b77390fce1c5f5a2df471520f86313f6fdcd125ba62ade5abed30dfbee77b715

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9641c485a43355e06e38c41a68a0267e_JaffaCakes118.html
Size

101KB
MD5

9641c485a43355e06e38c41a68a0267e
SHA1

d557e59a6f4b387023a413db9f136e45cac419d3
SHA256

b77390fce1c5f5a2df471520f86313f6fdcd125ba62ade5abed30dfbee77b715
SHA512

47d639815ab2cfe4dc5e58a9c04189ebfeb0d667218c8cdfbaff863f97c4e2c4b0f5de6ce25ca6a7e57ef0d0c6e39e7a388381ca55ef3820f270d23991261edd
SSDEEP

3072:MYoYdp9jz6XhTaPPodIhIodIhor/hZtM4q:MYoYd3SXIPL7q

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
4284	msedge.exe
4284	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 1264	4284	msedge.exe	82
PID 4284 wrote to memory of 1264	4284	msedge.exe	82
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 4528	4284	msedge.exe	83
PID 4284 wrote to memory of 316	4284	msedge.exe	84
PID 4284 wrote to memory of 316	4284	msedge.exe	84
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85
PID 4284 wrote to memory of 992	4284	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\9641c485a43355e06e38c41a68a0267e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82b646f8,0x7ffa82b64708,0x7ffa82b64718
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16812828470141718420,17340532334856235745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1ed5f4a73395870ea8d267a46aea0ba1

SHA1
1785bc560db144effcae2b3253033954d402bc4e

SHA256
872b42f6135c816612401f2a3e23b0d072d34af1f25b3d376b01a2eddcb0ab56

SHA512
e2b740414f74589799c4b96629bc35d5639c564a70a5d84b7232c367e661e4ea76f4d130146a48815cf4d054b028c681556fa8b30a12a316966f1bdf94d90c46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
bb07e7a16f48da5395eef921a7b992c9

SHA1
2664b0b692faefb98321f3306e0b52561200c05a

SHA256
2f360977f6ea236b372fb415b81d571a06a08c301fdf1ab0981ef5c7a20f16ca

SHA512
03a154e92d06bf6763fb7ab8ca6f95428b9e25d9ba86df929730dc7070cbf5d6bcaa31d653a06b635dccea1bad6d2d74ad81097774df7892bf30f0c62e18dfad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
37d0ecec3dc78b414eaea1c2d7280442

SHA1
1c2c98685f210907fdf5ec3f879355d919ddafa4

SHA256
6fd52e1712698995bad9b683866396429ce68356e8e3ec479e5c99cf93cb4999

SHA512
5eb5cf2cf6a8f4399dcad9bdcd235fc1e8553b4b4047341ba6d8a8fd6004f306830e49090db97433ed89ba0028b25b1c71aa881c21b182874f852dac9e5e6856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
58f02d4db5dcc05924449c552df140f5

SHA1
8861c77146039c3afb9123b74eb838483bcc5195

SHA256
6e5c14c072ed0eb1e11bb03cf11783d4d315e511bbd033ea08d85447c34e414e

SHA512
986f163e8861888761080e009e885bb2761d4a19bc7ad94966c4a11d5697b00adc0134756c842d18e585ea63c461eddde53116d76aa0a8cb26904b88da4e1703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1888115e0dd2c945501423d037885b4a

SHA1
6bbe55ca366eddf39e1dd5f05f43578b5fe82eec

SHA256
e9f6b202e8ace843b9992be116189113638d98f43b8d0542e397ffa18bcae899

SHA512
69b48f22f6caef28ad6e8aeffd94255590dbd881d5842b82de445c24a50e82c68200d2b4513a6d32d11bd22e97fc78fb862d5da1380cc5280781bf937aa0489a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e1bce4884b52cbad21294fc7b9faf5af

SHA1
572c18bd75db80ca8455b5b4266f79bffe079723

SHA256
d7044a3fcf8a6d5ea6e30961c99f4d9eb6aa055c3d37a4ad844ac3e3a71a5947

SHA512
7f30692acd2e392a6705ad777a98cf815569f045dcec8bbc999e1858e88a507bd52e01a43952a90372dbb73522884b2f94e9966246821d216162648e800fe9bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8a1a863b5db69b4955bc510ba91a936

SHA1
e14c0fa61917a0a97161389abe3aefe03f4ca460

SHA256
c11cadf854deaa669621e4450b9c689601299b5df2375a6182cad85002ef97b6

SHA512
ac36ebc672336cf79832da151bf1148829e8fe440a2a5c383c11ddfe19b68a38bcaeb3ca2e2d346cba0b4fceef60bfa84bec15b9a621bafec0a830e0affb8193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e74eaeb16ff56a65d392d2d586215548

SHA1
58edaf00087684bd4bd9d2facc02919bb9420ba4

SHA256
84427bcef2a91ed1343a1905790571321a83bfe65e43615d4391ae711a4ff599

SHA512
048d7afe2c489834e605e5ed7fb7a57ac98b79ccc195a98a46e6ea3e977e94bad8a022df50cdf0f39d2f3b8080bb67a739d9a977f24c039abfe336cc71124b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9cb50b3b6eb28b247645cacaf26943a9

SHA1
2c9e19f33b47a307be636ee67b6fa4a9c6b63ac8

SHA256
d670448eaee129c8b75637533bec6ee48e6e0d14d675aaddc0a2c61fe685f6ba

SHA512
ccdde3d4f39f7ec8a76243396ee2765ec2de72f9f7314dea38af7e78dcbe0b220a5f6e7dbd7c8a43569c70792fb4cb230790627a0f1d946c953588cdc8bf2de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58460d.TMP

Filesize
538B

MD5
55c7bfd3b9a3ec96a99d111925e944f5

SHA1
7db3769be7c1f91900da61d64959a99f2ee408fe

SHA256
717982ce64b594abfa36211ad63556d11e8f7d25bda6b7d876d31c3d7d998fea

SHA512
769e8c6e295c82d8d4d1975bf6b7c863a582e6115f579d201e95912b88c6f584e6ff1bc77bbaf99a4dc58ff01e18baf97d4eb981acc77f0b6876f0a24804a7dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cabc34ca4eebf9ebdac744372b67124b

SHA1
d36be59df466bdaa007ff5002ccdd90f8824e072

SHA256
02ead59bd08600cc5276140efff1e34f1fad63b7b1f2c2f73bc26d88dde88867

SHA512
7420dbeaf74c02f9e238ca5177eb48b6e2aafd5c5392efd02ab78d6425379d8ae215015559a9353f6beb1d27715af011249b8472ed34cc2f262e11608dd80d65

Download Submit