bc6ad1ff85a38c950b627fdb3fb7e57e153834888bea80111c07debb41501bc8

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5063a8b37a19a92ef7cce89f2f41e28_JaffaCakes118.html
Size

74KB
MD5

a5063a8b37a19a92ef7cce89f2f41e28
SHA1

2cfb86be67f12a0ae065c0df3ceef00b26d5380f
SHA256

bc6ad1ff85a38c950b627fdb3fb7e57e153834888bea80111c07debb41501bc8
SHA512

e82da0f153256771330ddb4b9bfcac7971eb252b269c6742b89c9883c972b877df2337d2b6f2a696546243526bf35fb3b1526f0fb91dcebcc155f544d0148522
SSDEEP

1536:rIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZ6Ga:66GeDYFnUyqoy7vPfdT5qiQTaQNQTws9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1116	msedge.exe
1116	msedge.exe
3000	msedge.exe
3000	msedge.exe
2304	identity_helper.exe
2304	identity_helper.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 3540	3000	msedge.exe	81
PID 3000 wrote to memory of 3540	3000	msedge.exe	81
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 2340	3000	msedge.exe	82
PID 3000 wrote to memory of 1116	3000	msedge.exe	83
PID 3000 wrote to memory of 1116	3000	msedge.exe	83
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84
PID 3000 wrote to memory of 4452	3000	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5063a8b37a19a92ef7cce89f2f41e28_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb41c546f8,0x7ffb41c54708,0x7ffb41c54718
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16736708454767789924,17574177652460607485,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
32KB

MD5
87b96a63d7d15946823f2627300f5973

SHA1
5bcb1bc895cd0db6a635039339fbb98d8bb56af9

SHA256
0cf4e1d53901c6cf0d780455f2fceb9fd518bb6bad04f83ff2a6a38ab3c888aa

SHA512
c1eb599322eb7c07c68fbdd7cfa9a62cbfccb3e8397909dbddd31cda1589e1ec77e9a384a5208c36f1b6d659b69d7c5ad39ea28b06ac9e4ab8857f4bd317798e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0ee7236aa8ccd483c7e7dc965397a703

SHA1
2340b0b1bbde25f808f7912bbb9a37bb07d7640b

SHA256
232afff43566588f8728dc98caa3a2eb77e772c5969e27207f8f897063ec2954

SHA512
a587595e537e0ab7817deb75c71be0738b4fb62a7e5fd08c8d4df35c598cef1be80276782909aa2807e375ad3c61ed90f975071581f780a89b5740f42f9eab24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
84439f858e16ee77c26a3e366b80d4da

SHA1
3124536237d92815f380ec60e598f16fb3fd9feb

SHA256
202afe200c0b939e3f8e213eaad6ea3284a64678b526a67c4ad8b88f7b904093

SHA512
fd48447de6f6bf3fe0dfc72ce1bcae7cb97aeaac33e5eb86c6f5c7b4c2f31055be24819ab7ffac9d633985f358404fd7a130221db20e3e4938bce0996bddf6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9d8ec1771d378964b3b7efa18a7a953c

SHA1
9237e1adf76c94dce252833d00b1a2532baab683

SHA256
2fd96879772d742dd38c71cb8fc45469ae3d6039b7f20d244b6ad23cc01c1dba

SHA512
767eb48ab582c6810450fca4c7e1a9e5a98f1d31475e70ddedb8ad5f6d602d17554e30306590d8ec148e306798489b3430162ed427d11017fa24b4f841ee1f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
788f79c554878e98cd7c2f3f022503f4

SHA1
574b68a460c76223b87125eb1132b7873f5373f1

SHA256
9858b75bccf1f3850645442c65240e3c6741109c2f78a5ff02c25d20613b8a05

SHA512
5fecb43f2942939f66e343fd55bf5c66573a88770d7d5ab1e9d3d7e429ecb4fdbf4add8be4ef779befd371b63bd7b9bc664f446559a46010e938e22cba3bed10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
723f874d267865dc2c1fe8b82b634236

SHA1
78037ebeab0c2227e42daeb637a2bbb6d5172eb9

SHA256
920c4a23f03f28ac0329ae8380cc841e9c0b268ee51f630afa259a33af7c6b2f

SHA512
5a9855792268c0c9e7dc7bee38ad332b155fcc1b2ee85cce1901da159edaf626a05f88ff6773b95a25fcdf0491af50b99bda604a462d95a92b66f03a12aa0cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
008fd1a8b4ab946e17312d25ad444485

SHA1
9443d2e00e3e0e00697e3ba4498b54c90708defc

SHA256
6cafb5414dabd2c718cb0bbb4fa7ab82964b0d844097fbbfae4916a1ba6da4f9

SHA512
b88b8d18375a77e8840df8a77890a54c08733cf7a4aec252245309cdc16ebb6ceb7ae6f617f38fdf14ee0417203c40eacb8068ef7b0cd5b11e3323f0245a6244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
778d3f7ad54552a4f46290c0bef2e9c5

SHA1
cf5f3f19cd9dd5ca739fa835ec0332060e70dc82

SHA256
db4baac37592a3705af8929a8198b0cd3550b9bee425207a851084a4e7594a6e

SHA512
e59abe1b608ba73aad96489917c2387f36dc0f77d2a121f81ff848b1c6895e585b73d355c82b19498672624aa38bf5714bb6d1f1bf3e77dbf1b5897570ce1e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f7c.TMP

Filesize
371B

MD5
2356da22bc39f288fcf36a5348625641

SHA1
931e0ef95ddb57b3357dcd7b1f8cb459afad1392

SHA256
ed4d9bcc2d53e1ed0dcf9342b2fead44cd96d9ea9900a668f537217d767521b2

SHA512
2ffb1bced23bdcdb63c7d05166d9e848fbd9f641885e4b74bbe12e8d0278554c22efc06bef175ca037e0c2ae417c83cf6774223688954ae0721fc6a4a0027265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
de6fd6121bd8b5eea0c36973b81af6fd

SHA1
4d378f920e4b4420b37f70f6375e731e887a018b

SHA256
183439313106963acb6100ad3cb502def74fc7a293ff7bbb935eaf70158e89c9

SHA512
b5d28884a79418a8261d4a981c84ac6323bbad53432b2ea9f5ad4efa2548db8c2d3ea54704ab832ba299b11a291808cbe3a66db15c72e45f2d722b3fd704e1de

Download Submit