2e40369476e3a68e40d5c2e33aeaef236b87ad516e4e4c04ef2226d2dfbc0b92

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d98e726681f9d8082334622abfd37a7c_JaffaCakes118.html
Size

47KB
MD5

d98e726681f9d8082334622abfd37a7c
SHA1

3b43aa02da11678d045d13afabd6e9b983c74f3d
SHA256

2e40369476e3a68e40d5c2e33aeaef236b87ad516e4e4c04ef2226d2dfbc0b92
SHA512

12047934713a20ac29c3a27e4c713f6ec96f9d02371641eff5ee414990bc73b61f546215e9864955b3e7fea38334749c353df338e5e69d1224019f2cba3fe484
SSDEEP

768:kobmIGiXPXDbjmPKcu/B2fao+E7eSyh4ihibROhin69KPUy2JtCx0SE9R2JtCx0T:kE6PKl2fao+E7eSo4ioYhmcKPUy2JtCF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
752	msedge.exe
752	msedge.exe
2796	msedge.exe
2796	msedge.exe
1168	identity_helper.exe
1168	identity_helper.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 672	2796	msedge.exe	83
PID 2796 wrote to memory of 672	2796	msedge.exe	83
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 932	2796	msedge.exe	84
PID 2796 wrote to memory of 752	2796	msedge.exe	85
PID 2796 wrote to memory of 752	2796	msedge.exe	85
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86
PID 2796 wrote to memory of 2908	2796	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d98e726681f9d8082334622abfd37a7c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabc4646f8,0x7ffabc464708,0x7ffabc464718
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9489089337188795772,3605985699519556687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
a8ee6a4fd6865f8ad0521690ac682145

SHA1
390f0e279daa9b245a23054c53a79ea999987fe6

SHA256
306d8df87e919cc90c501e85022433f02951550ac45967a651dc95858de9bfbb

SHA512
53a753a5a717b2647ddf682e4f4f6cd60158c823c445be4a4db97e0b74afa97d8408d180220fd72d20696107c7d5becd69d8d4b82b404ae00a697906a414b5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
525B

MD5
08aa465885aad123b0e5c9cacd5788a7

SHA1
8184da9e1e5deaf988120fb7bdc8ec030901a258

SHA256
a3e5590ce1c7fd963fe0f11f7ca37b67da346c347b3dd159913eddfa6b8c10b6

SHA512
013626b82a66416a46299762fa25365c28d95901eb36eb37c1db6e67ca5f8555b161c1a5cdb3af3c129176c241eed0f600deb6ebb4460938768037c509f64b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
525B

MD5
4d0a0bd9e695d97030a2b28cd1d4427a

SHA1
481467c7c485533a33154737cfd4bbf501100a4e

SHA256
91b27950f0e24c79b2e8f2da4c8cbf8aabfcc6d34c795f081bee0346137f2999

SHA512
d080e310d547caa5ed06d743a6e8bda9f58a6706d358df9b9594f21dc221f43f2a9275e6f8fb874dd5e0699c8ba025b87d402464c8a64d692c739dbc9e570da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68ca25b095059af7420fa89cf1ab881b

SHA1
e1f5b60fde37a20fbb1c3cc5252340c70519d96f

SHA256
ced451027e4988b06fede7a7506bdedb7057c4c57fdac17f4fb60de21b898243

SHA512
11d25f309d150b4842dab73eeeceb0bb4732584b6249eb3fbb1501437b16894b096aec9151964f511ab92a1159b57d90be369faeaacaf02b26258dbeb68e7e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b09288e158c9684764e37462cd45cbc6

SHA1
b4ded939a2e133d2763004b23367d72717f374fa

SHA256
32c679b9da16b07b801423b107d50d0c43e8de1b8406b07ad2b6a9407586edb4

SHA512
9dbddc4054a9bec21cbee07ca20f3e8d69b5ff65e9dc1ce5d2f2abc5d582487cd6fb17f70c4e3c1d39e20c9f6d988595bd977a6c5c54bb9ffebf2d9e551ec064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e77e631f4301192495163bb8b05d721

SHA1
7b88062ba06630e321a4189f7f4daddcfeb45e39

SHA256
53d457aec52aad87da06459fb4821dcab9db7cadd9f9152cf6c5e26be5225c32

SHA512
7f4d11acf5e2d2b03edf09c1874d1c6418bbfecc324530d992ce2cf8b6b3bc3977a2b1377a38601b036f8b82118c0330980e05b1e97ba7fd49b8d21a8ac374cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
01038b3c763eaa16e5f43a4575ce086a

SHA1
cdb64862f31fd0cdedf167594442425c00f64ac6

SHA256
b15968d53e1895a143204f0d2472282139cef123c7e46fa6add74dea3c57bd36

SHA512
fe3cae08fd94087cc1dc0f33135a3929d3e8b6d1a640dd4d62a09a16d8dc5b347c0db92f0e83d5373fee6c3dd74b85baf3ce50a49b176d4529c02f24686be6ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
8991180a946112f0de1f7293883c390e

SHA1
0d97ed94782770b050843b71c1cd21af0dca3aae

SHA256
02ccc147ebbc484bf894eed1d1b12cbc9cadd00801d9f1a29caf986699718789

SHA512
40d94c7e9f74aa7ba796e1928879b21be30db67ea6fbee6455b72e7bb67499b4282324a8d32ee9a8b2a7f89e153f1dd6f8b2b1f8854eccefddc85ce45fb1ecbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
d2b5ee54404aaecfcd2c2db6f06ef43e

SHA1
198ae102d12a17c9a5b6f11d9f582a7954df8ec3

SHA256
dd7f7211eb92d4cb49be09521b09387e82c112df2e48ccb14977a3148850b4cd

SHA512
73b3abcdec7c4e3597ef488ac4151251ae4342f221e0a48c78c4fc85bc98317203cde0650dd30eeceb22647818d680275a50259d4077869d3d71fbbfb0ba89d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cf51.TMP

Filesize
203B

MD5
b84310e267311be8c3371ee8afa87b29

SHA1
901daf836a86fc9d1ac9b9a28cb411a97cfcdd4d

SHA256
73018544a4d763084991fa29d78307883da63c7dcb7a43e016fbfbfecbbe17b3

SHA512
07859e9cd20b99aec4d13c372eec65e9a0c87bb5fc41d5bcfc9202cc23f5ce1e70ba1dd303a302be8734c536799b62c875823eea981756fb030480daa84ec844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
56e9ce1255a132acc134153ff8472088

SHA1
abc67a2204faf4c80e376ceafa94cc72193f3fa5

SHA256
ef3267e103e8f897134d22d1f502415bd1aee4b6ed3e6c45158b405853c5215d

SHA512
7eb93a5815d7e6b13d131492c4aff23a6c81a92166dbab4ea9421a3d3b6c2dd81e155a027669f09df622d5fef1e4600137bd62c36a3c7e5be648d0020f30ddb8

Download Submit