a6a409b5cca86d21c5c02ac0d97d8870dbc56a070115cdc44a88dfe58c5bbe43

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

debed65567ce7fe2091316ce84670799_JaffaCakes118.html
Size

171KB
MD5

debed65567ce7fe2091316ce84670799
SHA1

1f80d1a244c51700d4d34882fbde04cd00f96814
SHA256

a6a409b5cca86d21c5c02ac0d97d8870dbc56a070115cdc44a88dfe58c5bbe43
SHA512

cfe271faf58b90491912127a24d1d15c3e2c73f4daa5c7396c02d7e064bbdf31794ce483e8a288bbc843a1ccc53aa9f36d401ff17b8abb5d08c9ace9e1cecaa5
SSDEEP

3072:sZkYu8k8zt8aNg0mi/4beqMX/ZudOfJRUa+S94nAnWhY+CAMOHBT:sZkYu+t8aNg0miHX7Uj

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
3492	msedge.exe
3492	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 3460	3492	msedge.exe	83
PID 3492 wrote to memory of 3460	3492	msedge.exe	83
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 2572	3492	msedge.exe	84
PID 3492 wrote to memory of 1900	3492	msedge.exe	85
PID 3492 wrote to memory of 1900	3492	msedge.exe	85
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86
PID 3492 wrote to memory of 1012	3492	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\debed65567ce7fe2091316ce84670799_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd472946f8,0x7ffd47294708,0x7ffd47294718
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17687519911547212200,16636682342199601172,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
47KB

MD5
213af7ac1aa72e2c0c316743695b7cd0

SHA1
c93bf2de82958073a23b3a495356118ef718cecf

SHA256
f5680671f5dc330f962eb3de4164654e2c17284ac3a109f687ddabf104e25ce4

SHA512
d0e11f42a046682805d18a0a133df1c8c4272b94117de503dd4992c34f93e516b7decbf77496f45768aeb1a95f1493f74f5ff732e9b42efa6bff1b47e9b0c1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
6bbc0e512b7c029621e79d26950286c7

SHA1
f12adb0a38701b30ac5e0c9387dc6c71341b49b6

SHA256
9de327e20752e14da98d4894ba619f13178044888283e9cf14827de09caa82ac

SHA512
ee2bae02bda734a45f9d2d479322821fb959ccd1b6cc327acf53cba4e3b862942e6efa32046f48579c79c991c1776b8ed2b9e769cc0882d4fcf32ddb840aab8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
41KB

MD5
a8c2d72074b516f0f9527b492f6e7c4c

SHA1
e9fbccb6f4dc886906aae43220812f8317c2fd6c

SHA256
e61d49bb3bc6024a979c9b8f8941112d2e39e38852366dd5fd57e0613d753051

SHA512
06d09eb5b1ec9e50ce1964169827432f47ea0785103b80e42f77f97dffc128929caf20575e7e076a56e713afe1d24b88e4e9da8222d9946f16a199de15f373b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
dcc8a6753af6c1905eebbc94900d262a

SHA1
ca15d4a0e694620fc842d79cfe219760fd2bcf8e

SHA256
6c5497bc99ee3c73ed1767e7721b0c6fd54f899256d9ec03bc4d576c3e018a31

SHA512
34809f82164643f797cc817f51b7199c2bb6a70dbc0bde76a298de857140e5e4f9221c777f9b9315fac03f9de5283075a8094cd8303df187340fca514e3f5cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
325dfe7aede5a81feb867259d14dab61

SHA1
8b0b17d85a30c8330255b4a815673668b811590d

SHA256
af8e425606f4848f47ffd6fc9e748ed9df3a3edd08c967e0218669c072123e7f

SHA512
cd7bcc1c0a44553056c0f46a601089f1cd93ea39aacae817868dce1f6e433fe9919922d489d7bed94c041407896bbbb63b71bdcf4842e6eb2b952dfff961722e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
ad180273f683bd45c4ac6da0a4ccd897

SHA1
c9f3721c3b687069c3191766cda4784bc326e303

SHA256
bc8016ec79c359e5c309b9e0b3ddb79f856b2496b9771300f31d716d55d6d323

SHA512
7cea908d0693b5948cf1c455902287f8d7df1d22085601eee78eefd05d7a499cc7bc41999d316211d3c9d1c9cc1d9f66ce163c88df865073716307c5ef0a4fb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
de5d561c139714a780c52243b98d1bf3

SHA1
52d9ee0ff97e43860c7c0e88a571c70ef096dd1d

SHA256
7036562980c6d4e7c6dfe01abacb9453caa72470bc9d813d323f543a5baf8d04

SHA512
0478b41ea624697c6b39e0493915dbb73f95252226a9cc82e8e280f6543c80a744d769ca02d829602193e962c0fc420bc491429ed72fa032052c28fb457306f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dc7616b54904884e15e249fae9e6efdc

SHA1
78423a7e2b060be6c0239649771c333abdc0a9c7

SHA256
18dd286a17a15504d8cfe4ceedc22bc0310fbee59f1c0717c34bf326f7f9ed30

SHA512
cb51219114e52a922c7d366c5f3a1aef4e34fc0e13bf545a86ff15ee2d6d465ec5cb9bc9a08640c06253efe6452db1cdcbb13fcaf2cfb9c75a7050570cde31fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
528bb4aef80e48dc813e1c5c32830160

SHA1
a4f011c25742291a2a9ae42fa651d4ba5e8d848b

SHA256
3e472e60f61c0cab61e38cf87e79c0fd99f36913b9a0b6a510002072bd9bb0a3

SHA512
e78e63ce6df11ba112423d826d50cda4d053f03a970132da92908221dfdb0cc741d61d3914c6d1f2d86e33e41be57c0453e6bb937c83ebe41c29a283b2a834a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e4b990ee3e945c54bfbe8ac2aabcfe8

SHA1
c7c652bc9b017a4afc8079f213a718c93382b7f6

SHA256
352ccb1ae156d0a950812504828ed124060a3f5b553d5fa63977066216e55896

SHA512
69b6c85105e37043be5dc2e25d0357bb6ab10494e2708de0914d29cbadc85c62c959f612c0fdca826c3d3f1da83df4679f145eef76220b62321d6c2574f572f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eadd.TMP

Filesize
537B

MD5
60391d8461c538feeed6c1e841157312

SHA1
79c178e81c8339e848098737f6ae2ca909f73ece

SHA256
3c1fcac36977e85cff60de53effb0baf64ca67fb33f4330c1396bc7bd6169d05

SHA512
d9941a1c568e8acce601f1019788a94eb7c41c58142cc7914dac0a1e6670ee6e85fb76fa9956e7877d9dda2be88d1f5d9ebcfa9506b9ee85490dd5cf5e93cde0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6a66d8ca3990229a9a4ad83f205007ef

SHA1
7fda57a3b687e974f90b77dfc17984470d1c7c46

SHA256
f4dcaf68be581e6ef2552b5a2ce1881252876259963c9e3a11d1d519873102d6

SHA512
3d2af0ae68ed5ec8490e804146ee901f677d1d6729f75ff1678be2067ead78db6354e456bf243d7be546825ce7f95b670b49a569c9375ca0f9b68ff6d69c77d3

Download Submit