5d084945567993390188f85c5064f87e0751cbdb56e64361b7ff734b01188c69

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3d4a6a99aec5fd0e4d15239fde6d907_JaffaCakes118.html
Size

129KB
MD5

a3d4a6a99aec5fd0e4d15239fde6d907
SHA1

eb0ef46064a81a93188ff23e65127b44b3b037a1
SHA256

5d084945567993390188f85c5064f87e0751cbdb56e64361b7ff734b01188c69
SHA512

a064699ec4c53d4bfad4a7bbc7d8e36a044a475f58d175d3153ba51e3bb92dc7107bb29efb6b1a5865dacb5c79d7ccf80bc58a4405fbf24c5aec8bccbe06fc2a
SSDEEP

3072:FF+qbIrqbIVfRBuKZdHsERmOStAch7EwR9g8evb6:DrIIIv4EWAc/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3724	msedge.exe
3724	msedge.exe
4532	msedge.exe
4532	msedge.exe
412	identity_helper.exe
412	identity_helper.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe
3876	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 1088	4532	msedge.exe	84
PID 4532 wrote to memory of 1088	4532	msedge.exe	84
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 1292	4532	msedge.exe	85
PID 4532 wrote to memory of 3724	4532	msedge.exe	86
PID 4532 wrote to memory of 3724	4532	msedge.exe	86
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87
PID 4532 wrote to memory of 3484	4532	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d4a6a99aec5fd0e4d15239fde6d907_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe8dff46f8,0x7ffe8dff4708,0x7ffe8dff4718
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6268936442092813711,9326195162564198085,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b759926f0b4eed13ca72440cb7ca80aa

SHA1
ac8dfc8854b366ef14b2b12a7457d07508f13e5b

SHA256
261cd1c78203e6338619a6fa39e079e22dee77e7e1f0d08e0d00495c5f9fdfd2

SHA512
636879e71ea2f40f5c3f776c024ba44f2fb8f5488047e1cdf6e1df5ab12f600deb39915373773cd8299a549245c9dd7c6a4076ff9b975e9a15e083b3f387efd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
5e3dd464d6d1bb76fcac9466d98be691

SHA1
b726b92ead2c44f56c36d491fd0917fdc73e6dd3

SHA256
13e694a0b8938187a8605e2881580c1caa13194eb91e5de817557cddcf232ded

SHA512
793f5d4cdb57a3bac23a383e857abbad0ac2e9e28faa44735e1691e176aae061c29e48d0f8b65de9155e456d4bb0d8d55f3818d4891bf72df444496ac761a226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ff2b760bf568ac8927bc14782c78e15f

SHA1
4d3ab9db356e4b874f6cc6a0d8f4a3dbaad53c0a

SHA256
60f4b5cceb40d26bc41741d3a2da6661f2f0cfa7cd842b515a7a8fcf437932f3

SHA512
a4f5b9b1922a903d15f7020867c8b2f51efa9395e151e0bb82ee013d4cc04bc920fd2901b2416cb9af4fdfc89dd419a390a329f568aa243fa9010b748e091c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3d12927c6591bf9e0257e7b7447a841a

SHA1
2835a4486947d8a5adab4b38c489cd0ffd04067f

SHA256
985bab1e8a642750e2691a05ec597651c410253fb0a21d6e35f418727f1a5f1e

SHA512
5f14057943a4226b3547c8c9cde118614e425c7611c3ecb891cb2e8925f5852ce03ec51600de2cc1c3186916e50495a9f25f4f3d3d3a28578f9361aa0ec6cfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c28a5403b181b0dfc3342e56a2a1110b

SHA1
5b618ba055d0f0cdf2ae079d88c45ef0ad4e80d6

SHA256
45c71ad8032b40cb2660b9f1106d08587562ed8d086609b5c8328cd6261e3d60

SHA512
6eab2de6e3953ee0c74f7798371ac11887efcfeadda0d045d58d585f8f9a6512a7b5cb0de9ee5da4c21a42bd06382f010cd5510676d080f06b3215a22e543615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f327de15143f974d6b09276a214dc610

SHA1
91b4f13c180e0d0984feeabf5869ce41fe42f0c7

SHA256
0d12cab49f948280224c89dc2aef48fc5a1c49f146e00b0972ed23525b182ea2

SHA512
7a8919048a57a60c525269c43d7356a73b4191cb301c6a0159a132f7d874186f092c46dde10d45815e7101486719b5c0ee66ae7e737898be0fe9efaa7078f3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0da4d5dbf7ed97d5a753672c50602fde

SHA1
9b5c693b6706ba7472229f759b5cef317b43bf55

SHA256
0dbbf566a21ac07ca2ec9025398e2969896801538c22f4cff70217d76becfe2b

SHA512
9eb9948a3d783225c853173c63449e506d239d3beb68e8882df4c1c5c94333e86d638a9e17cfdf86ac2006b997717c1411674bc696bb7bcc594e6b08069f7598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
2449aecac4a6302d45b7662ee1fac7ee

SHA1
39a1c2ead75fdf7e75e23d04bd001da459ad05d3

SHA256
1935ebbc68f11787953172649f18f97659f3e340fca0cf5d66d120d24dfc7352

SHA512
367fef3fca47913349cd0530a44b220b00ddb3cc19533147a8ec884734a095612396ee7e49aae94e7b6a3dab9d1b6fbdc322df833810fcbe93edc51eaab2aca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5884fa.TMP

Filesize
537B

MD5
d1a89b333f84267aa679665691808b0e

SHA1
02c88f15c4624f8971b708a91a5d25312c3f5e2f

SHA256
efbd21fa7a9c8e459a03a6ee661067c5f666d3e94ea59f1fd6ed38f646ca537f

SHA512
048354bc41f71664e3f6789b278f81634bce791fb330aa23393e184f4ce93bed15e4a37b0d2d72ec7b3c38f5aa8854f6c0b1ee7ff09317a2e7cb4339429e9acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
544eb1549af6a917508f5b8c3da48621

SHA1
afc2131243be758d258dcb6e10263f3daa59ef5c

SHA256
c471041cb3560438cca65f38fbecd4bbeb0475af1f78fd074d665cce145ead36

SHA512
1c650d3caf804f7b58dd8807a1226164dcab3e2f6f3d3da6506e5d799e3dde980140845a9d9e7681c734c378421b29d269d18ba41c4a960abeb7022906ce3708

Download Submit