5cb163ef054ff77abd500bff4b07cebda5a0190a7145eb00d633e1be05667cd6

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 09:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa01e41af84eb41076a5df4a6682c865_JaffaCakes118.html
Size

91KB
MD5

fa01e41af84eb41076a5df4a6682c865
SHA1

d151aab181d2eb0729a3f3cb4eda41344ab15608
SHA256

5cb163ef054ff77abd500bff4b07cebda5a0190a7145eb00d633e1be05667cd6
SHA512

2796df827f23b6683bb0b51db645a7c5295a98ca7fe43a2cf4fc5c36ff572530e87daeca96f748fcd0dc7d878c5dc2585635a81a47dfb8c64dd7d3c34f59674f
SSDEEP

1536:k8SI4H2XAhKOUYIuVFwr6jfedyScDV12xaLYHhOoNqPfvYMc4If:aH2XLG9Cy5DVb/Y94If

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2284	msedge.exe
2284	msedge.exe
2312	identity_helper.exe
2312	identity_helper.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1288	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1288	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 1228	2284	msedge.exe	85
PID 2284 wrote to memory of 1228	2284	msedge.exe	85
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 1172	2284	msedge.exe	86
PID 2284 wrote to memory of 2160	2284	msedge.exe	87
PID 2284 wrote to memory of 2160	2284	msedge.exe	87
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88
PID 2284 wrote to memory of 4900	2284	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa01e41af84eb41076a5df4a6682c865_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5b1b46f8,0x7fff5b1b4708,0x7fff5b1b4718
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1132 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9445492883986130727,9059169414870672389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3500

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f0 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
39ef284ab795dfcd6aa5b0ed3729ce8c

SHA1
0fa8424399f64eb11b712af59c49be4aaee9164e

SHA256
ae5834d22edd57d2971866682364a1e76e8655c23a042f1a6f197790b2c7dccb

SHA512
da5bf7ca3dbd3d187d887c4298a7cb9d1c8144d2a8ceffe20866d90a5e9caea4ebe34f94347689e68b7ddf75fa7b3b88c4216c2d04f5280caf1c2fba8f920b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
669B

MD5
ba97292516906889e4f9abc53a81168a

SHA1
28da2ea6f5273090d068d38145e7252c679acd48

SHA256
4bbe3a4713cbcc1d436eafbd68e8e5045f664a76bebfb388d1bcf63e55b077da

SHA512
e585d53c7be0118ce679159874275feda6b2e6c5ac9c09240431d9df47e5679ed3e387802cba298bcdf73126fc730ed48e1ffc216af568b1874b0625f22708b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b121cd41a14f5641e96fc8e4d08b47c1

SHA1
1ec351dfbf2cde57741d405a47522687a0363332

SHA256
156c8c973d15460bd2cbde75f2b595dc42415a56897ce1b0e57da157d84b5358

SHA512
f691161c211f376c8687fa9a52263b362ea1a992b4b07842569db2bc0e9572f1ac7d06ddf8cdbfdfbd2d58e32071ff2dfe82b8b3f1e6b88edcf5325cfc9590ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b29005cfa93b9ae7aacec215bed82cd

SHA1
868659b641bf4a2cb340fb38de18327dc48913dc

SHA256
276e65dda827da07976ee850dd6dbce71976a0848db570c45abd09a4c8d95343

SHA512
966b3d20100878b1ebe5aa2ba616caca03fb57abd251a77e0335a39ce59dc51051a3e6e83518c93fff4c2c34604fe4c04bdb503e93b6150cac57717d59881b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdb064dba3d4deef9447dcb589d15cb4

SHA1
47c16c1a0cabab909454d235456c6327e641e29e

SHA256
4d04aaeba28e57d18687bcfc136a69ed1c299e85aa135de11118c0e685d3f646

SHA512
d7a55a3e53ecca05e6c7068b681a8e1486ba6eaa604ba35be3a6742168733e78e0648f61c736060b7eabf375f46b593df4e32ff089850f7db2b5fb566046837b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
af5c7d02344f2eaf2717fb5081b8ce2a

SHA1
83d02caf6ddf802f2d2d235077a1038f278f57c2

SHA256
8a896afeecb322dbf055d77fa26a1de627a3aae33a988d4cb98d0f69d660ed2b

SHA512
8d32bfbd467c73acb76f50b84a7b84999ae1cd07263b276def34f2d1b294669f47d1acf35856fa0cb4aab7bd15aa934ee15b24b7ef9a80054e23a8d343cecaa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
ee8f06b3fe0cbe9a45121b1d8122c96c

SHA1
eb9271f2eb61a5c7cd885b2a1dace4ffdbcdcb41

SHA256
c393fa3cf89454858dd92e19b694cef702d0358ea3caf5bae362020aa919a8ca

SHA512
2ffe17b9e9486c5854cc2f0d0f6ec4c8ce086726f3ea27a3520b826b410e87276c7bbd783a48eeb23f161297c843063577b700ca51256688d549eb5211da3cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58588b.TMP

Filesize
203B

MD5
a4f9cf315c638db70074ed9c81859dab

SHA1
07899605d3286c40e9668161761ea3b1d61f56ad

SHA256
fa743f2d5367143da821542789f70e792b7948dd960c8d313c3329debb000939

SHA512
102217f0d021d17162aa488616c8fda34ee7028e95086cd5b2c59f96602f6cfa3e466821579ae26aa6c458fab63289bc2a5528d30cb39e76daa4397f37f24085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
92500ceeca34f16feb0177f9dcd16bca

SHA1
30c9cbcc3acca364963f0098198a2a46a588abb3

SHA256
d365da937b0583d694f2eff6af7e1c71818f1686d38b31bac687cf465067bded

SHA512
d0571f636c18af9b910695570a1b63f0517209cc002d39ed3b86536919bbf9e7c4f84700fc5dddac24707a6af33b661719765d50484af519be7311f69c4abf1f

Download Submit