2a8996c22927e959bc031ec6ed378d026190b687402c89ab95ce0b7e96bbd5c5

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaba1f67c5787b861cc82258f854f014_JaffaCakes118.html
Size

86KB
MD5

eaba1f67c5787b861cc82258f854f014
SHA1

29cf0edadf27caea70251eae9b759e9a1447ccc8
SHA256

2a8996c22927e959bc031ec6ed378d026190b687402c89ab95ce0b7e96bbd5c5
SHA512

51ebcc69aace30662549fed4c7fbfc1e172f107c013dd4a3e9f378d522f53a014497077ae68f861721274dbb10a13028adb60478158a90ae24e4cb98c85ff98e
SSDEEP

1536:wJzrHoEwkVtaPMQTTg1s4kMD0bUwHmE4UESst6:wkataPMQTTgDkMD0bUwHmE4UESst6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
768	msedge.exe
768	msedge.exe
816	identity_helper.exe
816	identity_helper.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 4424	768	msedge.exe	81
PID 768 wrote to memory of 4424	768	msedge.exe	81
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 4520	768	msedge.exe	82
PID 768 wrote to memory of 3592	768	msedge.exe	83
PID 768 wrote to memory of 3592	768	msedge.exe	83
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84
PID 768 wrote to memory of 3632	768	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaba1f67c5787b861cc82258f854f014_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0d7746f8,0x7ffa0d774708,0x7ffa0d774718
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,5593316145719932048,13599789807311066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5a1e98d99eb7fbae4a48f567123138cb

SHA1
3fd8ffe9d81f03af2d72e80cb0a3208c22bc8de5

SHA256
460602236cce5293112c53e74a01d0ae71d839025b1d48d49cf38b24ec8de501

SHA512
4d43a57e41684cc517fc52d0789f1858bb39197fa5b3ae4f652f8018be6149205e1cba4221d05398e62aa685e91215ccca352c6685da1ff836f532a8a2d9ac7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
73b94b34e22323601c56e2f09e3cad83

SHA1
5ec9b6c05025674ac26d3cb8fe3a8a2bbbd49e2a

SHA256
75feee73c730dc2939e0db1248d48d7ecc76d6b5233eb196fc7fecd1d279eb2a

SHA512
3950b85e2560c61c1461b03b6a0d0b178046fe0885aa0334bd2d1b46dea6e2429c5ea67a4b3d5d716c6444f6a0aeab2b0f419e508337f73c9c60acb9f4e1a01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0dce8d32b3cca9e8bc4fd77f32093ec5

SHA1
d7ce755ccdf66a6c2cb22be05724e9ede4e2ae34

SHA256
53bac63319d236171fa75d89793a5db36b4cb0bd3617a8fe2e7ebbc0e1aaf766

SHA512
d288d92a291e47ace5b03e996df871ffd089ea47d72726545d76fc58dce444114e3428515dff5f49922367e3855d87c5b4718cf992a40e6e176162f67ccdc86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ea23a0f2d984e7977d4840bd9a0a8401

SHA1
2a23e975cface0998a08c5cb24ae1b932fc84c0c

SHA256
3f550887e229209314dc696aa7df232e4a92b872dde757ce238bd576fbfbed5f

SHA512
9045be2544ca65384850a1be6e35054cb66291ee801c4143d8cad61c0467e7b96ee4cb560aa4e113a324504eaa19c2a94a21b24d747e86be88c813c936273dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55e00ead8018191037ef07d4db51591a

SHA1
76b25b500812b760bf83a009fe9113659b5e8bfe

SHA256
3cc1a151071623edf4eb62af6460b7da3092c479ab0f8be2a63cad37c381c742

SHA512
12f650b953e47d904a477b7b5d9944b87c8b695d416863fae595b308a2f9ae944ddb2ccef7e1ec0a7b181335e5f557203adabf37813ed6653fb12c9d71e044e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
30a4eb037d45a7b610f5b9072f5119e9

SHA1
e448b3d1c30ddb9e245c7d4db6fe65733fd9123b

SHA256
4c2179f511d6576a74afaec6fc30b868409f0adc849bb8fa6d986011f4748122

SHA512
70357f45b90bab8a01b7842f34b748774cf2d6e880ed1fff2a3f66370f077cda70dd5fac380e9c84dc82e18fb689ffb2d1be5856d2e807ee931625156ab16651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec7352771eb94d10704a5e9c2d7f8cf8

SHA1
56904f8cd488237219d670ea9d0f54a4f5098207

SHA256
b25b8072f6b5a358903afcb5596176d9be6df1d7730cbb698b63e6c59fd2d7f3

SHA512
2f8f6d99f8fe81ac51afc2e8657301a5cae47b5f7bd997b6a8230aa6d9e27e83ec80efa7e37c7c1566486d6bc765328713469fbffa6d6ff9171948b4b0b9cfd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
95c1f31d1904fd3a6b5ef954422887ae

SHA1
3f25f395ede72193d300d1b50d808749380ddd7d

SHA256
5b0aaa89e88c45c36e62cc2f795feede3035fb70da902998d6aad25f4bcc6990

SHA512
5f8167d598d7131c6d40b424cf4d8af137fe64f7385d627efb81fbc7fea02bf164cd7e85eb2a335a35da32ff2fd28f073809d6efa7b5b17cd86b282d237d4af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587829.TMP

Filesize
203B

MD5
780128aed480e0276c2d3be7e77848c4

SHA1
d919bb6e874bba7d53a2c701664ea467116bb337

SHA256
84c0798a5a8cdec017cbd0d247883987f5d68df1f17e9bced18862908ab13472

SHA512
3c855debcf0809d39451f00764d81e1c915bc131c5f54200c7f866170b7431c1526f4be12d498216f0bc2feedbfb4e06883c6444ebbe8efd6424d5a44f9e086a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
96b2f85efeb2564fb19218e7546b4abb

SHA1
fc7074c255a8b497b664fc78e2428124d79777b8

SHA256
9e579efc880e8653dd18c11a565ea15185bb777ca168a3fb706b0116831c646c

SHA512
a7019bf7a0776086ce0711e843a9437a42a9c12e51516455bab30e620a02be88dc94a94012c85b267124d2b95c07c076e394af62fd992d04ffbc7c80d60bb381

Download Submit