13af7acc2565b925eff048faeef6d0adf22c9feba83bffbc1aeaf3e4182f2159

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97610ed699c952b74c01df8fae9d0db7_JaffaCakes118.html
Size

279KB
MD5

97610ed699c952b74c01df8fae9d0db7
SHA1

c4acec9f564d3f3990091980508fde2257bfb2b1
SHA256

13af7acc2565b925eff048faeef6d0adf22c9feba83bffbc1aeaf3e4182f2159
SHA512

d58873d6ddfaa1eca88c07d1f282876e5d89cc6fc73f8e11cc01b2731fca36464c880f42aa5566f5e2a46dae9e69b717a47ac9a8a34bbaf41906c41d46106f11
SSDEEP

3072:82+vLY6o/6pqrhjc8cUxV0HIQqiHkueFMg:eS/6QbT0HIQqGk7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5100	msedge.exe
5100	msedge.exe
1396	msedge.exe
1396	msedge.exe
2144	identity_helper.exe
2144	identity_helper.exe
2804	msedge.exe
2804	msedge.exe
2804	msedge.exe
2804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 2736	1396	msedge.exe	84
PID 1396 wrote to memory of 2736	1396	msedge.exe	84
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 1720	1396	msedge.exe	85
PID 1396 wrote to memory of 5100	1396	msedge.exe	86
PID 1396 wrote to memory of 5100	1396	msedge.exe	86
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87
PID 1396 wrote to memory of 2856	1396	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\97610ed699c952b74c01df8fae9d0db7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9b7b46f8,0x7ffa9b7b4708,0x7ffa9b7b4718
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2616 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14444357830630501138,10224348670182620178,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6837505dae817f02bbb549d3910f76ec

SHA1
4bead1243a3ed4ba876f30031d11b7fcd4052b84

SHA256
997f7c6bb1805cb785d5c0ce131c8cb2362e6dc77efb38c3980f69b7a789a649

SHA512
4382a76e27e70b6ecc05c14e9a1b915e36ca661cb868042b28d59a7d807ae1ba069aa0e734648225dee2b6dc33626f58ee24df1cc451217fa093f46d5df616d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e15f9acde9d56006be268b4025f94b5b

SHA1
5d36b646b34f0a1d08b6020f12e548db96865906

SHA256
045480199f3befc5d2eee18f84e92cc5bf8881b76ac168085a987878da798e0c

SHA512
22d43f812391c9fafde0a4e247212e491765e8f049eb56d692f248623b7a52044ceab8e6977675c343d502b460666bd72a4ea970f9aaa7a6b8a6c3a880bcc255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1dec5cdca069077784dc69da78da6f36

SHA1
c97d97318ba0da4b8cef88918c168824d763d169

SHA256
ced89b54c7343753f928166c81a4e226905f80644fb7a71a2f074de1aa7c1ed9

SHA512
c88e05475e644ad636fad1efd07d3327c7a0434dbedb2c084b981b516e15547cf44bd3a6467f374749870feb2d874817b3aaf18a9a343f1e749300d3a3924965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
87999caf9de38f51cd961fb01880c4b9

SHA1
d747025afcf0a8ae8f7b46fe4930e141a19701e3

SHA256
c5d84b597f3d9a14a21b75e47d6f955b0c6429b5531a4d30ceb84eeeebc02c3d

SHA512
8a98a06ddd1c98c169f8df30791476d819ba9493cf5089f661f4eeeeef55f755aceb1f86e573ee70a3a233d24df95e8512a1dc805158d4f61c2c870acf13ec1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5106c25ca05521e59c8c8b3c8f7f01c

SHA1
0ce83517e53a65ac7b0fc2e2a1a3fc95bf29eaec

SHA256
752797dcef32c4b11454888566c38687b9f78e28ef81b9b10fb6d16dea4a6eba

SHA512
c9cf56ca065cacd25d1ae9ef81f8b036427d9e565fdfcf5236b0d89b54c1344b11f7142d5d7cd598c5b4d8a9527e21acb3cb038d62a3d2a33508e9fa9ef4f92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00fbac24747884e892b5944f95954a3e

SHA1
b15c8a098e9753f897e6a421b30ff1ba5e9cc2e6

SHA256
3438916d0533b0b38e0137e6eb97dd4e2d6041c5aa2aa5a85a59ee41942a5477

SHA512
4cd6e1507dde882c085a7de0d1670fce409a32fecd319394e0ec9da8549a08ea7573dc92186fa2509bcf0fa1ddcc97cb14290e5993cfc07c67496d9659db1d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5bc4c5581a8084a16d9ef7989d3b148b

SHA1
aff5a6c4c63b72022129fe4179490272e6a0f074

SHA256
e9c2a030765a9b95c8bb9cc6a27d8da8a0e3e4d14eb8b21f6439fd809adb5ed3

SHA512
44fa87133f847ee217826bf0c0987c9ca4c62ecb3e81b219038335148f1f3fdb6ad6cccc1745380507f44ba6d21c8b2a6604c44e17b4211a9a089dfb3f01f9e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
633c1d47a023321491da0418c83ee0ab

SHA1
8746127e75f0c52419b9a9bd32ab34263e1aadd9

SHA256
9b6bf3282eafccae639e40230abf4fed633e9d2d7893e64dd6baaf16839a0745

SHA512
500df0174b015511a56c4f65eb1aab7a6c768d1a835224ce165958996a51f0dd42c4f5b605a021374c4b3fe2fdcd8e12b9eddfa07d907c11d5cf3958698d45a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e311e8070a5db17b6cab425cdb01bd27

SHA1
ac533db7fa0902f34d02662fd029facbf4b8e8c6

SHA256
b9aaa4c71488c3a8769cee7cf502ab93813fd6df60ff2172ba8cb7e1dec86532

SHA512
87accdca84a2b2042e2c12381cd1bc0fb2d74bbb0c6a4d18f444212803ebc0b7184317df7f5fb3eac722d5d43d942dd62ee1d760f0b3fd18911df5bd04fa31c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
f72193b6b4f215a537c3f8f6b497e94d

SHA1
290e65ca21dfd7ae26909475d2255cdf93be5f04

SHA256
747bd7c1dc4c5e89fb2a62b5d6195e4076204f8690078d8f8e54c5c6a98901eb

SHA512
2f3618d50f54aa0bca973bc5aca100512ece481f6bbca7cc0747cc29006daf0a979fa7b0595164d86cfa18ed83af8648f788b76e8400a9ebec3ffe05ab3a88e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a2077be9642563b3342c83f27f54e05f

SHA1
b799df6dfbd04a2884f3f362fce9b5f1febd6d46

SHA256
5a2eeeb09ca6d3cb93c55cafb9620ffa39e2db36f4dc21fd498e210bcd1cede9

SHA512
70950c5b72c720d3f222ca66707c73efe7ecb3c05af6e40313ef4bb9ee45e6defe5033bf897c5311fb9de2e5719733aaee86ee7e86db55c151ff4c976f2d7fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
84029fd8a3be65960bc7152c5c4039bf

SHA1
84ca783f63542e8b85390237d22ba7400b9f2718

SHA256
b744ceeaffe0aeed25ad1919a2c5825c7976ba0f84b9f0076da16d5cb9eebb59

SHA512
785f5a7c09e6d4a8fdab9660c675e1ab7d5d77c25520fa93de069459307bd3bada12022c2eabc35532a27bc0d47eff151c4cd96df7b829881a850d45620f1517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581057.TMP

Filesize
372B

MD5
d59025b723e2f29003e13a485f4fe6e0

SHA1
db0aa41edb47186d040645ffc859864d7db71d4e

SHA256
fa0a8a082d884f9969f19082727f4166143c8f2087a78010cf34f9566d3a41d7

SHA512
6d00a0acc6dda1f91d2f610bfc241f1283d389744ed957b02f737e0e041731e07edcfded281f6152b6f9bb8a4c6eae4b790d4cd8ee1a566ec926b52fabc9e733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5f2c1c324dc186723eeec35580c1f44d

SHA1
89ce5778ddeea81ab79e4be00504c9e4a7527a64

SHA256
9ee43374145caada579bafbb1a6a722145589e8160c0fec586426232f9ab153f

SHA512
514e3fbaf403250e33a927aa1d59927130ff7fc0f051c61e66546c358404be59ea38f60a885319183625b52711f36ebfbf40957b59e288920b33f42a0103ba14

Download Submit