c491476375c3e4fa2051af290cf1480307c61d2a45ceb9d0efb4d4be5dbae11a

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-12-2024 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2c81b4e879be79269b2530af387fdb1_JaffaCakes118.html
Size

108KB
MD5

f2c81b4e879be79269b2530af387fdb1
SHA1

43713cc30c63355897a78fa6cf3d66ec607b38e8
SHA256

c491476375c3e4fa2051af290cf1480307c61d2a45ceb9d0efb4d4be5dbae11a
SHA512

27800e128d74c7c42a7fcb21e7502e3a0c2f6a5176047d763aa11c1aa6f0abb37f70a74f4a5218e4d2d672b5b6deb77dff279c3ca5781e309c0ca5530ad24969
SSDEEP

3072:XxZVYlAMYznpBgoB59bO38G/CsUgw5HAHlLQPd:BZVMARznpBgoBGzfUgw5HAQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
4536	msedge.exe
4536	msedge.exe
1808	identity_helper.exe
1808	identity_helper.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 3332	4536	msedge.exe	83
PID 4536 wrote to memory of 3332	4536	msedge.exe	83
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 2920	4536	msedge.exe	84
PID 4536 wrote to memory of 1628	4536	msedge.exe	85
PID 4536 wrote to memory of 1628	4536	msedge.exe	85
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86
PID 4536 wrote to memory of 2216	4536	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f2c81b4e879be79269b2530af387fdb1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa333046f8,0x7ffa33304708,0x7ffa33304718
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,3515146389514340483,9348676699657309488,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
65b74b1b5164db977014a662fe4c07d9

SHA1
c0e551acb4bb744e92ffd2386897cfc1e11c85d8

SHA256
cb05ad94793f66de34462436702cb80a55fdbcd1fa1fded6c3d77644216c954e

SHA512
91db7c5a3f3b7bd0fc8c0f7b4550b1ec70da030dcedf130aa884ea106bb8f4f2ee56c1660df14b7196f47734abc647a86344e0a94ef76ba78ddb43f8fa3b07f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4e1992304cb838b35fb26f596cc3b862

SHA1
acd5a8e34ea01a479a95946ba3ef2688632a70a9

SHA256
f60804621a516888a9156e23c64ae7941429bac9976425c1c09569078d01fa02

SHA512
4a0a14b36c91bba447c9aa4b4d9c38fa8e1f74b8429f5a4ff3d436bd5dfa68f717fe2e867e5062e0e977426e6a43c31a0859c301f27fdaab1d4989d86af78bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e5e252f43664d1957dfb2540e39e384

SHA1
43a739590ea5f90b63e76ffccba1f33965724599

SHA256
a297e14ced161f38e493fbf7fb33d110e84709602213cf939be82494d46e4622

SHA512
e21da379e849d778f391b81ca896f34040d52a003f8bed607447d84b39e4d75dc26dcea8b33bcbde66938c1c8b52fba3b1092e0ed55e1ede72327b47afb7d6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2cc6e60ec21e319fc54b757012424deb

SHA1
b90ae342cfe6f2d4e199d57d1da5663d878fba9b

SHA256
ee20483a4f4c3699b5c7f3c65247f509e4f7e01392357c7540355b5db3450c42

SHA512
201438cde15e4a575f6a8ac6def534cc3ca6a14f4ce5364b09390328f796742c51b09559cecaaacde36d6423007d288745fd50cd2c6ee57483e487318557a6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
d6b79246f8793266a360ea5978be373e

SHA1
76668472e168144828a86793a520b1177a34fe65

SHA256
76f13e0d1f2a66e129d7d5c4e89c391f2daa605f82190cfc77f5ac1080738198

SHA512
d2bec4114684f424cb7105dec02ab697f6e00e5dd39f178d8d415292e291414e7ea0a4929fe2d0f6130bd6a3e8c135e4ea639b37a98133773e6bf3a80f7bef0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582a66.TMP

Filesize
372B

MD5
b98dd3d8d563b71da91f8ebed882764e

SHA1
b91ce399233e4aab4c35d4815af0d755a0eab6ff

SHA256
e17fc97488513f5bcb0aea4e769fbb6031edf80b35b5a4ccdd4e7a2b73c563e2

SHA512
8977613aa4fe1dd26540112fcd6637eeaa1f24b8a9cccd83e6685fdfeda164f0ff8975bfeae5880f97e7117fc82862214c65d46163e6707134b07095e3afec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a3be557a-2105-410f-ab5d-1b719c88e071.tmp

Filesize
2KB

MD5
ee91515957e51c9f609147aae3bd54af

SHA1
b09e66cc2eb69cccb0bdd721d346aa8851d8476f

SHA256
c25880a0ed9f2dec95defac8a782bdbf15d6bf6545f8e3d9ead766ff74c3b389

SHA512
7d634e98e6d48d6f74f19ba4e34802b55cbc7042ffd3145ca15b4a679253e9adbaf0c59a9afff3bf6e91e2627aeb95d78172f5bc8f1a32687f0b2da05f137594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8fcf6267051f115371c7235f0de3328e

SHA1
1b4ebcf4110a01774d942e3256dacc1d20f36ea1

SHA256
a0e6175da1771a3ef727ff6ac86434c7c363df49b1b750e0a9a92d2c872bfa3f

SHA512
fd13d6d78d41a702ff8cb6f2fc864bb0a37fa0457c68905b4ad3139fb1619d5781ff1b24ac320cc39a1cb910ee3638c2b7877b429c3f55b27670359d0e43f68c

Download Submit