114c0baed062be27d569736425df3cc2dd68af2ea470c91190c9b98be121db74

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 01:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d56d94457020a91676767d407a3d2fe6_JaffaCakes118.html
Size

73KB
MD5

d56d94457020a91676767d407a3d2fe6
SHA1

eeac99ec8de69bb6babae1c4c3f216b532fefb8b
SHA256

114c0baed062be27d569736425df3cc2dd68af2ea470c91190c9b98be121db74
SHA512

ed159f2dfe72aaf792fab42f41e2383d2b91b707340beeda1f4e5b2e2b351390d75f6863c188754f7094b2d75d7de7e51eea33bbd6e5707f181c615dee1bb338
SSDEEP

1536:SJz7THGpQS/X3LVvAzEyx9pnRpzWu6A+ArF5jwvXnJCke7sQHDZi5oEuWMAGO:SBTHGpQS/XR/QHDZiqEuWMA7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4224	msedge.exe
4224	msedge.exe
4388	msedge.exe
4388	msedge.exe
440	identity_helper.exe
440	identity_helper.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 1880	4388	msedge.exe	83
PID 4388 wrote to memory of 1880	4388	msedge.exe	83
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 2516	4388	msedge.exe	84
PID 4388 wrote to memory of 4224	4388	msedge.exe	85
PID 4388 wrote to memory of 4224	4388	msedge.exe	85
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86
PID 4388 wrote to memory of 3244	4388	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d56d94457020a91676767d407a3d2fe6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa94f546f8,0x7ffa94f54708,0x7ffa94f54718
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12408828027038274883,15375258528504186978,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3977478a0838bcfe29cf44c4e0d33fee

SHA1
4d25faccedc79b4f0600fbd5d183892bc41aac42

SHA256
95909f9da787fdb7e35a4bbf465fc8a883296cb7ca8259e1c96c813f8232023c

SHA512
7e1ac4ede0630a6d9833dc362083caf09dcaa97c7efde25f72b3dac6738f72753a625a173b17a97442220976589089f7f27f8c38559ff076a41051b6ce73cc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
0ea88268f6b72e783e5ce74c8795e4d6

SHA1
fc37b871ed5bbfa34a40676c0e442411853c7e8a

SHA256
183f5ea7c53ccbe441b50ae4eb53ffc59e3a6175630e157ee939cddc620b328b

SHA512
1b2f9fd9d6606bf0cb826f23d1dae33ce43c9269881a2aff309c7562ff12db981097b3fe9b2fe70901183a76b1c8bfbac30ebb98959c231069ea3e599e382232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c7d139a7718a2a88c4d8b185fc2aa295

SHA1
09337bd976b3e0513f7b688198722a5a2f9290bb

SHA256
c5af198e3ffa6911bcff2c4c862bbc2a3672ad039bc0b5023a1589c70b1f4195

SHA512
90768bf049cfac9eeee43f431470af287ae596460d5948a441fcd9013403c169f1bf9c8d99887fe4775f31857d660cf150496ce600a9851f2a1baa702ddbfb11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a775aaf14d6331b5d6b8426e327846da

SHA1
2785a0156071761ed4768f52952d961181b7139f

SHA256
2884e02050aaf76fc8cd645b8939a6462ba6215cfebdd376eb99f991523236cf

SHA512
28614e78b9cfb8831dbce4c0196b9b48cd8b2603825e3fd540e2905e1f0984be90a466c72b6714f5274a1e3226129e6664a1817b55e111b70bb88a10e6eb3f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
af640b7bed24e3459d4837e9ef1348b0

SHA1
8a42bb125715b404aea3c831cb2b419b54dac407

SHA256
1a3f206e56716536060fcf5824f03ccf993784dd6d4b886db2695918eb2ec341

SHA512
92d3564fb62cd24766b0ac3056e2cedec55810ee29195acc39a2ef57bf674495a5d0597aa32022225f20692b2f4a1b0a34714d9c77b35ba883bba1b985041a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
92713b2065a267beb625d05f95d607f0

SHA1
61ad25cf64c121fd772bacaaa304a83efbcdf331

SHA256
b103014522b314b05305d9951ecda91ae1b607e5c6ad0b3d7397d47538453f2e

SHA512
fc67fca22fd32592e553dbfd2de91c6c58b2697d09b5b575da4e1d4354165c4ce0b52ab81f0453de76286217235133c60f54a00293d7745aaf061c7c48c7b4ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
0cde21bae92d1963656aa92bf6e6c446

SHA1
c7fc1d45647494389e4a9f95a03f3bf869cfe56d

SHA256
973110817d9e397d70dd87e2bea30ce092b8aa7dc21c5f5cbde63927924ca82f

SHA512
6fc86bcd45d117d8f1e49aaf792344b6b9615d9304cd0892184924fc6208e67c2c81d5a145237ff76e615c8dbe953d39825d443540336bb53633dfa203e23224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591dcf.TMP

Filesize
539B

MD5
e0b516dd885d882f69bf94e9dc86fdca

SHA1
67b73894a8bc085450b10652b76f4a9fa866ec86

SHA256
a770d9af451483d6231aa8b5e3269c0e3af4df386ce2e840cb11c46ab5dbe820

SHA512
b36412d78e693b357a9067b0b8b3dfd73e74e53c7f841a151e33e88cd68e0c0c6659562972783cd73f2de9491e317f949ba204fdb9f31f2f35a4087320d01e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
33dd344e2e1eee75dd63231043d71937

SHA1
8012afbfd7a61560d822d37fca4a6013a5039174

SHA256
d523feb95a10c4562cae9092f5a9930d46043ee561749b835788c13304ad34bb

SHA512
1d8bdaa05e0a1c5ac4fb9430ae5ffdab19f8f197612318e56ec95ab92a030ffb31a8846547349440d2f94f3517f6ca1032fd2a7422523b7bf3c35599da98738d

Download Submit