39f9e9cdc2b1da001e5303423e6740a0f93835222556c4d68c4e0760dfde91b1

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

693e8da3970c1dc13dc6b1e103e9d3fb_JaffaCakes118.html
Size

203KB
MD5

693e8da3970c1dc13dc6b1e103e9d3fb
SHA1

7d160e5594a5433e7753de06372ea3a55943a81d
SHA256

39f9e9cdc2b1da001e5303423e6740a0f93835222556c4d68c4e0760dfde91b1
SHA512

b7e46deb9a99a418ff3ae60079c49f283f518acaf08d12695950a3a5e0ead3d1c1d584ef6656377c2d5bd1dbc72fdf6629a795ac1ecc792c5e17753d407c1ed7
SSDEEP

3072:qfmF5sDExOVdV+UYN1aQEhi7kjcHXxQRVuSb+Jc/094uI8cffDX:Z530DH6NEQwjcHXxQRVufJc/0944kfDX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
2264	msedge.exe
2264	msedge.exe
836	msedge.exe
836	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
2480	identity_helper.exe
2480	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

836 msedge.exe
836 msedge.exe
836 msedge.exe
836 msedge.exe
836 msedge.exe
836 msedge.exe
836 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 836 wrote to memory of 3332	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 3332	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2728	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2264	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 2264	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe
PID 836 wrote to memory of 984	836	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\693e8da3970c1dc13dc6b1e103e9d3fb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc2ac46f8,0x7ffdc2ac4708,0x7ffdc2ac4718
2⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
2⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
2⤵
PID:984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
2⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
2⤵
PID:2588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:1
2⤵
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5404162718707865782,3127351520266590626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:4388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2480

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
65a6f94564d47329ee829f0f83e96824

SHA1
50e134928cfc8209cb0c2f742884c2fed81be82c

SHA256
0f34fcd3ab2fd1b52f1c853964d86f232bb1c4be05cd6a6b01a29ea67971b12b

SHA512
0f94ca603aab13ee58932a729a9465cb7f6ca2c06edb71a6937b49917d2f2a5c1720e3a78a35f1f6c24fe6e4f98521a9656ad313390ff2799face1f88ba7aa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8c7e62e5b422926cacb1f602a748946d

SHA1
a55d40dfb649e8d50b8e1f2792fc647e151b06c1

SHA256
54af139255035f94507169e576b4ff2b823d9e175a4efb675c98e0fa5a7e5b46

SHA512
eed0044c9d3b0ce2dd1e6366fde5c3878b41c20f915a6cff39e1947f8f84ed4a6b5ba9d120eb99f70348bdb3a434bdbd992e3aadc4d779fe7b002de1f4e4194e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7011a3469af3d5790819eb93e958d35c

SHA1
f5c1eae3e9c7a13415b8fd69acdb9a6e01c75c7c

SHA256
9f961ed7b6cb92b4589618e0be8748a6c1fda59c9cb6fc1695143c9383fa6545

SHA512
3771506880d56ec841e0cb7d5f39637cfb6f53badf773c1029ccd3d1032e753433a82cc28c090d8e89f33e3b968a6e84b1c394795404b8bf007fbee27571df4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5f9d78dc4812fe4dbf1f063a3d9e0062

SHA1
fc7ce6ed08aedaaa929e8e84f002167deaec8f03

SHA256
58f1bfcee2cd358086ef97879f52268f539c75b5da5cc9c69e00452c77d1db2d

SHA512
1d691067be7f4a06ecc17c387aff51c50584d0fd2512e11b973bdea11ace5cbddd0ffe67d27c23a811669f5fd9c8eae1503b9515f8d8ff2fd9fb84f9dce3060c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9f1cfc11869223441c44c68ffb51d9fe

SHA1
6719e5bbd8416455e8a2068786ada22ceca23c21

SHA256
a3acffab2ced9d137784ca6c0f6a77dccc162108ff258f6d5c248d21374c7e18

SHA512
85ee284ad7053d2dab561166a8bc2e0597e8f52f5e9b81d9d9f2b5be9d702cccf8189b165a42ba91432d98f6869b8989fd9c753a0c9a0c6f2cc9393e736e56d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bbfd.TMP
Filesize
707B

MD5
da9ea70e653852ae931297a4c5c86d08

SHA1
9063fb2658b9e256da87b8c2cf9cd5fa53418758

SHA256
4c46b5bba3c989773176cfad6e609235e56df21e1f8e14c13dd4ff8208c5a525

SHA512
20dec5e2a1ebc9e7c2a8ddfbf9f5f60ae696dd1b0e91cec71b18ee57f2a467d23a8662a407ec06c2be67be55a71b30d9f7be9f401f4c833b4d4ea223fbb6da77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
bf9f4aef73f1f1d26b8f366e48476389

SHA1
819725ff58cc4d93c73e9085abe5cbc8db1e1284

SHA256
605636a2446cbc14bdd93d2dcaa793ab7056ddb6ce2227a71e9893ced506748f

SHA512
347d6c9971a49650e1743ad0ae56a9d7e99fbafb22b735995fa1218e1bdda40272f03532c6d6ca3094a18e59742617c37c3a41252fb29054a5a3c20bcb8d2b4f

Download Submit
\??\pipe\LOCAL\crashpad_836_CCJWJCJOGGLSGFPT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit