154cbdbb238b0ebb6c5311e20e4edbd808c331ad2f9a71edb16da30d96fb3427

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e240dd677c20c7d6e74dc5a52fee3f78_JaffaCakes118.html
Size

156KB
MD5

e240dd677c20c7d6e74dc5a52fee3f78
SHA1

539d479510c2b3e105492af45a749416c2a030d5
SHA256

154cbdbb238b0ebb6c5311e20e4edbd808c331ad2f9a71edb16da30d96fb3427
SHA512

ba90e99752c27252c4ec65e3e376dc229e14496de3f3975e034de9233a845bd2f5bd559066bf460ffa6904faabd29d7c6f78a7279dce8c73ef75d26156ce8609
SSDEEP

3072:sZCYuku4beeGg7iQ88+afWPUz+S94QAnWhYHTAMOHy9:sZCYuHg7icsUk

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2320	msedge.exe
2320	msedge.exe
4608	msedge.exe
4608	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 3964	4608	msedge.exe	83
PID 4608 wrote to memory of 3964	4608	msedge.exe	83
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 3332	4608	msedge.exe	84
PID 4608 wrote to memory of 2320	4608	msedge.exe	85
PID 4608 wrote to memory of 2320	4608	msedge.exe	85
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86
PID 4608 wrote to memory of 4904	4608	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e240dd677c20c7d6e74dc5a52fee3f78_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc28ee46f8,0x7ffc28ee4708,0x7ffc28ee4718
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4509480595574726809,1373273625806377802,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
6bbc0e512b7c029621e79d26950286c7

SHA1
f12adb0a38701b30ac5e0c9387dc6c71341b49b6

SHA256
9de327e20752e14da98d4894ba619f13178044888283e9cf14827de09caa82ac

SHA512
ee2bae02bda734a45f9d2d479322821fb959ccd1b6cc327acf53cba4e3b862942e6efa32046f48579c79c991c1776b8ed2b9e769cc0882d4fcf32ddb840aab8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
754KB

MD5
07777f459f700ab190b3157b66f7d158

SHA1
b1a37271d8326bc72973fa6237a38ebe8370d714

SHA256
566a5c2f661ed10606ea930a3703c431c1d8ae8d6bc42614481d21481f3b8767

SHA512
d549a949c654a970a5ea3bc8919053a7d8a469fd839759eea9d870a9c3795a9f1a51c49fdbc9c138f239cbb3feebf3bac4035e7559f960f9463c801161a16ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
41KB

MD5
a8c2d72074b516f0f9527b492f6e7c4c

SHA1
e9fbccb6f4dc886906aae43220812f8317c2fd6c

SHA256
e61d49bb3bc6024a979c9b8f8941112d2e39e38852366dd5fd57e0613d753051

SHA512
06d09eb5b1ec9e50ce1964169827432f47ea0785103b80e42f77f97dffc128929caf20575e7e076a56e713afe1d24b88e4e9da8222d9946f16a199de15f373b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
732705701ee476c71a7b7742627132cb

SHA1
346bd3b33376ce3aac715892b53eab8a3ca703a3

SHA256
f9175db5b050f55be771d8da957e38f3e6c65fe3337b48e4d82b0a72c3b51dba

SHA512
118ceb5f2b49b1af708e6583bb70b2c0c73fc42e8516acab94efdeae694537dd8e0b58ecf06efcaad69a60565319cb6d8b77d865c44d828f9ded6951be80f01c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
dcde163688875bcfdd02c957ce653db3

SHA1
07be195f3a1bfa50ce8917a8910bd47539674631

SHA256
41fff0cde202cc4e7fe07dd75858047c8615336433f360bc8f934ebccdc3ef13

SHA512
dfb7ffb4f0032263d4649b09c1f890d08d6a686840535e00b44af6e214ddb160ab92530609e4c58aa0bcb74df43511558ca00b1c84f1506020c2dcd9f1b90562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f36279243e5a915f838bfdda28a0420a

SHA1
9bbb2786b1286e6c55cb0655f558d5c71898a57a

SHA256
87a8f0007a52c5002d8c74e86bf24dc8276b1f3f8a373bc5a89d6eeadfd55bd4

SHA512
7e4e9a9be5b58d4ff2ab7b71a6dcd8b2ca6d165ad7274b15529f0bf2d75e1174d514d27af4341bc11200bc5f53cbd95e08abcbaf47825744384b0d7cb67c2228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c4df4c9c561af258956d215b1ff23566

SHA1
b60671ddc40bfa47b3890b40e9c1b86c329c80dc

SHA256
5b03ee3990d9a3d3e05cf151e8c4a28433365133fba7d7ecc0744d05a17b72a9

SHA512
237e4d7a7b4d9e41f56d148c33585b6aed968e5be5c4ff44f261f990649c95b1562cf807a932e93babf396f1d2534782a0a4f621a2a407d46b28e633e0c3af6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e2f68dabf453b2507f5c040e679ab8f7

SHA1
766d6647febfe2c1bab8b5fb77d2f1abd821c044

SHA256
b6a9055ff4cf62b8e6dcfd66e44ee7194c767a3ce57498b2ceb6ef8c0031c771

SHA512
f1edc0f46fdab4d2d2a0a2341bf8c3f3d906db1e372c9e38dbeb7485ac7774f7fc2df5703f772314f6be8729786983b9625ef9b401caf7f3be14c6916d50d6bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0f592e49340ad2e92a938160fede7e43

SHA1
43165312e0cc46c95176e35e0c6e4511180335de

SHA256
4aab907cfa5e7e8078cb64c813ecff13838655119b72cfab1bd2bd6301be57a6

SHA512
cf866de7cae5ce7ae5c7b154328623b4bcd32d003ae1179c1f93cdb7b559c7c119df5ca8598a879b047e5984fd54590074a0d5368264354d3da6e38f3eddfb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
388bf8f49f47e82fc301b53837574ac5

SHA1
b579d92af4c92d5edc7daa4e8fb12036ecb05777

SHA256
f2c1693c963d4942f3642b5b337ba4c290e4d695cf40333438b9852c10bffaec

SHA512
d678d4c18fc833554a1767b459b22038ec01abb949fa568432cd78327c1ef8a1d62ec9ba33970368c0231abf0c5df8d86884570f12abda3d6d10b9718f1766b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580867.TMP

Filesize
1KB

MD5
7934c2a65c25eb2ae8611c38c065f411

SHA1
ed29bcdd33cbd2690807a1e6821fd56594e3cab6

SHA256
51c60341c0fe6a847afe9dd08a1fc38e59346e3320fb7b1903d6ed9b2e5b709a

SHA512
cb4e343567cb6f66a4aaf6a194cd7cd46c861604f1ca1b296a8771ed7ceb600f140b8fa49d22553e777f8dc6fd589dd709f45f6f68bb01ea3fe569afb7e80e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bd04a0b45bfc2d915c44c7275f079f7f

SHA1
7eeb629d8978c10978903ce57cee1b64059c8aca

SHA256
f33f5bf5000db8e03f8fafbb4f1ec9cd872047f50dc29ea92efdcb7cd9ecaf99

SHA512
38a95e3b5ed7c5538c98e86b54e46449226be70c3cfcd6c1617ca8fbe3ccd71fbfdcded8b850fd8c9f093605a9e6a6a99dacf60d381abf388c21f559919630cc

Download Submit