0c1c074f5b5a1c8df1ce8647d8177e40bd05b7b62f6cad4ba67dcf62a7c466f2

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d2282cc85eb9c006995d56ea7258c5_JaffaCakes118.html
Size

107KB
MD5

65d2282cc85eb9c006995d56ea7258c5
SHA1

9325aacb2ad9f6b68b459f3e6fa02f4fd7a62e8c
SHA256

0c1c074f5b5a1c8df1ce8647d8177e40bd05b7b62f6cad4ba67dcf62a7c466f2
SHA512

fb0efcc24cc5b011f9514e0b34f311b01162acf140c18fce531114e1eeb96a6c86ba799cedbedd4a9ad4a7501dc9911d2bc85a36638e5100bb315734708ca6d2
SSDEEP

768:NbzHc92Ib/Hm9cbpHf9dG99/JTMdpMTbR71bxbtLh/d/7h1TUH:HgG9lnTbR71bxbtLh/dPUH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

6120 msedge.exe
6120 msedge.exe
2916 msedge.exe
2916 msedge.exe
4056 msedge.exe
4056 msedge.exe
4056 msedge.exe
4056 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

2916 msedge.exe
2916 msedge.exe

pid	process
6120	msedge.exe
6120	msedge.exe
2916	msedge.exe
2916	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2916 wrote to memory of 4916	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 4916	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1636	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 6120	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 6120	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe
PID 2916 wrote to memory of 1192	2916	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65d2282cc85eb9c006995d56ea7258c5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec94718
2⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5183129001893530177,11768043643931265803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
2⤵
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,5183129001893530177,11768043643931265803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,5183129001893530177,11768043643931265803,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
2⤵
PID:1192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5183129001893530177,11768043643931265803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
2⤵
PID:4140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,5183129001893530177,11768043643931265803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,5183129001893530177,11768043643931265803,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
88KB

MD5
992d1d60e8252b6bcdb3d50a9fcd3312

SHA1
b4973f9e2cd47b9794cc30f78e9883682e36244e

SHA256
423c0c5efde39ab2ddcbbf2dc0ec29aaab1025c3db2b42c9ceaba00674308cdb

SHA512
6e903d8b50e7be31fce0d4950649812b5ee9c33ef1e87923cd8923d6f2daccc44da260bd36b4f407975e627a27ad46ff2872374b06718ab8230dd3b211073937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
73KB

MD5
1ae5ccc61194459b25ad8f235e33456e

SHA1
e598b92983ab6c8e14c8fb7650f72f6444c26726

SHA256
2b07bdfb881f6c6ce3ae07dfd53c6059341a2a665af307a9c8451134c1e1bda2

SHA512
7358dd60e4d43063ce5e2dbed3a50aa57166eec10b6cb5e51dc74d16ae055d6434cf5f9fef4671d01d5697c011f0920283d1f29fb759a92270915a7c5cb4ec2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
73KB

MD5
74a22c126911c628586964df12a393f0

SHA1
fa25b07513a8cba9733c1fd7513083c6496bc911

SHA256
3394bd23afb9a80e3e086e73e6513c7c8bfca90b2cb30dbc7421e62d931f66b2

SHA512
0907dcfb20fbfe866696791a85f0d03ab7a5aaa2acd442dc89639ea4612de60d7645d1b7c510a25544081b94917390454080cb5fc98af410be2325b6b8a6af3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
73KB

MD5
695e4e039dda84dcf8f944445afc5140

SHA1
79de0f28f7ee2084e05fb80d2f5bc5fa6f495c22

SHA256
dae5a0164097502fce8bf936c771c918ac0ceb134ba84d6184c74e3a0cf1c169

SHA512
024ccbdec35072f94a09e9dd098c6070c11fa6a657fd870c716c5ade545a0b7a5dabb2d0dcff20abb5b7be1fe546aefa88bf3ec670eb25d959232c5bc74b4521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
73KB

MD5
45019fddce25d758a9d12a5ae90b8240

SHA1
f7200821812c8e768886d380caa1202b8ed0fd58

SHA256
638023ac2a8096a39cdce18c4394f83251384ebc41a5683311d8d48a2bc2da5c

SHA512
1c653d1410c0d288e60eb17b1b292ecf48fd855373754ddc965f3a5fa654e8b04def504a3e6a40d33414044d88876449f259c379467b6d6e3577b0de5a6aec52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
73KB

MD5
16979a18d2cba7c7489c8f603db1f3a5

SHA1
79a40c7cbebedaf1e66e6559a031ff8930457b1e

SHA256
88c2b3e56721c14526acd902d6c5f7872585c30668763577b3c001e38e37aca0

SHA512
4ebd0faa2797102590d83e9931511b3b0f9b52e2bcfab0857ce3ad8c39006b4396ca058c2a1c0044d374eac7b36ae2caf4132b4143938a0dac8e64130b0f0b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
73KB

MD5
32806fab2dca8784d4af1eb91947bf36

SHA1
9f0b2ce46501401974b2fc657ddddf06c2c210a2

SHA256
f55f8bdec6aede2ab7e95a8d0977571a1a9d474033c8625806c1b53cfa5b05c3

SHA512
48143d39d733bee1d06499b7dfc6d86cd27d56f2a0d5979eb048225f226d78c80331b1be420ee69fab005e54f85d23b706be7dfb9edc834df32a263158224839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
801B

MD5
811047ac6177ecbb05c9e114d49a9dd3

SHA1
33e44e0795118ea1991f0bfcb140980f51a64d6a

SHA256
d7070b27fc4ff0e050e30d75681a05215bdefe7546ea00a2c86e76a6db467ae9

SHA512
5c0d375cd367988f2f679d93086a1739b7631ae8146e9374c62e5fad10a8286cbd32fad5ced5f44039428aa7a7b46074127c08f3e671fe67bd6e677f5a84d52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
663b78bddb883628da8d9804a95d9597

SHA1
956e5a2d4e47e99e1c48bd38cd279bdbb2a78e48

SHA256
96f0678df2798d89c9755c1d1203cc65066dd300cf419983a76ddce7328516d1

SHA512
8a57e4158c593fb5571c97d92b07252c46f61042655575a6e46dafafe8ec4f8084b1ca461e5b2ec6306cd2c669ed267d939abcb8a6792ed1e34498bf7143fdf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00a2cfa4ab49f8c7a1188bb99c5f5162

SHA1
b9f01a4906c52c6c68535b30f1e3cba1f69898b4

SHA256
8f0136bfd58d291c10f15e0dbe765d18f201ecd979bdd8f6d929124860f97a1e

SHA512
910cef5b42adff3d1059d83795aa8afa42cb641ca6f8f4a1f43a245e3c979e931ca075e6a9398ab64b52eef561d7b442c93d48b07e04e38988608169a3817d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4a36586014d72444dd7f4b54f359042f

SHA1
17112951ed80d4f884a195256175af67bad7eb07

SHA256
0711ef3da1657cb8c05c822be4a17a700107df2edeb4adf97a5915b31a7a4ace

SHA512
deaa1fa951530f1c1ef40c450d1e01387dd110d97eadc93c6d633541585d9b3173877a08ef87aefdc0fe2cb0b248993b92e6db117fc1cce834b509246d7ff9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
d97c27fa8eb42ca36f1f3e24b1f9cb60

SHA1
978e8788c06b04da147bfdf13225bf035a6694f5

SHA256
73a940c5fd7840172d56bdc04426ca1f6a7cd0cc82186a09e9f13a71c289cbf9

SHA512
b4a1ebd09781d4cf4c65098c573ea95879a2c666470b5638907b8a2edaadb71265b031d8f3d4318cee6eeb7777900128ec8e84e6b93d3e15a391025d2c9f2b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4b534863f177b92b7e78b576e1ed9006

SHA1
6e59fb10f685373aad7f3110feff4fbc9bc5c953

SHA256
b3698e8b71836f5c0256c2f0c962d6f9bbe839e6edb95f007bdea551732cb8d8

SHA512
881fd4b4afb2e446b230308efb94b2c1f3b075c88796c7db336189dcefc7781dc4197db92bdcdc30e4eb6cd790881fcf3ce361894e3e5995136db1da5260d42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
061927789e589f35fcd4cdc4a0f8ab8d

SHA1
651c45309e2b14cbffff8a888a17e935da222fb2

SHA256
cee9ca1d88f6fe4d398ffde4e437050c51e233b3e1262cc341e206d83b987477

SHA512
ead61c51b4b995d0b4d5b60d203ae7d5b18ef89b25d554566ac6e6080a316f035b9d82e553555c882b53ce2bd6cda7f0d572bf8e6285a6100aa76f1d310dfa86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
af14fb98e5453fad2f61be5a01e5e263

SHA1
a5ab87420b3564ed9fc7df67e7b8300d6ee17ae0

SHA256
e848e637ffd7f08db8f11152c704a847a7b3231e0083cde587a952433f98c33c

SHA512
20b14c7de054dc84efe22bbb6f112ac988f938453f9cd20dcbe23c667afb7e9e0dd285927cc33f404539a589d42c9ad09a6068698dcea828eb9e3ffd97b15410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
df91a8989fc580fed550300acc80794e

SHA1
5fd54563e12fdf53d9d66e0316fb15f110fd3507

SHA256
e8a1f0a72e90e3fe7dba9621b81f579fcc74d7573a317c2964902b562d9e4961

SHA512
da30b5c43f7dcd2342356bff09b20a44248b87600304c68770aafd628bc6e0c4ffbeb609ef9189b048d7d9df435f3d03c20f093ee5173112a9edf1cf1eec3f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578e65.TMP

Filesize
370B

MD5
bf8ed554e6549ddb8f7c81c27d5f86cc

SHA1
3fd41623f403eb4c30305aa15e2febb359e95708

SHA256
cb5f03a281f393ddf1ed6812193b00c70de027ceb9becdcd6f92c0549af10157

SHA512
4d47aad8a659e086a8b7e5fa3190e3151c4a56886f963c64d1654a62a522aa207840cd5763854d71cd09dba951d254470139452165e1b3275b239c4cff80785c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5ac9773fd8532aba5e60b60383b59df5

SHA1
ceaff5bb76a514cba243bab0058944fc2aebb065

SHA256
bb9bb8d37dda1556f0a9c0195b5e3c9ec82fef4a9a5f65c42dbe20690bf51dfe

SHA512
320f04d3237ba825d6774980728ac503de76b66658705b2c1a66b94a8154178d6eb48950e380cf69ee88c1c6d6f7755c75101c41852335c1e7080bfccc3cf7a2

Download Submit
\??\pipe\LOCAL\crashpad_2916_MEVCXHHSBUDYHRUC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit