657a83350bba09d8e076e2947e6e07b75f5c3569e712e3efbfdbb284f5eba819

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bd8e0ea02b94f08501097f49b73f5ae_JaffaCakes118.html
Size

588KB
MD5

6bd8e0ea02b94f08501097f49b73f5ae
SHA1

19ebc8501ac598d96ef4bbe1604c52fdaee96d2e
SHA256

657a83350bba09d8e076e2947e6e07b75f5c3569e712e3efbfdbb284f5eba819
SHA512

a3b0fe1da1d61685c03dad7c7e6a3a7eb011e727d6d6785e3b69c52fbebd206eb06e9a31176cb98a4bd10c207e2e5efafcd03fca67212120a4ad5aaa2c48c3bf
SSDEEP

6144:rPivYYqSTmDgx6wn0eidIO8+74xQYjfnOYJ3I+U3xWPPqB8Pr8N:+vYYqSSgx6wn0eidIOyqx6I+UBWq

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3932	msedge.exe
3932	msedge.exe
600	msedge.exe
600	msedge.exe
64	identity_helper.exe
64	identity_helper.exe
4732	msedge.exe
4732	msedge.exe
4732	msedge.exe
4732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

600 msedge.exe
600 msedge.exe
600 msedge.exe
600 msedge.exe
600 msedge.exe
600 msedge.exe
600 msedge.exe
600 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 600 wrote to memory of 5048	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 5048	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 4956	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 3932	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 3932	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe
PID 600 wrote to memory of 1216	600	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6bd8e0ea02b94f08501097f49b73f5ae_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad3946f8,0x7ff8ad394708,0x7ff8ad394718
2⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
2⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
2⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
2⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
2⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
2⤵
PID:928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
2⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
2⤵
PID:1180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,501890419013327309,18277839004901622960,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5440 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
aa278312b238f883d8ab23b72181caeb

SHA1
d86fc697679a8fbda4169de5c1ddeeda44cdb95c

SHA256
73fcc75f0ea9f89e6b4f69e2458dacf61cd22826a10faedc9cea7bfa3a781b81

SHA512
c1d7bc6dfd2134d340b5eaf40aa9b89fbb3e6976d60e4972b16e57ad4b4c65fb0d817b92e7de74692fdc7f6cb874da558cf9146869d6205d3d0f3d33994ce7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
d505dfa5919644ddcaba779d57629d04

SHA1
d3a35e6340dacfc73549a71af25d13d291fe82ff

SHA256
3e9ff0609b71229e7b085b587d69f38def5fcfe023f305e9bf4c80ad43bf244a

SHA512
5536e9f003cbe1ed0d1d0e053be54942b85417c008d52a49eaa4fb46dbeb60988180670ca79e8cc7610aa20505b592fbea6d018785e6b694c003a9f19cf8c01d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
a27ebb394beb8735ce860e253a62bcb7

SHA1
8615d9401989f2d2b4a6b259dff5c291a7b56731

SHA256
afb0a206928afca101fa4b2e9ec48b595813f7224b0f96dae6f6dd6d80744099

SHA512
6920190b237a795d2bcf9e0dfda6f6058a3062f26b947e81342a88753e546885b3bb157db53bb0e1353ba1f43dce63396be177a9ca02b70e98f6951043a246da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fe3fc0e8c0f868bbbbb78e2b3a99d941

SHA1
340624c6289918834d48329b0804b52ed4a36e6c

SHA256
65037945911afaf4205216478b18fcd53c5f356e5feeba7aebab6849e71e6568

SHA512
3601b05acb3a72429f6875d0390997b535568df1f82cf9cd4607b2d2c17c132ab0102498be21ac3a8c2dedee386f1dcd7658777312aedf193bebdd9a9c64d387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
375e984fc2311d444c3228368cfef22a

SHA1
e4afa5d82f2234318b48cf23017a6c240ac43655

SHA256
435682886d4fe71dd05412da79c448a54ef3b6cfb0b82d4eef197a12b483d3d7

SHA512
f647e3ebe1c5b36ab27166f3feae780f6f40cf68cd92f3a76d1979e28b3ba80abbdb584808397494c6a610bfd2fb0e2ff9a4a9bf060387b9bf5869399ac7cee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f2431477153cc3be0796669be0a9a536

SHA1
92fff49f5249653d8d3e485f0cf794d124573cb9

SHA256
4998475785068976d682e7ca4f3137285ab5dd74047c8c3d0547a3bf39dc45d0

SHA512
f6a03d35d5b1e95a4e4c78631fa4962b72ddccb1eeed46169e94ce7424a4f3214de18937c07e1ad50af8916ffa66383535d1f46e3acf74adb2421bdd04bc6ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4b7e0a1d00fbb6ad0daacb1821b183bf

SHA1
532799f64bf987a97d879b5c063c135f06d2ca00

SHA256
6bef77fa86707b4aa1b799d9816a47cafb7181d535659c38317af959b080ffa2

SHA512
6a747bb0ac4870badae227e02fd23736f5981e40e7f1cf2f594706cc78621bba08dacc517a9dad958663312c58ccb57de76dad8d0b83a3e5a6d9e7ce225dbd19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
accd0a4949e1e963077d2c5047a3a3f6

SHA1
767cdb6c8527a3b71eefc8bd345090796927768d

SHA256
911ebd7f3ed740e0fe8986c99282aecba4efb948d88a15755070fe8b310487a3

SHA512
2b3c20a674704f1963a2efc21c482d88b565f793b653daffeb6d1d4fe7e6659032e81a5527dc178a8a6ff26f364a3f6aac923b4dd3a42125639e54ca0fc4f307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586f20.TMP
Filesize
203B

MD5
bafd56f1f3b73978b994660faac3e672

SHA1
fc50d802c8c3990f55f7d1a3abdfaa58e4adfbf0

SHA256
47dcafac6b03ba977fbca740aeb3e90a7a40f9aeaf14ee3dc7a124975d5375f1

SHA512
c1c41f4d8effe8ff2157340ec99617f6aa4ad35e82b19fa2d042018b20ceed8a40a7462aa31266d4900a4f743918b58f2e0d9d4fd51764be240fe0e259d4fe27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
cd410bfbe1c1c0ab44af2dff009f684e

SHA1
9a9438b4ff00ee23a8f9bb5dfef3a8540cb679bb

SHA256
187912f99f935afd69114fdd1b6b00572775621cb013f65f08048b7f42f57a0e

SHA512
1ac90c4dc1822bfd867e572134671884d84aec5883b60da51b8f00610a4afd7ceaad9c5613fd7b3d819ffb6ac9ac64565735251f81c188962c5b56a826427717

Download Submit
\??\pipe\LOCAL\crashpad_600_KKUFLEJXNKTJRBHA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit