8d0995732cb1fe28ecfa754feba7c2ca5d905f7c411a2d2b2387394c05913dce

Analysis

max time kernel
148s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eac4d972e2dd380e7c981befe92a9027_JaffaCakes118.html
Size

78KB
MD5

eac4d972e2dd380e7c981befe92a9027
SHA1

fcb5c5919790832a998db4309e187f39fb7669c9
SHA256

8d0995732cb1fe28ecfa754feba7c2ca5d905f7c411a2d2b2387394c05913dce
SHA512

1ad8d92c6b9a02c20e5aa46154a6613f988448b9803a285eb22c48e683cb7391df5e8f97b5cf36b07cecd07aee987d3daf470c7a1f2d794df46bb32341b648e4
SSDEEP

1536:VZjpAxXfVBBLCEcH3DIu4uog4/eN3ehN2VG/i5EF:VwXfVBBeT3DIdhN2VG/L

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3704	msedge.exe
3704	msedge.exe
3316	msedge.exe
3316	msedge.exe
3492	identity_helper.exe
3492	identity_helper.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 3164	3316	msedge.exe	84
PID 3316 wrote to memory of 3164	3316	msedge.exe	84
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 4028	3316	msedge.exe	85
PID 3316 wrote to memory of 3704	3316	msedge.exe	86
PID 3316 wrote to memory of 3704	3316	msedge.exe	86
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87
PID 3316 wrote to memory of 1156	3316	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eac4d972e2dd380e7c981befe92a9027_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7d4a46f8,0x7ffe7d4a4708,0x7ffe7d4a4718
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,14825934066057392481,18083766199562985326,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:232

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x31c
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
13520ddb7f2a42aa78062590769b5333

SHA1
198c4e4ebf3f5c5d7be70cdf286aec83e3b6079a

SHA256
b6bf5a5973887830c421009cb456e2fd6c906fa9a177b89ad45d4dbb7f48da6b

SHA512
322a04da1c1d1210ab8890c31ab18cca2656a5409f9203234389b427338aaf7fe97a380d9bbe7a387cf0bae3c0b820bb9099043382a5d0396262ee656b4c2415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ba10e5f0fea637f2598f4d890be67863

SHA1
cca72b0692c8d257e0f8f6d99dec2d7a9cc2a888

SHA256
75b3ebae0a41042f1a16aabd3e93b926537542e27a88b73e9fb22cb4b3c03816

SHA512
3cb81e3c573f394f9f24f12cdc70c22fe55783ae00ce54a3ea335f349c1591b11b5f84fb305d61b6693a3f2f39856a243536f08415776f8a4aeba031a4af1ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4bf06a0214d88779946b37207915727d

SHA1
a967035892f0a60791b52b0feff958cfee901783

SHA256
ffd743ba527e41a51bcdac391ef77e47ff2aae52d5c0ae022f9e9b3da2259ad4

SHA512
3a49ddcde851f7da1877edf59c70a08e85ad3eef6934083baf7f93738c0dc944d88cc0457fa983c98056a37aa8f1a4336b96271db03c6d18c645f553454e7387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aad801a672a5ac20586264ad818810d2

SHA1
1059e2cd155c7f10e91f6c5d01aebe91b179c6dd

SHA256
2037a0a536c50911561716c5784d3baece36e2f6d3f18a9c700c61e38f8c16c5

SHA512
8773103bd5df9c0341fcb55d0189894b16229f5aa67f82ac1ee5c6e532349a4d7646188096c347ecc6ccb4f84360eb976e8849d57776d6b12f3af716ce503ac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16c706d8efddca1859f575247ea1a9c3

SHA1
eb442b1bb74685e8559d805a3013855dbf1fce0c

SHA256
bf07d0d8de4d2dc5d7e5a13fa0ed003d5a92731c9dd0c6d5765976248bc2eb4e

SHA512
0167ebb8823e1a37aa41c967b376d42c034f1ae2a80e454cb121fb1562983c71f277fb58e5fd86c00f1d727b678fdaed8a961362b53d850ddf09a81314dc40d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
93f6ec7366d5bba74b883fa62ee0b9d3

SHA1
5b1dd56f905a9216b6288a498e41ff64d77361b7

SHA256
9379215c8de7c8f3295431a483ceb6323a6b3b850c3d70d057ddf92ada3e6149

SHA512
d6ac699c9501181e17a4f927175b272dba9e82b97a435fca9b262dcc5a47669d7ac61f06158e77a6ea3434728aa0dc49c8b550434ea905a0dd46723f3549e238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
96aca7d78a54a897f4fd5164261cb06b

SHA1
8b6ff187e761e5c874809678bf614323ce379d67

SHA256
d90216e523596d78e26927be71e1d975779a4c3b6aae596962feaf1a324aa1d1

SHA512
6207179f0db8f6a996cf52c6e6e40d1269cee2c613edd668e43716aad969cded9aea2e2aecbe06ad09bb17eb6e1b1ef4e9dac65d1fc4f1c72594d2af4965faaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587395.TMP

Filesize
1KB

MD5
b5b13471a10e77a514ffeec8ac7e211f

SHA1
42edfd3310ba48158aea3908b9b166b083b66b74

SHA256
85362947c79962d87df20d817cb838ae896716bf1249a7c9b9a1f8084d462c53

SHA512
954431834a6f51a1fa18823f74489d43636bf0059ae067c66eab6084be7f0d32667e4ebfdf9bd8e0af8a24ef58b99c031054a4f953f8c022c7a0b5c9811deaff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d68743a6-0551-4a01-ade4-dd6aa5978952.tmp

Filesize
3KB

MD5
cd2f785bf05ff0b4f1737d85d2eefb99

SHA1
d73e0f102a8814df875c1fe98c6762decd3c833c

SHA256
dbd66771f63deef57a13287f19be6b0f985cdb0a8aae01da371b299dc81e68f7

SHA512
f8f8fc72c7c2d8fbbf502a5892a95371165b81e995d6b906971f4fe0aa1a07a39ce224cb762ee67f2bb545c16cffb269668322200720491fde199f278966599e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6822d4f71a019b5d0439ec9432b7a2c4

SHA1
1493f108f9fe8ecf6c1d25ee7baf48282a330b10

SHA256
2e29527f73e4a9121dc8e1709c7d27c41dc8113c9854583eb08e2f9a514b4eda

SHA512
f5e733da0dffdcce9cfe8684e1857c26b7b7ce10e40a5144a92bbf8e153e2c2d3f17ab3450ca980eb64c8b409a8e8ebbbe73597cdd1a8b632447a47a64b7e0f6

Download Submit