8533ad3aa696c81b1fe943b80ee686894f3e225eb9f3c8e566cf11a304b77c7e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7822f2bf67c65458b6cc4e47192504dd_JaffaCakes118.html
Size

547KB
MD5

7822f2bf67c65458b6cc4e47192504dd
SHA1

ff0b04580c03a85ed72791d95b5729b9e0da61ad
SHA256

8533ad3aa696c81b1fe943b80ee686894f3e225eb9f3c8e566cf11a304b77c7e
SHA512

c7725fe2e5c5ce0dbd8af515770c8c7f7ea8c027641554b6be630f53b8b38119565505574daf428784d7a73ede629b5b2b358d0c148c77e9aaf703022a07d3a6
SSDEEP

3072:VUkL5Wa8qCnCYJbiI+U3xWPP5Fbww75eg9Uj:KkEDqCCYJbiI+U3xWPP5Fbww75eD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
3088	msedge.exe
3088	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
984	identity_helper.exe
984	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe
3088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 4200	3088	msedge.exe	85
PID 3088 wrote to memory of 4200	3088	msedge.exe	85
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 3096	3088	msedge.exe	86
PID 3088 wrote to memory of 4696	3088	msedge.exe	87
PID 3088 wrote to memory of 4696	3088	msedge.exe	87
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88
PID 3088 wrote to memory of 8	3088	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7822f2bf67c65458b6cc4e47192504dd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2348 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7638183685752927634,5614520026522727263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4c115c05-90fc-4a9b-b948-3d30d41d8c75.tmp

Filesize
3KB

MD5
47108c49e64eb21adceee45843f902a4

SHA1
ed3e2bf7a5f683010043d74e5f504e7385a2cb55

SHA256
be7748e441ff9c953fddac6415c1e2b8884d2a873c9752759dc3b8fa30397599

SHA512
aad6e01604cf6513e6e50abff2670afbbfc7c0271c67e175bfdbabc7e91531e9e3293cc577dd3f81ba00a22a894c8d203716005044d67322804fc724d445c043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
bda251234033d42619ebf88e572449df

SHA1
a446e87534b52c3fc3e2d9fa1fde4da347df8771

SHA256
454311f338911068578fb2e212e13e1f50d81684856616e6116f4513a650f8d1

SHA512
04512b79c17874032f522f31363fc53448826d67086127fc951e1500d50667520f7617597a0d6d342f31779998eddb88df6f4a7199cc6996b273f35ec0ab4969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ec092c6e1ad252974afb8098b77d7151

SHA1
88139de559f031c400ed1865ee6049313579dc3f

SHA256
ba49fd88907955aab6232e1c87bc86aace5bd4a66867ff1a810b23064ca5a201

SHA512
27ebd5c5a77e2d94c28248906da8a2eaa4ad78e557abd244cc87f86bd80bf68403573332f4e11a8d43374d5b9e29f4381204881dfc0957ed246479cc0160f987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d79e7c7e284625815e6e6f5eccf30cc5

SHA1
755eee4288e4449717d5f1e08634c115e9f188f3

SHA256
3d20fdb644b7bdc4b2feee55be88312f9caf376cb6c71c75aebfab74b445f484

SHA512
9faeb6d9df0caede024235478091681779e3d66b8d772003d2857febbca8779f48cbf40db33138efc174c01ca28d34a9b434d5f130615f9a0e15b410e0a76e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2db2f8ec2522637f101f7b1bf11ea93f

SHA1
01512ac2073aca1be5fc2a1bbe7ddaff8dec3c85

SHA256
16db3310b5e7ff71bd6e012bc3b526b76f566be0917a6358c8db7516caf111dd

SHA512
c8adce908ee47670df7bf53f35297661c6a6737850a7f4f8b82c1ce7b6368e6c0f372b5f1a30e070e87ab5146364e113a92cc6b5d45497ff1f5107ea450dc6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
8736d9f5db6a22d1ce7f1f3a925dac29

SHA1
224472b7bd45dbcd97de4ed394cfba7b8ffb9168

SHA256
fbb7e015b9d5eb5924dc03946279700e95933f7f82a479ddeaa0fd9c995acd83

SHA512
14fba99b5be0d7097a815dd933441ce358179311aafe5695dfaf3c130d9943acc4e2d47fc8498b2034e500086b1278740dc0849594acb2c0e68b390f4f842d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e6f5.TMP

Filesize
204B

MD5
b3f7a087b0f195d2d42a775fb356b894

SHA1
eee9518ff8b2e4be7ebb8df7f490000df6d6c563

SHA256
a1b0c8f35313ca95aeedcaeae9ff1ecca2523569581fdb0fc7b6b0593f541d5c

SHA512
42aad4897214a79bc30f0277fbe17bdac0392218436cebc5c83913fb3c7159971a3f90111c2567065a12fb01dab882758960db9f66f0438b487ece4aa77b9d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
feef801f2cda4892cf2e4b634e53ca20

SHA1
16b0444b60900b0e77898e4d10f3e40b4f7649e9

SHA256
4e0d434adf6ff1b86ff2ec6c671a213bcf7eed670c86be26feecc5789a162c0c

SHA512
de06b4f447f30e6db29301ec781f66c868c6664617c78cfd074e03e76cfaf8e4e83d92659508ca741d7558ca79ede79fd008eb3e9cf4edfc3dae2aa94515b230

Download Submit