b486550a540443d269d61cf8703ab1b99e25676531feb9b7fe661e09708bf250

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65ce3af780f909d5ae5d83455bfcf3bd_JaffaCakes118.html
Size

78KB
MD5

65ce3af780f909d5ae5d83455bfcf3bd
SHA1

86bea0ad5447ce8c92e1cc788539811972cf5d62
SHA256

b486550a540443d269d61cf8703ab1b99e25676531feb9b7fe661e09708bf250
SHA512

0d842462077a0224d18423be6fe4e2daff100667edb17431f8402fd74c187e6007014dde196da9be8bcd2a64d6418ae22a66c2c024908d21ce050cc5ad41fe63
SSDEEP

768:9Mb2fmdH2wHiA9KlsbjKImz9OzRWUGxurRr4Lt2hj1o+tsQDQO:M2fmdHLqsbjGz9OzRWHqNh/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
792	msedge.exe
792	msedge.exe
4344	msedge.exe
4344	msedge.exe
3556	identity_helper.exe
3556	identity_helper.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe
820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4344 msedge.exe
4344 msedge.exe
4344 msedge.exe
4344 msedge.exe
4344 msedge.exe
4344 msedge.exe
4344 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4344 wrote to memory of 2536	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2536	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2824	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 792	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 792	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe
PID 4344 wrote to memory of 2464	4344	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65ce3af780f909d5ae5d83455bfcf3bd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef94246f8,0x7ffef9424708,0x7ffef9424718
2⤵
PID:2536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
2⤵
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
2⤵
PID:2464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1612 /prefetch:1
2⤵
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8
2⤵
PID:3992

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
2⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
2⤵
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
2⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
2⤵
PID:1484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1184019623442296136,16212418452838718254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x414
1⤵
PID:3576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6c5e5c76-c229-4b98-93d4-03289ee28e00.tmp

Filesize
705B

MD5
157b66750d790e18bd5ced213f161b40

SHA1
863ecff8c778ceaa8126e263c3b50883e24bba87

SHA256
32b552296f42d005238d87ed64d33d475e109fb9b16daf151d059015ff96b6da

SHA512
b8b38f39d77b29cac1bbc51fd5ec22ff844e6f90c32977c1d05069e916dd244b50440b84d3946dba1bf438238e6f7d3c28b232d297485fa73e06087a09983bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
8e6f0e5637914df9823b064a068df039

SHA1
cf7b34aae05b44bcd13c99f8f9e70882e661440d

SHA256
ea650f96b4df88e8b9a86b6560538f48d75c8a3825bee9c89e2ea0cca7b59ae5

SHA512
c8a5446d50ebc6c14e9a196b4280abc5b0cbe9687f05699142144f5194a235756bf3def1017938cb102f824e14c57ddff244f57417c3568f8109a04a77b55165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
486B

MD5
2abc3209067712b1df79c9bb5658aaab

SHA1
e1da97e69a743406c9a504b00d6ad384464c97ff

SHA256
a8c9b6623c72de8d43a1022c77ab8d751a14a52049da5ee8069974d5442e0006

SHA512
bb4708091b21fa18ed30206d955fd01da039e36239488e23df7f1093fdba6cd339e025dfa5b6245b613fe04961039732efb2485b7878198844f1e130fa8a7a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
629d58697d2385b2c89c7efb6ecc9a41

SHA1
577304e434e27e5854ade5ac457fc14dbd5f7ce9

SHA256
0b2d9cb32204321615a3b68d3a8eee028c63d9158b162481f710745e7b743840

SHA512
307cb727e8b81c58764409c4bc46ee8b2d827a1a31f966270b8f770a8a7723f7124d0f98ed0fbaaa8989a9052edc82e0496ad79c9e2df5daf9063f556314667f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c169682b9b1617a21608cdbb756cb87e

SHA1
c7ed8985bf0a2c8adc6cc9638c2718d769dfaa9b

SHA256
e1e49c0ebe70087156d2444c1b8f9149d5df4a4b75c6c14733a9a49eabaa7310

SHA512
3e3d33199c8b52945d6643ee55cce64c0d46382f39f6dcfdae18cead91adfdb294d98c82d4948e37cb7f717ce92f35571222eadeb7fe142fc8fce3457313cf3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25e2600bce28b40c94727ddfe2d8f44c

SHA1
b5f4d2c76ea16eeb39222e4837991f4000c4fa3e

SHA256
522943d10f7aee479cc2dd0cc10c53966ac85499afb1c59fce014990afd13c5f

SHA512
c13d7e8ffc556d8128d501d4f7c00a9d1e3e43954d731d4004529ddddb4fb70460c9b4a05dab58175d4b48c791391c14882cb1faa0be1c9908c80cd79378e743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
93dc031934f534f7ee4f81f6c69fa135

SHA1
1b41f234d062a192bbca37d1b432772d0dad6f34

SHA256
9a4efee76f5689c64e70feb65eb06bbbb23aaff192b5fa9a52722187e40441e7

SHA512
86f542107705dac858d9dc5fb1ab33396698a8ba38c2cba19fec4ea8c0fefafade2b245191fff8e0175edc3a4bb5589bc71609c2f52efabc194046d283196e3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
0a53788d35907a1bd437a305a6e39ce9

SHA1
783e49c1e0a65879f12de0f9f8070e8a98d6b0a4

SHA256
3559b69a6d2b0d285d9b731b67ab6782d2ebd1581d5b9dac721ece9b47fa2204

SHA512
80b7ef73b567da8a2e7866f2626577dfa634baaff6c435fe489d33a5909815b10822f043fd8afa8fb237006cb8eccd7d263e4ec225e813180d59cbdb440c29bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b1e546a598378f3e6c3634e43ac435f6

SHA1
4c23e819e9eb0c5fd6c5ee88206ea5953ef9e4db

SHA256
bd501de65d7a27a98e175e841c5e5b05c8907582626ec34b0d0095727667e715

SHA512
7df84e2fa942aa1697553546cd50e26bbbe0c4314edca7a7508fecf579382bd9cc7c9f28e2613819bce2ddecb93954bf4c1009c6323fcabaf6e05a8ca47f3c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
48bb8f5067064311bb440cf29b1afbda

SHA1
299f0c7e56ff6a8596a4794ddc8424af75422bea

SHA256
48f62439c6a3f487dccb2dcdde6c5dd9d634ba9a9392a2240ba1a3fafc91f9d0

SHA512
226593522eeb53ac2412127d7576afd8069650de9c32118a6f1dd71c8b992a80b093e7ab156872747a589c9aa458fd5bcda19a8c1a695644024b850133be465f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579af8.TMP

Filesize
370B

MD5
9e0240ddcf0a035a9fa2c49aa78b75cd

SHA1
79bab3ad172bca4f45f63501d98fefb90b070553

SHA256
c93cedd91db8926ef94b4cbc8814a001372b442548df608beb356b94cdaceb65

SHA512
b63e3db43dc62670815206d1f8b73049391b36f2db1990e2c8b1f57bc24fd292d12cc1fbb7083c3ab4b50f8b3b7039a67faf9e4fbc7f07ebcd88a33d91b668f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
917eac10e0a53cc05eeee3a1ef462533

SHA1
0de71dec3d65cd702fe742392ad86a72a9922d71

SHA256
0393683a3d51a0e05794878155687e4e4f7d075eba20c548745bfb50e5f15df4

SHA512
81a2bdf7fff1d01f94b0e36c83f260a94753d18c906e53f5fb45a7ae7616d5c6360763aad64eca82dc0aa93f06bad509ccec34888b647fddacf36ccf01d1ac27

Download Submit
\??\pipe\LOCAL\crashpad_4344_HGHDROUZJUVTSFGE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit