5beb79f0f0731d469d992c34f0c3b7740d6176b360252ab9d64165a831bbe017

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 17:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

13b4f786769b4cb138b0e616a13c894c_JaffaCakes118.html
Size

20KB
MD5

13b4f786769b4cb138b0e616a13c894c
SHA1

59021b8ac059cae39d4021f0f63bc5735051fe1f
SHA256

5beb79f0f0731d469d992c34f0c3b7740d6176b360252ab9d64165a831bbe017
SHA512

cf30c7a56338bd6905e1afa67b3fec87e063428fd8e1e0e2a75e08a490899bd5b37cebd3ceb38de6cfe3910b96460c2e0e1dd8eb656e91647c579d119dfe24ac
SSDEEP

384:S+wmLh1G9HdxIY9JphgF5Klr7Y/YxDY6E6UH:SiG99/J1NSe1TUH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
4376	msedge.exe
4376	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 4044	4376	msedge.exe	84
PID 4376 wrote to memory of 4044	4376	msedge.exe	84
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 4692	4376	msedge.exe	85
PID 4376 wrote to memory of 3088	4376	msedge.exe	86
PID 4376 wrote to memory of 3088	4376	msedge.exe	86
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87
PID 4376 wrote to memory of 3200	4376	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\13b4f786769b4cb138b0e616a13c894c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd9ed46f8,0x7ffcd9ed4708,0x7ffcd9ed4718
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,1365824406984278951,4023735642792646895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,1365824406984278951,4023735642792646895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,1365824406984278951,4023735642792646895,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1365824406984278951,4023735642792646895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,1365824406984278951,4023735642792646895,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,1365824406984278951,4023735642792646895,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
87KB

MD5
4ddd5f4bb2c667a5e10cdc1dd6d6f769

SHA1
03f78c64fd12e037f23a757c4f89a8d2a199f9f9

SHA256
b2c5ed36b43b6b4fe7a41bdaab63ebf1ecc0a4300dd15c4918bba45aa324600b

SHA512
1c5ead3edfa06a0e7b4b33f71ad4a074d277f123b7335e4a3a4b1eb9cca6708960aba4bd80b48c0d7bd13ba9521aca2cc217d128cafee776b52fec700b14ea10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
72KB

MD5
b77e8e936ea4515e6370b4596e8bd061

SHA1
b3c9d125616642c621ac143690c1fb5061300aa0

SHA256
12efa2952837378fb2d68bccb37d19177ce5a2921657bffe588dc69637036904

SHA512
9612b77c925fd823ac5ebe98d5ddc2fed0f8420f533793fb4260ccf96b76f59f2872f6d207dc94abd733d19f52241c8fac9834d138bff3c5a58787eef5426026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
73KB

MD5
630cb25712d139276a15016646210cbb

SHA1
07c68861b5c228fdacfb441267dac08bdaf13ff9

SHA256
36937d222987bf85649dcac87cf43ac4407638657d0cdf1c2333ac4353bcc466

SHA512
538b893e99437d34fa0afa91970711e6793671dec2e9afdf453d47f8cf691f7b0ca781bd7bfb5fbe6b5b50e4c45f50985ceb9a129c2fd6be161e757ea89e3d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
73KB

MD5
6d23e12c1df4ae9041ffbcbaa78f10f0

SHA1
6d449be10d1d2e218b00e8c5325b22e1db5658ff

SHA256
5fa625bed04cc951751884e06d1be40b576330b8d02a13e058f29d39e287df64

SHA512
f7d0e1be416fbe29e1558f1531dad06ab22cf91fb8fa40e666d2018352be74c63a6bdce83ffcd2cdb35ced5bfbb9ee33653e06fec75be6bdb7ceaeb911013b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
72KB

MD5
b8d1ae2166429c80993cef28835fb0c4

SHA1
824cc34d01256ae5f44c3435aff93e3ff8d4cbcf

SHA256
31e35e6a7f2df768234a542f365f906978551bd28695caa94f52b19bcac4027e

SHA512
3236aaf225c1ed72cf2c34d7129d0e5cf080a13ce57d1f39c1278fda9c3ba2ee2fad94de3c058527c61a35ca0ab7fbe480472898578cba7786c70c06372b3a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
73KB

MD5
da677b44881969bd7a6fb3dcde4d672e

SHA1
41d94c000cfb638406942493f4e22b873f482dfc

SHA256
0e0903c9c584a4b3863c526e29aa395bdfd2a49e74591c6b78fc1269d9db4fb1

SHA512
81822adaabe95a6a6b4f06f607a47d8fe57fa849d8887585af3faed3faeba651214d2eac70a9811cc14609233f6e7f1f86eace3a4d5ab3313cd6cc79a0659b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
72KB

MD5
83dee6eccb3f19f29c066c1ea0464863

SHA1
76bfa1dd84c160acc2cc676bacd7908d29085193

SHA256
f48b22846ef90a865c29e8e00d9d06cf49f8938a2b3552b6a5a898a0a9c2069c

SHA512
4cf52242569885ccf1b55f00ae43a2354b43d21bc5ab1c26a53e419a26e89084c06da2e2e872f7e01a90f7ddbff2020d417e568c0b16c42970b171361e66f732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
72KB

MD5
5ad07e45886be5a086b34b2564170748

SHA1
0dd143b1f05442a19c2618f555690f9a2caf3bc8

SHA256
51a0799cab322449472b6dc10e88ade11cb2f3a59ff75c4938b52cddba446eee

SHA512
2c47d7554f6a81dcdb52e042b00fe381cd4d52042a84ef934f219b73a03cd98bf4ea0539dcce7e2b2dcf924865216d5e4a2fe557772a4a0d594732c675563aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
801B

MD5
07e2822362988df6a7a7a1324e25063d

SHA1
aaed138a7f696ee1c7fd5c896079cab87060d8ef

SHA256
457d5db1cecdf59e83dc09c40b78a3ceb04af64d6dbb2408738173072bd19ae3

SHA512
3eddddc4c5f348e42f944831ee50cd9a776bee8f96e69ca7ccbabf4983d688bb4d51524d1aed9bdfc049b811c2a33dfda196f3a82c7c10f80cb0aec6b08eb7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
372ddacdb3e40193438548d5e6d62af0

SHA1
7f2ddf0dce0d928e79b1420ace6e78e36fe4bc0a

SHA256
3253d3b24e60c5bd55e5eee3139f4273a4ab627599d5cf2c282b84b4f554a0cf

SHA512
06c8a75837dfc6fe5810e2edd4a3b7d7bc20de297d151c2f96421ff0e410f909bf2b5e40e555d886166218729e95df2427df2d955687eaa3c68a474a0c156951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0393400730a7c6f1bc7c499a585c1aab

SHA1
323229ac3ec1796b321310afcdc7b3e02252a505

SHA256
270d9ea9d0fb752fd104a2c044b519aaae3c9fd79a50210d3640f7594e5ee276

SHA512
e6d2730402958993694224fb424af5b1ba926a249086a1ac9c8afa5ea7c9766f279596eea7ce4bfa07f7710d2276a9329bda8cea5825d3d9c9ffc774b9cd6290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
5146c978a769e52686b7a4db2e14bdb5

SHA1
6f971551c79477f54ab3b1ff9edf80afe1cf5e13

SHA256
51d037a09a0b7418031b937be27930179b871ae3ce05630f6ca32e7d8c5288b6

SHA512
06ccf7db7e0a108bb1fbd0a44e2c2d4093f2dff085516115fc7e16b801c901ed17dcc84a14c04dfeef0ce73830f6d9a54e3af165f93fda05ed237003a036e0ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
78904a5bcace31d0b6404a56acf78bed

SHA1
6c0d4bf5c165ebc1f14763330d23e85aa0a354ae

SHA256
0199b8af5d05c3c879b0829272c404496f3d1e538d6da92637e280e2e7716792

SHA512
d67660bd72752e7fc0392ce51d1326878d6794963f0d4a2d39b479cc17e7ef2ebc4ecb6266bee5ac7e744672393272482f729424f51c55753d8c0cda3bfebec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
210e0a0b4a5a7e72614a8be59c4a6f19

SHA1
6dec987590df7f5fd22b66b28c4ba31574210408

SHA256
6c0ced3e9c0a7b4750516d14adc0beb8e2dc7da41e875204a48663bf82f86aa7

SHA512
76790c470711e64be090f4cc1a3ed87a08118083fa3e9dc7ced8e1664bd9ba055f38b68d8f0baf18561e028d4ce1dfffb54551f8053a2f2143b2b656f7ffeb26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
d06a2eec0145fe602a544ab0aa59215b

SHA1
16b404623cc0f70ab4434c354b05e9583f5fe4ab

SHA256
8b9b1fd6c6396b7554b5f28912ebcc012f05206f4bb266599898deb4804fe474

SHA512
0e37be6c78d2dea4634d7aa505cd36974d986c56474df7c8b54c2bda70004e6902c63bef1ef61a32ba84db4c9bb3b5ecc25b9f448a1919e5e0b06fe8723927a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
49824f61c0f4bcce88cb424a0ac01f5d

SHA1
c944e5751e6eb8ca943ed3f8ef6560fe6079017d

SHA256
45cb3825995eff3d449c31371b13d5d61eb402f43768100361be7b211c29faa9

SHA512
2d5a037093f43d0a48a504240715b02e5e1fd09ef62442c67c0f682445c5f9dfd26703e3f6caab8b2bb73873e10dd5c0b535cec7fd6e3ab41749697cd9437149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4edcc4c303164b73a8677f04f26ba63c

SHA1
edf5cf9c585d6060514ea494f91072346cfad8f3

SHA256
b00bbdbef48f4d1f9bb63e3b8fc52697b3771dec463c42aa7056f4527b659c05

SHA512
e13ecd6159441957f58b007eda2dcba96f60d378b590ef42915242ff900de999a79eca7407e50dd17ea9d605293237de781fd2d030b08fc51b41c1f4010f8f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a122.TMP

Filesize
370B

MD5
ac607ae7c6bfc4910219909d42f78f55

SHA1
01f451e290aec407210f71db5f6d445336843645

SHA256
c8614c22f055597e7a2df1451925a58b35418b7035581a6ce2878829430a21af

SHA512
6cf5108be06b067aba8ed760783bcd6a8082fbbc59f66d7a2fbcfe81346575becaf8da44e03616c011baa68a9a916ad31964ec9cad9296ea6564a7f5dc0ff31b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08a3433cb18aa6ab9179c5a28716e3ce

SHA1
74afe47646e181fc5c45557978494dafdf123e10

SHA256
a9de9ddab937bdbe7a29cd4e18f652fbd209c53e896f7fcfb6a3bb00a6751441

SHA512
0550daa6bc5dcd5776d5aaee9b00132d606422dc61653bec9ce45187eeab04f3350f7475a10e6e502dc0dd92a78c78ce6dff5164f6449b5d1b8e6217ac77a474

Download Submit