5d084b1492035b1cb020f984570116999fe2b62b794d1d53c76cc26eb5f2ab7f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

382e69c1b5df187d2bf15f21c79c62e6_JaffaCakes118.html
Size

67KB
MD5

382e69c1b5df187d2bf15f21c79c62e6
SHA1

1a8ce6f2e59bbbf5bae8a45217954b829cd0d471
SHA256

5d084b1492035b1cb020f984570116999fe2b62b794d1d53c76cc26eb5f2ab7f
SHA512

05b63b7d50523107d31f34ef0f0f83bfd865b55541611a31de9640f61618bfc3af15ef0c1c3b2c6fe532f20488b9131c7a7b83fcf2cad7deccf0acfc8c341a79
SSDEEP

1536:oDcbF/jE8NNQJ03WJfl3p7e8CqwcKfwGDG4wciU/QXW/6P6vWLlB:hjEqYNp7e8CqwcKfwGK4wx4QXW/6P6vg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
2848	msedge.exe
2848	msedge.exe
4864	identity_helper.exe
4864	identity_helper.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 3464	2848	msedge.exe	83
PID 2848 wrote to memory of 3464	2848	msedge.exe	83
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 3360	2848	msedge.exe	84
PID 2848 wrote to memory of 4428	2848	msedge.exe	85
PID 2848 wrote to memory of 4428	2848	msedge.exe	85
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86
PID 2848 wrote to memory of 3660	2848	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\382e69c1b5df187d2bf15f21c79c62e6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98a7a46f8,0x7ff98a7a4708,0x7ff98a7a4718
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2328 /prefetch:2
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1328 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2320,8501979733421153594,12963331705926517183,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
548B

MD5
b63c0b21bc4b3786c392780f2fc87796

SHA1
d52f56df222de6c748402ac55c0a282cf950b711

SHA256
03bf9a40eb0e377a4476323b2f1d9e9ed32cdecab4d17de41d6e52db5811bec8

SHA512
75ee5ef7ae5a7ccf8cad55256c4e7fcfc61668e84d268cd32a888214d4367a0965e721c188166e794e69903d7c7244651b1d4eb66480ca1a62da0b7d934d4a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3120dbde84aa5845b9975fe840a78dd

SHA1
09d59763c69ad0ec7b31cfe223f8ad4dbb4fe04d

SHA256
1a10a321264d67b5c16bf047588815fc44af67ebde75131ead7959bf3075fc62

SHA512
7716d9e531e3f80ecdb71510ec73cc8ad7862ab82995adad763d993f6f85e1de6ed10b395a84007fa65ac8ce331740607b2418401140ee607299cd53b84974b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46d7d92257becaf319c90e06cbd92566

SHA1
ab3b3dca350aae16d5840d4908064908874a1f19

SHA256
1b9af4f7f2add6e03eff05db4406a3781737429e342d9e4e86c10c17018f6f13

SHA512
d054277dbb975b86f742cfe64bf5015205c5f0e573d7abf00abde31fc709170d63c385eb516ec81f6050edf36dc280eb51505b09bda877f9b3165148b4951f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39ccfc32b14cd40c0eb86d4edf18ab4e

SHA1
4631aba088a2d9693319d685790df3af36335422

SHA256
18112d22d478df880ff111feb0e936159b062bd18d57ad0d64be245717cfc3c9

SHA512
d404f1fd14b28823c55caa9cb3ba364d82aecddef579af06cb359caba9fead406a3f83be52887da469a6edc23f6e5e990ce1e0b55d7d7e23b775bfb4223b3052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
eb6413965f94c4cb434893f4c3a97227

SHA1
e6bf0f7a649d57174140a52cb2be36c3b54e2caa

SHA256
2794a54a2cc1ec8d7d92f88aa5b6db8b01625f2f107e916d7eb97c16b12df4f6

SHA512
7280078456f913caad74cb52785efd05e588a8aab5372d172da04454b6730f26e6781734018e93899d663485bca94ba974bfcf9ad3eefb6bfc85785e65e6e759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
930cc2ad531e40a90f484cb5b4e69c04

SHA1
270f5641ee0112563a4bd0c9dc8dea397a384e76

SHA256
caa580581dd457c89156a25309172f271c8a6a935a91657e191a0a4b10aaeacc

SHA512
7516dce8c7e4e8ce068230e033a714cf668bdb905909a4f7983838f171c8f8905b4d7431b5842f2d6b643c31db1c2549e9c16c3351a26a0a6564b5b673368153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d901b6e1d447b3c9bd2fe2e2a587fcb2

SHA1
03ca2d677d9edc9a83c72b1047900dad73c995e1

SHA256
f39a03d443d171ff1ebf91d35da3cf01a15dd33bda3d68f5d894898734edee8e

SHA512
8199e151f7c4967422a0739897d39a08cbe0ec16bdc1c608e308e7d53e9852a0991e615f05bedf73ea15351a276b1ccfbe0b801f3286cbd396864bcc12c7d8b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
23111bb7ea08b6ec869d987780a4aa16

SHA1
446779f6fcc3ebbc1bc2a78f453e65d35b57af43

SHA256
d50c42056272120e7cf316ab9b95e847b8f5241e5b8680bbe69c7f0fbf16462b

SHA512
39087040689174f74f8e8966bfddfe4ab95b37846e1197ed67ff2da00b494f0008a7e2b56ea681e1ab46fe754a1d65f4db876aa0f7ec7cca2b2a21e87905841a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
f4c3d417f0033721e93f90c6da1d25bc

SHA1
c3a6624ab5d622bea7ce22cdea86ff4736552c9f

SHA256
d6a7c57cb5d710d73cc3421b59bf6dcdb4c2e19bb7f679d0493ffe9b5b7a2c11

SHA512
9cab5cb521d892cd23dacb5a7017c2d0c0ec986d54507924b0cdc520802d52df9254c9e8a37cf2bde9fe55740c985a352908a41dc742084bb361175c2103c29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e11c65987ccfb357d9f6c01791bdd67b

SHA1
129c6f62d8b4c0e0d7d5648c18287fbb4262d8b6

SHA256
5ccfd98f44150d08bc2b7d6cc9a6aa062ad0ac8e4a5edf9d7133c8c43d2839c9

SHA512
e7b484bc83166aabe7571b0e8f4cca4c2d74977aa0d11b818af0e5958db69e999110e30e299c39613fdcc298eac706790a1e187b0d93974058901dd170e5475e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5816ee.TMP

Filesize
203B

MD5
16d3d87ee04209cbe611684d4ee5d473

SHA1
8856925b6d254840fe658a68260dc293ff85b1fe

SHA256
bf1550a3cf82f0c40138df230cbbf033784419903e13637037fb0ce05882c61b

SHA512
c2200e94b1dc45f4feaf09b253b827d9099352e1f1737527d434808f55632f45d974d58bf0cf71a0ca7d5c0064999f729d4a51c8236af48447165dfa53dd9e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
093e6fc53afc025a54213df41083380c

SHA1
96a967e989374d88f3c22f490acaa74b6b6c03a9

SHA256
e5fc17bee38fb1e2afe5cef6ecb1a1aaa0e7996616237a4d7ae506a6f3a288e6

SHA512
5696b07617380ffbd16effba7083c0f55c154e55b1647750912bf5df3c881d41ce7df3f4a7fb47bfcc4c4c921adefe1984a3fe31b7cf5c8203a22db9ac0f3583

Download Submit