14_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec2bb46f8,0x7ffec2bb4708,0x7ffec2bb4718
2⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7004180552382484251,3550860739800949738,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
2⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7004180552382484251,3550860739800949738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7004180552382484251,3550860739800949738,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
2⤵
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7004180552382484251,3550860739800949738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:2296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7004180552382484251,3550860739800949738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7004180552382484251,3550860739800949738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
2⤵
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7004180552382484251,3550860739800949738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
2⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,7004180552382484251,3550860739800949738,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6032 /prefetch:8
2⤵
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7004180552382484251,3550860739800949738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7004180552382484251,3550860739800949738,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2
2⤵
PID:4252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7004180552382484251,3550860739800949738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
2⤵
PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x2fc
1⤵
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
48b27b72a1e172448cb9b04312ccbe18

SHA1
6913071bd798c4401879b470404b6253f964ba79

SHA256
bee8bf16f0bbcf3bcd27104c2ee0837325e381d69116aab6aa22efe4d4275fa1

SHA512
e6daa47b996ca7474e8a4fc1617a46566aa0c4e020a06d1336a15599d9439c76cf1051dadb48d11eb38012921be180a9d97df732a89e6eb6ce52222ae0bbec90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
8eee291080bfaa0f9dbc9c6320384d3c

SHA1
dab49f203348e3a855339ba1dae76284cae292d4

SHA256
f4b6fa85114bdc726db24b95d00b35a3550ff01c5ba7f6cf6d8c74824e1324cb

SHA512
80c3db272a84e4a8e4fee4f724f81a49cc8db8592d81fdecb324310f878dc017c12301b56996f36752354782bdc8ba2ca0aa986881c7f38690690abb989a27d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2770629b0a41e4479153cfaa8a948d10

SHA1
5df6ebdd2af2b2789fbd23c2ee24608bc49e5452

SHA256
8c887fbb880991d749ccd42831cbb25d8a012b054a00c7ce319b70a6719b1780

SHA512
02ab67ca16bd4fc0b6f299cd1b374c0545d7add3af6cd18f7a16cfea74f4783ddce48d26c37d0578ecb6d9f1c65a86161ffed960a277bedeb724a97852d599b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2b1f1a35b23fca98d5f2e3b70b65f548

SHA1
3c73af7661fa9fd349c0cca728718cef2a9ba666

SHA256
239736e7fccd2f41a311a7ab8c95ed9b55ca33d41c449cb23d6a7547947f6664

SHA512
a6f52237554115839290fe2a25c5e51e9d5910b0f4708120a4eab2f1de44ac299cb64f7291c27ad5f41044bf01da46cf0a0c9170f60d7afa2b5b069bb1042763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23c5ae1314e3571cf96664a42d6dd233

SHA1
f01ba889407d1c12069d833bb9bdfb6ac47afa08

SHA256
dc22259257fb28815b89192600c12fef70eb6edc905fd469100bf184c0d20da0

SHA512
549c657541c57bbdfd81d42f16ac3d073b23f9fd5af451a78083e29631089f5eccb39db093a1df9fbdd5e80ec819a240f01664d6f34ada0168e2ad5684a79f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f0ff9a6e5b7dbe493451d21bd1e887c

SHA1
4409c82321a7889806a51d7a94eb6026583b6910

SHA256
f588bcfd9377f48cc66b3e758d0ed139dde71885a59f665566925e47753b359f

SHA512
48238f7a3cc161206bbd23856d588c8b83f37ba777bb56185d68f6a3b86dd1a58b2167c7dfdc6a61f8544800dc2c6cc3ca663483d14bc303fd78775b5bf4d02e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2c6f0ce20e0fa884c78ff95df216943f

SHA1
8622bf37d0fbfb7a913430a8601fcf4dfba2baf8

SHA256
e48f136cea1c8f48c664b365a1974a5cd75f1df1a0034e189efa75b487d9f68c

SHA512
b41b61a6c3cc5dbb6e95676723cef88085a8dc943bf6fd5af279502cc056915cf527f3cf5adeed6db500bcb54a7cf8557bd0f9e0fa4fc2c2bd10566746b4a618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0015e59317dbf12a5301fe3e494b9f75

SHA1
6c4d1f56e9353b50152288718b4238b380cc8b05

SHA256
bd6abca0256054c8c7a4c2d8f92eec72d405b4935e69d3c80f015eea1420a870

SHA512
50c7d141d69a280c1e02cde6273a4e1f8ce22d792aa659b5a2a74bf0e130ed356f5677b3f3c8fdbe70fd92814bd17a0968b1612bc82ff2c1a7b288aedbd2af17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92462388a469db5d0f5aefb0096cc37c

SHA1
1144e1235afd834e763503dcc9718ae6461c1b90

SHA256
62e5c5551625721eeef47a1aa04c764aef3dbf2fd88e3997812b905e19dcc495

SHA512
50372d25276cea0727cd0d682f2ab102c69c5b294894d926d58ce303a819762736289a2addcad5668f1e2bd76fbc5006f444f85a1429695307d79549f7f186b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586e74.TMP

Filesize
536B

MD5
4478d60aca5a436030832fb43ac99f8f

SHA1
1c711097941d821175b0f73f95a8de86c21b042c

SHA256
500e87aacfb86e3c7edd38996b613d24434608803dcac07eeec95114b217254e

SHA512
f897eb09840f606d3e1e0ad44eb0688d67b84943b65f25faf7f1b27032b3c16a245fa911ab1b4f1e57f50cf37a281ebf851f11ba2226ebb23e6b97687de841c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
268a9746d0692140afcaf1cccee0e168

SHA1
49a066d76653ffade1cb94cca488aa0d78f27e36

SHA256
e78de4822f2d6733c68fda26a545c08f08b0a85eebb9263e40d3d3d5de5c0f8b

SHA512
8b535bb9730d93b2dae80d78077d823e912206b6ae3b46bc17eb54d757ce0bde7c379ce5e88c60a19ebf0eeb9a6a9bc475664ac8b0395c7528f091574e313ed2

Download Submit
\??\pipe\LOCAL\crashpad_1824_LVGCKMJOBFATBVWO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit