4866588169ec206f9464ac94e9a7dec8c1ad2e8f816ebdbeb43be84f6ece0c02

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29e21c4200a8be715894bf647d5b1a3a_JaffaCakes118.html
Size

110KB
MD5

29e21c4200a8be715894bf647d5b1a3a
SHA1

d6144bb7c36bc03b17344c96208dd76ea8e0200e
SHA256

4866588169ec206f9464ac94e9a7dec8c1ad2e8f816ebdbeb43be84f6ece0c02
SHA512

502f9f27375445bb221ca7ab8056ae88c8ecbf8e7bb62d33b821db7a81d418dd5aa3c203b018f065876f1eec71ed270762405bde19f02a9fc82a97bbe26cbf4e
SSDEEP

1536:hBeBoPGNWNpcoESRxxCeeb5Ev1O8ViFOKAivjQHTQ53BGfjJjOYGYxlkFKx9f1oa:hJi2ptJiZ1bYxlkgoux

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
3688	msedge.exe
3688	msedge.exe
1640	identity_helper.exe
1640	identity_helper.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 3240	3688	msedge.exe	83
PID 3688 wrote to memory of 3240	3688	msedge.exe	83
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2872	3688	msedge.exe	86
PID 3688 wrote to memory of 2456	3688	msedge.exe	87
PID 3688 wrote to memory of 2456	3688	msedge.exe	87
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88
PID 3688 wrote to memory of 440	3688	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\29e21c4200a8be715894bf647d5b1a3a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8080346f8,0x7ff808034708,0x7ff808034718
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1332 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,200997637324497463,2928337461728701323,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e81c757cdb64c4fd5c91e6ade1a16308

SHA1
19dc7ff5e8551a2b08874131d962b697bb84ad9b

SHA256
82141d451d07bdb68991f33c59129214dd6d3d10158aeb7a1dc81efbc5fb12b3

SHA512
ba8de0b3b04fec5a96d361459dde0941b1b70f5be231fdec94806efa3ecf1e8faf8e27b1800fa606dc4a82e29d4cf5109b94109e5ad242ddf9f4671e2acbcfbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e57ec8bd99545e47a55d581964d0549

SHA1
bd7055ea7df7696298a94dedfc91136e3b530db8

SHA256
a50ba35608edc2f3360cc71be0d4b29bba0e3382d1f08f24df5322ce2ad2443c

SHA512
6b9b73d983c472149629c842e16e4f7c2f8a0a3bb6dd64837ef647db810ef1beb3a02b15dc1eec2c5de8aee6b3ca195c7d26c432705061c5b0ec7841a5bbf106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
f9d3b8f0ff7b3e0e1b9a5a412d7a11ee

SHA1
e2309ab4826fae8f4677489f346c9efa362a76b5

SHA256
4574c67aa000e30bebd3d620c01f32a20a15b4b1b616a90b65c40eea3c27bca9

SHA512
8566a896d3544c71db08fb8310eb5d9cd13fcf742857078ca2a659992be7662f102f952dca228ef6027eed41600f0ed78252fe6ba7c80f9b6d1de208ef9c00bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c9beb468b3ca6111ad4aaaddc905378b

SHA1
ca830cd9b26c387eb18e3f13f25cf3038f12ac71

SHA256
660d47cf6bb1eee547aa470491f3b96e0734bee2af7de28336eb200900d95f7c

SHA512
98c53f133a01b32b6052965bb990147f7b0537531c24f84bc4926c06d0333cc450292b3070cb54390d725bbad8556bdb57c04ae7949527fa40f754c26101a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f927d76ab7354705b5ef3fdfc18d3f93

SHA1
c1a3e0a2d09958e8a5c5ef309b50111be7eda92f

SHA256
2193fc07f19c2f73ce88df84258583aad418c5414ee2d69572e4b0f0d4a07c2a

SHA512
ca914d0b258ef19c8fd0180be76e429fed15c65ae4d94005efa43afb4b97a92f4f31b069a12e57fb1d534a546a5a8c3cdeb6d3d8cb63a1707524c5bb39070257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fc11283670f171cb53bd347a5f46bb7b

SHA1
eb4070334df59a6a2963053147f9f6a96af792db

SHA256
351a2b4ee943b2d866e4fe851827c10202160e89a890414eb237e7a1a9e12a7e

SHA512
2c426042c483efabe9990297d8852a56e414377e5797d106187b4c0a8ac4158d4a3cdea8c311631a10a15406c49154a60feffccaa0120b7f40113d6beec8b910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49aee2592d350db3da8d757a3e84292a

SHA1
531c31895db1d1d9ee1c05d258889953961d4e4c

SHA256
6d45c33e763a40c62a6599caf972f03690ec08986b24b67c48be6b8ad25b9a1a

SHA512
d6ccd4baacc2af6cd36d295c388085cfb40111bd9ff2bce5cd016c7a2d9b56bbe057b09a0999bd866896deb97ac29a70e7ef9ccba7772e28a13bfea94b23b753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4ab59955b91a0ba33c3265ff6129458d

SHA1
49ae34fc5fc8a04f415d24c98eee9522fda4c07c

SHA256
b4ddcccb327faeae3a04e1e82a73c716cd07284a360e003988966c2d41eb583b

SHA512
4cc4900933468d6a5e295236d67f4100747ba5f8cd57bb2d598e2829876694919d24c69315a7e0f95db87ac739c449cf2d5e4b1424118dfeb13cf70b7ffc62ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74b76e8c0fadb59f3cbc4c524c141ce5

SHA1
fa2a59b08a4692d0f456cd43aefa87dbe1a6fb37

SHA256
26beffa5877e1b4901b297b5a8a3a37ebd86e252940bd161e637a4bd3095a4a1

SHA512
5d0225c4dbf11c49e4ff673646987b969ba104d3578e88442b8598d515ae21974c48932a748b1a99c914a4e27ae19fec008395eb6fe88b5fbaba1185622cd772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
abbcefd64bae99266ca2b38d0a3837db

SHA1
5722c9f030bf362adc60b1f7ffd3aa22ae8fa3d2

SHA256
f9770aea85ddae0e4731371caaa6be7b9a2c5382800aee2fac348adf741152d7

SHA512
1d17c0a0ada56627196e1a13ca200fc62307bbd694309b312aea6cfa71672e651b198cfd214317558d90581c889de69dc033e1f50ada734ee3e1fdfca0e72fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591a45.TMP

Filesize
204B

MD5
7e3c158953d64aa9e5f7c5c6e066e09a

SHA1
f02d1ccaf72c12f91dbf0d7a385f397110112301

SHA256
698efee05b9fd765e5fb5eb3c5a5311e88e9c7c8581a64708701deda8450f649

SHA512
6d1d02d0cfb976370422f26c02df4055d41e3a335776f199214eed2aa304d20de6be54c4d83323de281fa0500c3490d99ff2aa6e9fbb107507775b6c0ffd578f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c8252e36-7ea9-4774-a213-a1b479fe342e.tmp

Filesize
11KB

MD5
16fc4030484a3ab8bce4aa7930d7ef97

SHA1
32eabd59f302b4219484f9dc76cdc79ebebe15a9

SHA256
37a88ac420b4770ef85a097dd62b4ab85c30e0e538762a6fef0190f27c302a90

SHA512
b5d87f42a0471293ba8dba4c32b73dc235e68c7f617fcf3fe51176bd50b0581ad49fe37d0ab9fe78e5712ceed089fd6e0ac1fcf5e89509f4b71fa1538babfb54

Download Submit