f3ce3ec9cb5923f0d49281bcb0000058b51e646a23bcbeff51b2eeaa126fc209

Analysis

max time kernel
148s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8299e87147fc72cb5d9843d451c0e4bb_JaffaCakes118.html
Size

62KB
MD5

8299e87147fc72cb5d9843d451c0e4bb
SHA1

1e4d48bfd077eb327465127458c29ff170981b16
SHA256

f3ce3ec9cb5923f0d49281bcb0000058b51e646a23bcbeff51b2eeaa126fc209
SHA512

d6b2ed581cd07e99cc87a8bcd308e5d684192d223461a86b7665fc99551e2d64f5527e58f1591a87744f569f45fcf04d65d98e1ddfb0f924ea40a1ccb11f9fe0
SSDEEP

1536:JcPSB9EzOdAO5FnYbpM/uJItPfo3p4pBubuggZYlaN9j6p3:aXqoqo3pgubu+3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
4080	msedge.exe
4080	msedge.exe
1784	identity_helper.exe
1784	identity_helper.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 4032	4080	msedge.exe	80
PID 4080 wrote to memory of 4032	4080	msedge.exe	80
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 4072	4080	msedge.exe	81
PID 4080 wrote to memory of 5108	4080	msedge.exe	82
PID 4080 wrote to memory of 5108	4080	msedge.exe	82
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83
PID 4080 wrote to memory of 4376	4080	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8299e87147fc72cb5d9843d451c0e4bb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff936df46f8,0x7ff936df4708,0x7ff936df4718
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4495929420010654947,2042862848122186132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\55c81588-193a-45f5-a0a6-bef123d2aa41.tmp

Filesize
5KB

MD5
a178fe04089bcc95d3ae87ff98b778db

SHA1
bc09836a240cc8cd401e1130a466a7e288c43be6

SHA256
32a4e90a63210c514ace5704a1eab23802c2f62602c6ffa3aaabbb190cbb3a74

SHA512
2707ad5b107879994d6f56d787b57e3e3a5fcfb7d3651a8c24d02a920f2f862d3c4a4950c4c826254a4a08bf00cb3a2ff0f68fa9152facb906b4028729c8282d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
06ccea5cba05c2edb617dfee2c6c7fcc

SHA1
0f1cf46feed81f8ecedc4e0730b2010ba0b2d893

SHA256
0f9be2f781a6eaa477b3d1293b8c7bf46eaf1293658c16e20a6a1aab8b195bef

SHA512
6211b93a26a0acedaef9706b0cfa8d1d4751fb8c281193dcc83963587e1cb6e12f81212d2f6b0762b72427f20efcba00839ed8a6e5f2bfa7dd16def96a7bedd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
39215d429acf64b386f21e62efa4e00e

SHA1
30d6aec5bbd0e96cb1a0308233c3fbcbdee20705

SHA256
63b2967ecada488da1e319e029b8b5b1feca774d4172980acd53c36c12daf8f8

SHA512
6babde4e5e3dd3415c3a2c3badf006ec846e7c38939c831ba495c1c1fe9f937856bf8a2a7199abae5ff1f5724fb68700567c7fda28634a1c8650873b4d5c627e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
896f33f5c374550b6e74c37b8895cfb6

SHA1
0af5fc2f4280713f86502dc02bc562c13dc4f829

SHA256
98dd97c963a775738b29140e84defec14160a99c097fc3e4c06b641bfbba32e5

SHA512
cc2d663981f3c029af1cab9f06bfa30431e0ce3a2b187ea543b6a601c320bde7b1a29bc3e534beb5b488cf098c1e3456ad13862b6f2d387145b0e0b3473e0b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
716aff4c0512fb2dc60534bf748273ab

SHA1
136c76a77521de97c553c42d77a53545311cb21a

SHA256
ada9c75260096979b3314ca8f09b5e99a0a4842d03609a5776d41ba2db20aa5b

SHA512
4125d6d97276263d6af700ca551e75a2a2912fede523fc46f3182afab6fdb2ede92f2015069603d4998dea3bad1fe848131fcbeb0a45ebac90a6f465993d12d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8396dbd2161ac72848178faf1d3fc8f0

SHA1
b6805d99c83a00c4df73160f38446330bb6a21eb

SHA256
f3742b1bf154e6cba151f2153b26c091248b9ee960c5cf02b2f8622accae539c

SHA512
bc51a0d5d4e16a29aafca5bbc2b3d8d44e98d97184f58c2433dcf9e4b13b3fb176a58885bfccbbf9e0143605e6e62b93165fb5fd130d2f31ea6973b6fd115d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
2278434b5dbc389bf2dcfe2f0d25ef7b

SHA1
2adf125f82e6e3a48705a3f5eafd7be0a45e13c5

SHA256
a44f03a8a92044498745999d38dbfa72b8ba1d9a4986e94b3d02d94172bdf3cf

SHA512
b33dbea1274156c65d5312a541c7a0268496dd884decc75b869ed0cb6508f7039d8c6bea982ffb42bace4015fbd1184d9b02b6d861c6124368be0cc192188510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b3b0.TMP

Filesize
372B

MD5
57603ef209c4f878d9a74e9d6f242c10

SHA1
617963f246eaf0083852c588900922f61178f75b

SHA256
5ce5ceea20644b68be26c5258ca038386e6a73d67e7792f7ab6bb9e407aea184

SHA512
4cf20521043c2bd3037504248bfa9640aecd214c25b2dd7d7572eef3354d242f018b56a72ad8cae53a7a4c59f1bfb857f62f9b02a1b1f72531d3c0abef94bee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1cbc13c2122f7d24924024f47d976d56

SHA1
33d6d85b9fda2dbaa8af70107313d855e9513f71

SHA256
4e212e4754b689b9b797cfa6e73a74b21ec22ddb22ce400d05d9f9c86bdd6897

SHA512
0e06e10b057d60765f31a85786413beff9c0791799965fe602fc1a7ff91f2efeabac99861cd46109b1d2a10b0c0cef00073d51b855ca1c6a5fbff99617b43add

Download Submit