b71dbcd67e604d4b3b6659abe8b68c7fa91141f9cb549bd1d046a740ac03b59b

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

691dfee8cd8a26debfd44cd94a0c639c_JaffaCakes118.html
Size

54KB
MD5

691dfee8cd8a26debfd44cd94a0c639c
SHA1

b1482c7b0568094036a9dab92f34b438cf1bb3b2
SHA256

b71dbcd67e604d4b3b6659abe8b68c7fa91141f9cb549bd1d046a740ac03b59b
SHA512

a08c3eac164fd9d87e674791b46e18009bb285afa93f00fe5d1d4bc66f26e62340b98d361bf7f5281d301984b9ebd38bf2b7416185e27e22999ce6883b41a959
SSDEEP

1536:7mvXvVyzoD7+dnui8ksbq3a2taSaxpVdjdf/SF9eG3ihwiZU:qfcDsuKEaS0fzZU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
436	msedge.exe
436	msedge.exe
208	msedge.exe
208	msedge.exe
4048	identity_helper.exe
4048	identity_helper.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

208 msedge.exe
208 msedge.exe
208 msedge.exe
208 msedge.exe
208 msedge.exe
208 msedge.exe
208 msedge.exe
208 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 208 wrote to memory of 3436	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 3436	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 4304	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 436	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 436	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe
PID 208 wrote to memory of 1276	208	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\691dfee8cd8a26debfd44cd94a0c639c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffffab46f8,0x7fffffab4708,0x7fffffab4718
2⤵
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
2⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
2⤵
PID:1276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
2⤵
PID:2176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
2⤵
PID:520

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
2⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
2⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
2⤵
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
2⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
2⤵
PID:552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9460936182689440224,15943291077544328809,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3812 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f8f5772225c1189142aa520d736169e5

SHA1
872f77ca5147b5c0a047f4bd8a30c9e10d397e60

SHA256
fae5058dba174513db60ea68db21920653b58bd14ff7cdc1917019219d6ee8c2

SHA512
03a5ad8dfde3bb6ccb2b03d1a5ee544e90428e092b44b9d95df1e9dfc2ba9808b9c0989753757faf7cf47073f12f400524c484b293011ba0804be77448ad4a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7ce1ee69663edb8cbf859711ddd82de

SHA1
6795ec2d4a2284f2a4538c3cf2484653f18a5352

SHA256
921668c2d222de26d68c0b1c5d6a64f755c928fcbcdcd10c58cd6024d34d21fc

SHA512
91ce5eb113d4bfdd68c6047a69ef9a830e3fd839b57293ca356f629af73f956ec47f731271391becbf439f9b4afbe4a8bde546b31672f37c78475588618368e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
03d415fb519fc9e62311bced4320a639

SHA1
9708e17b490a1e691a64b03a234094d882d8db30

SHA256
682ed2f3454e64f3df65fb559bda4a5de9a3991e688f8d31663a53c7723080b9

SHA512
1bc2ab7cda0c6296eb901186efcfa9821e8d0dd5e1832fd612bbe3bfd7044240db4283ca6146ca197c39ad5548f9c7e5dca659afafc47ea76be3f768ba4ae734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8098a76c7c3c18bda33d62c2d9a14a13

SHA1
f8ca7db0fbcee1aef65b66c4136afc30d4e85e03

SHA256
d8668422a66b350256cb1a6a655e2d992d735396f29f6f8f6a621b7bf7deb6bf

SHA512
8e569020073d04c71efcb24e7f5e912c36bb78710d36ae7a534c06bebd1dd70ab1c97f6b79922a238eb4a98f1a4a19f063ff73f3d04a91bb6ae94dc5094efe59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d2cb45f1b8e311b2d0f2eaed0ef57996

SHA1
ce1561746feffb317600553f2de41dcc4df75313

SHA256
b0a18e9f798012a514855729bda2e3e43e843b88f4fe4c4febdc4ab5a41e85a7

SHA512
83f123acfb622e3ea50087522e60fbe5eac15f167836ad27b9f8fc67bc3ccbb1ecbbbd54069fa5998635af9489c55a0f29a76fbc82d08c1673b407abb2ab50d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c0f80cee44cd51301018f20899585d3

SHA1
d9a27939b3db57369c0efbaa592f924904824de5

SHA256
8f3f5402f8766aa247dc0858ae144512b4951e20d766ac9a7b2e7997b4e97f63

SHA512
22b5fd7d7f37b7259bfdcff99cdff562f404c658332aa55d23fa24a6ade31bccc4a272533c4d592420509be366a9a6165ee6b9876b87c4c21c02b9e75b017b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b630.TMP

Filesize
703B

MD5
0f66397d6093089a78ce8aee1c43f8c3

SHA1
030592674c0494896a8183519cf947e0332be69a

SHA256
f3a7c1b279b5c9bc48d5b6ff8325e8b901cc72d1a7d1e1ffbf64c9c96f4dc5c3

SHA512
c48d27feeb16484988645b3e2696aec1a1a708ff48c61856d2d0e7c548def5d327174a7aace808b9220060187e7dbac1d7367056112c99898cf2d37abb4a27dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d41006eb34e7653087d1fdbe4ea4594b

SHA1
b460d9c22e9a043878ac57df21d677ebccc9acde

SHA256
366d3bd50c15d44a163ab68884e682583763e25165a85e4daa0b6e71a79671c4

SHA512
810b8f8942515318f30bc82b24784e26b63659b458f7e3de100a3916bceaade3a6872b8428b8834466a9133aae614947fdcd49ad213fdbfa889d2698ff2a3ce9

Download Submit
\??\pipe\LOCAL\crashpad_208_YSGIADBTFGKQRXAS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit