8206fb06ab2837a77071f5a3bb8ae945331f7a87d7bd4f8c1b5ab8429ef035b0

Analysis

max time kernel
147s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 03:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a7e551b18566d7ee77b4092e43c1bf25_JaffaCakes118.html
Size

105KB
MD5

a7e551b18566d7ee77b4092e43c1bf25
SHA1

dbcde9eb5e3660d637e3671ba533eaf6034ca8f8
SHA256

8206fb06ab2837a77071f5a3bb8ae945331f7a87d7bd4f8c1b5ab8429ef035b0
SHA512

f1bf13fcf15cd876981e6a8e4b218708645ef0f94afcf7fc4a1d618e779cab4df56313f83b178b9721ea807ff50783104871d6c6bbbcc3de20d51b950647eec0
SSDEEP

1536:/50TOaPwdnYiBUVB8adefXoo98yEEpzsQJxF/6rSEBTn+DtcZQ:/5zY/VLdmX8yfxFy5Itca

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1868	msedge.exe
1868	msedge.exe
5100	msedge.exe
5100	msedge.exe
4004	identity_helper.exe
4004	identity_helper.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe
3160	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 4852	5100	msedge.exe	81
PID 5100 wrote to memory of 4852	5100	msedge.exe	81
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 2604	5100	msedge.exe	82
PID 5100 wrote to memory of 1868	5100	msedge.exe	83
PID 5100 wrote to memory of 1868	5100	msedge.exe	83
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84
PID 5100 wrote to memory of 4020	5100	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a7e551b18566d7ee77b4092e43c1bf25_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16272726379626964676,14988579967223975699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1c2e23c3-880f-4d37-aa17-08e73b0c1643.tmp

Filesize
539B

MD5
60a59cc0b0e720b938dc9f7d7d5227e7

SHA1
072965532ac6ae20ed187e0fb2a00e00c27c6680

SHA256
7f694424cf2492e60b3dc02d1ef7888977175f14a51fab00c42d3ba443787314

SHA512
6fc59e5c596afa72148dfbf684c9ffe3863fa017f98f9c1951cc43239423c00ddfd052c83e8af5a3ef762bd4ca82edf9beb78996c0fb0076c23bb3f8b1dda42e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
772d65df059909e8e0c104bee497d546

SHA1
79d4ee5a777bd754f53c120d53496284947834ac

SHA256
48c0d03faddaddd76901a66b76d25fbea52a7ef35183de7bab4ade9c40c60f52

SHA512
60686c51340f36d2d9409c71a1ab1cf113945650ee0fc4550ee3a1364812638407353aecabfa512ab48a0a84ebb3a77e0d8366891e81c4f044e21ebf905fbf64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
727a1ee48e897dfe012f4f6c48bc692a

SHA1
a13c0f6cb320091271aa6f70329e73120a1c06e9

SHA256
346798584390a1941de427a8b90abf4ab1cf6429164557cd15f01b4c0750080d

SHA512
9e18982655fa81dd441960ad02c1a6ae1d44949836dc3b0de63eb38343a9d1fc9604335c519105d07e383cfdbb5b589150aa981923b27a5f1288716fcc6d5278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc9eeba86f72fbf1329e708b3120fe88

SHA1
fd4e26049484142ea728d2db7ffc979ff3d5975b

SHA256
490dc81d55d2784191c82c550d53835c08548334ad8cb2a1c2468d0bb01f0419

SHA512
0cd653c6fcf36b965996419dc88c0dbe3d2c40e20fd281993f32f9a8297d0650e67fd9fa8334e6c64968124ef93e8d44897565a2e725c8fc57d7bcf5b8b310db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2aa35c41025ee9b6be065d34c529a7f2

SHA1
42be3d0b941f22a95005940650c4f1cf81614f6a

SHA256
79f02add546834a6656bc21df8cd322f60599be27c2850dc015360a9baecef69

SHA512
450006d8e1fd8cc83ff98903270af71dbbd5f93033f22cc8f235b73411a0113a376cfd20ee26589f638bb490d5f65995a968ac89762fcbf51201b4dc4d85b261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
27b2bde489744b259b01c76c5773737e

SHA1
dea81a943c4ddcb3d83b384a73e0698e9f917d48

SHA256
89095d784d564f16c0d74df8bc69c5d27d459170811ae5e78df69b0d56665b95

SHA512
0c202ce292bf5a987eef1dbb9b98a19eff7fa1fa881e53ff96b3cd9de461abe08e4397722b4ff365032419759583db2f4b30a475eabbae8ea3206786afc27a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
649aefe56a7adeb8f54848ee39e6b138

SHA1
f79dde9b4a0d8e70c6c55092a4dbbe9ff0e21921

SHA256
ec88249a1b311e77c7e7d10d917d0690fc472522f02aa6627fa56c37d8c74d64

SHA512
e153e4ac3b49849308571914da8fd251e1690f53957f707426e2fc020d9711f267ee1930bbda8f45f7aa4ad80770bdeff2464793d1ac3175ea0c3e231819a849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
3aabaabd206bf81a297257cac648ebcd

SHA1
3c23ac651cc3161a6d10cc50f6309f6f4b07e3df

SHA256
4e156bef5e37ac4266688c22c90559dfe9917cfe9b4de923d5758d9625d7d8c2

SHA512
0862ba7647ac5150d7a3332c47a4f6f541863094db058d014de1edd37cc3dbf4fd1384dcaff271280ceb5051d7b43445af3a882d27d30a1d724326535749bb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
eb8e54b443a5e6b7e2f06d13260710e7

SHA1
a8c0ce6320c42c3d853654172c9b54b072fb3a0a

SHA256
92f4714e1f4876b4af4623337afd671190f5f0acb90bc4d39c76fcfbcf9d66d3

SHA512
6900330b7d6ee8ba2a2b83578caddfab4d6469647cfab6bf52af28c08745db5c609c81700c75282b316f4bb0f63de322601ffa3a028d06579c4fcb61112358c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
4fe742307e10bffab921712f23ee51eb

SHA1
ff5444d30707ccdd7d06e1204189a2da8806a2e0

SHA256
496b4db1f35bb041666d41907a4f8c978e52eca9b75b12e548c744536c168189

SHA512
7acb2d478a468240f9a2ebb2b3e0eee5f30b21d4fec31e4dc58bfac4a10b66376afbb281ad992dfa60a402ad11fe4432870e809c675092a2e0fc9ef37fc07ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
c2f96853a1e0aa3402afccee64ab64c7

SHA1
b20669482a3e31a56101c89aa92ebaeab10dea27

SHA256
7553fd4ab3c345b47c0936814b3cd5cb9e38a8e4f038b8bd0bf814ef8d801192

SHA512
6e381b78cd42eb54d9a4ed9e670be7f8e5ba44692e63871806891a393906b36d5bb2108d10873e0ce4202feb11774d0f057096f2d14e5ebaf3fc1ece085d7c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad28.TMP

Filesize
539B

MD5
abad35fd86fea09c4df37d57bb4fd2d8

SHA1
31debd959dc95ba2b21731d982daad34eecd75d7

SHA256
ea1da61ebc03306771451aa7713565125d009bdca7fad8b9f28cc00aece3187e

SHA512
a055a3f08bd6b5f5030871817c6aecedbfc4929c465968af06825544aeb88f5423496c69dfe8b2e98e5b8cb7fd057cd7a64d64b3f087017b6d6ac72811c1641d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a0f03abe-bd78-411f-bab5-50b21c0e5bf5.tmp

Filesize
539B

MD5
ba44b9a1e2df05ac268b4367e02d2863

SHA1
e536a3c8e33b1aef26df39c56911f3acf20db148

SHA256
f874b18389103e8b9c856b155b6edab68fc0235f42426e2b87f9e26e91b9a571

SHA512
1de82fe7f3baf08706d1889751e08df51f95deddb7890abb8f16b1810e39ca9912497488dafff3171d7b51df5d52576cec823a25a42d33e1ea9af292f8d48ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ad46232b5e30a110ad826105478e8119

SHA1
9150a5611f56563367b7633cde5e96b21774dfa3

SHA256
99f9a26a3871425dba0211ef9bac94ad2f52df7838392f04a1e2fc4e928209a1

SHA512
1e7fbfea38067c9c81896774f70ab3a03617ed24f4e74a909ed2cca0b23476ab634bfa60b011db61171f4c3700a18eae5f1f9b0ab3b427e89c186198c905bf75

Download Submit