6996c0dd88bbbb57cea2f2563868d2b9642d9a7e259c25e155adb5b5482bda02

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-09-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e05ca2ff9af8128c792bad607016d1f8_JaffaCakes118.html
Size

95KB
MD5

e05ca2ff9af8128c792bad607016d1f8
SHA1

b47d5a67b593022d105ddf8f73e3454ebcf0a579
SHA256

6996c0dd88bbbb57cea2f2563868d2b9642d9a7e259c25e155adb5b5482bda02
SHA512

ded7a4334118260b47d296705e3200d57a9cc4bdffbf5c13f8bb2861503352a6c096548952387ed1c2a013cd9c7d7c146572b4d69390f549598bd9c06b031a85
SSDEEP

1536:ymnbQKLJBwkimGaclr4zJksg+c9cm5l74DNn7CJkbxGCQlLWnZo+qEK9ThyFC+4o:3Qcwki2JLg+c9cm5l74DNn7CJkbxGCQS

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
1400	msedge.exe
1400	msedge.exe
2752	identity_helper.exe
2752	identity_helper.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 2836	1400	msedge.exe	83
PID 1400 wrote to memory of 2836	1400	msedge.exe	83
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 3876	1400	msedge.exe	84
PID 1400 wrote to memory of 2180	1400	msedge.exe	85
PID 1400 wrote to memory of 2180	1400	msedge.exe	85
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86
PID 1400 wrote to memory of 4224	1400	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e05ca2ff9af8128c792bad607016d1f8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdea5446f8,0x7ffdea544708,0x7ffdea544718
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,5779126001821201869,11690690417182531625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
37997f79da6ef75f05aa0b95eabffbda

SHA1
ffc4a4c1e501b719c76c50235d7b937616f5dd33

SHA256
407a7f055c28dc7435cfb7c6cd0e03042f89216c3146150514fd2c186f0121d3

SHA512
9deddf3b99022d69129bd12ea0b9bd4c0333c409b058d6ac7339e6bd9ebf9d805fd30700475db34151e6907c4a5f838029d9e9cb442f4e9aa0e6e85a73c688cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3baf076068f32060dfcec8b7d8d33273

SHA1
31a64731dde057b6d809c2863c4d30c43d5b08ae

SHA256
af704e2522dde2c6042c14de27d0a58f9881b70d5fad316917f9ae8778b3b248

SHA512
19f3356d91b5f844011bfe0d053bdb3e690b4b4788e024bddd45ce8423b2914ac85e9cf1eee7a79e0b6762a09e047257a33c46f31ba5656d9c14d99ace587716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1005B

MD5
65ac7febac153fae9d4df6e448c7ac70

SHA1
93cc4e23c20611b506422ed239c07b045ab86807

SHA256
1b24fa25b8bf877f0972a590b664ffb0b194be2b665b075060fafff7ab7b9648

SHA512
eedfca1bd75ef26187fefc6376a7aca8761217ebe862867abc0423b242f0f04723de0ed23c0f6c3c49eaece507f32630839e6e854e848a8e4fbb4df62e23d329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0068a7c931565458c6b767bffabfaafb

SHA1
7b108dfd1eaea1980430027212a8f5e72a6c7762

SHA256
3a8d2e9e13395082d3b00dbd6febd99d746f8b182df0c2a1cc12b529f125bd18

SHA512
9bded67f2f28c0ba0f2691a1e58d9225a4ebc11165d63b006f2fe84799ebe9611563ee543322c9f0bdfda744894358e2e5ad39ca6c9f9fc93f06460dc3948cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c20a4652203a51daf689c5eea951f12

SHA1
d103012ef2e4727ab657cd0be44fddc05d4f4dc1

SHA256
6c2e8fa5ff06dad6ec96206e2a37e9c95b46c2a4e890fe55cf9c65ae526eb5c7

SHA512
3d3ed21749992c65e4f4b080672e487d085521b2090e5e8e23e72483ebb2533dfe5a40a2a48a2d2acb6755991343cc8c3a4782d1c34014f8c8b55a29c9baa130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
29fb3ec91dd08c0b3fd0605967c6d787

SHA1
770277ce60b30833ad9fc48f646febaea23d19dc

SHA256
c9ed774d4e104f7b66dd0a0e7053789e0ec7c86d578564bdc6e5742bd9d2f39b

SHA512
ce6561de2b88fdf8396711d5f9d6f7cee99779efd11ead1d9843acdcb62026765f714d147b925083ac1a95032541a437f3baa4db79897b54aa4166c4d53d6d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7ce934a8951e88482e22b85b392dde9

SHA1
af41ded7285476838c6b026176025f7200206a7b

SHA256
0443e1c7403059b26866fb5dca0b06178fab69695f77a9426a8ef43a10811b5e

SHA512
d52c302ae8625116eab022f1f6b7c3dad1912a14780f321d301f4b1413fde492b3c89b736c6b4f279e2a98b05235bbb99eb816b429151a3042a1caf193da33df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
10a598bb58e29372de9c8c9558d87ebb

SHA1
e8a455e5e910452a66f052dd703cd069d394d45a

SHA256
4dc89ffc9d42d9211fa6fd08105ecb6b85ae88dd80b771d46618df340d4c5cf6

SHA512
e9bd8f9bb9fdf63d8a2b64aaeed310cdd7bab152e38e0e20d30991a70fac5b28e3b59bf828b72f4ead12963af275bb56b544a2450e1e97dc7744ad7536453b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5842e0.TMP

Filesize
204B

MD5
de6d3d00d0029ff571cc896e2ba255b7

SHA1
4a07883d3580146fe7afebcfd100b23a2cac49c3

SHA256
27dac9ac14743af63f1d835338c6fe67769483959f6a8813a3e346461e56a724

SHA512
8e81a3de0ed3141784b045434f2a2b2c477b2239a4e5090296a0e913fa5d079ff1cebdafe9d44ee19715e665138166938795de5868d15c19791fc0b600468aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f70da81aca96e5d6817bd174806776d5

SHA1
edb57009dbb89c164c6c36d2308f6afef4506507

SHA256
c46cafdb72683436608a3c8f1ca68cae194900d7764cd2970b92cc838d6aec8b

SHA512
8f949c9fcaf6d64af36d49d9fae882c621bb12fc7d585c331318eca077116220a5e387ee57ddd5e4649ffed504e1f770b9fb26af14cf1fce2bd492b857387200

Download Submit