4a4188e75c403ce1b02de55b760ff540ef25dffc63afa21af2f31eca2cfe9272

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aae2277a58c96f274068f9bc09530266_JaffaCakes118.html
Size

131KB
MD5

aae2277a58c96f274068f9bc09530266
SHA1

db57dc14bbdedb604daa3b499e4e5d4dcd4255af
SHA256

4a4188e75c403ce1b02de55b760ff540ef25dffc63afa21af2f31eca2cfe9272
SHA512

e5dd17e99565e48a601914ae3ec1defb7cd7798db92763e89630bfb10b4d4e892558de58e5251b2736e5ed63d9787d8704738cefa46c337c39dd24e5dc5a86be
SSDEEP

3072:pLbsHKHTDFVlNH60/5es9nkhjiPzpzl5ZJZ:pLNn/5es9nkhj8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe
3796	msedge.exe
3796	msedge.exe
2212	identity_helper.exe
2212	identity_helper.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 944	3796	msedge.exe	81
PID 3796 wrote to memory of 944	3796	msedge.exe	81
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 840	3796	msedge.exe	83
PID 3796 wrote to memory of 3228	3796	msedge.exe	84
PID 3796 wrote to memory of 3228	3796	msedge.exe	84
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85
PID 3796 wrote to memory of 1776	3796	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aae2277a58c96f274068f9bc09530266_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9671846f8,0x7ff967184708,0x7ff967184718
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2361713322128943159,11790805347600275444,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
33KB

MD5
54285d7f26ed4bc84ba79113426dcecb

SHA1
17dc89efec5df34a280459ffc0e27cb8467045ab

SHA256
b0754afe500a24201f740ed9c023d64483ca9183fa6361d759bb329462d25344

SHA512
88afabcad8dbb0f49cdea27c64783ec98ece295f139d50029d524950a5b40a7971f033529f7b60e5acdef5f0576bdcf107fa733bf439cc76693b654ebdd9a8df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
78557b8bdf611e5864f0531ab72f27d4

SHA1
271a03f1515a36ad8590ff78f02209477af2eae6

SHA256
26c5f8b707ff2b968f44edf752640383f6046ecad146e24aa10d8e00ff89bc0b

SHA512
4b5d86948bf610659e594ecd5370b1f1d4f0dda3e6aa156b78d72159fe2a8fa9e0a4f3c98bd0447928f1861e298aa910e00c54fa910bf2a361d6c6db12892e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
46b8b75707af2065a33734dc189c64c9

SHA1
1926e9f3c93aae2f8b6f444257f81cd44a3359cd

SHA256
c2c1e0744ac7b72742fd94f316f020859615ca232c4f32b4cb7635bf5c8b6913

SHA512
98d2d8943de6460009a189c8c756063a2c333292b5e7e870be668e172a1908dd4669fa8b6f1923a1af6bb1537b6b350444a471f9a6f41e0e9318aff828ac3fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9e9c328cdb3e0c0934c5fed63eb3d26

SHA1
f9397b804e80424faec105a24b4ce38b7ce30106

SHA256
4b2ff9405c03c1ae4f28aff2e416a6f544b816dba3c1cb6e01eb044e507da3b1

SHA512
a96d894355ece7209144a12d64f6c2967d7723519fa2a27c70461d4de25ad54d3315d2bf2282a44f2b0289a4fd79873bc959c7bd90f924e71ad478c32d85c1b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2164c09ffa0ce8c805280f4d12a6a69f

SHA1
894f4e385fee2502663c045d834cdb668c83ac8c

SHA256
61153ceb697e3337b0bfb6ff877e34c2e6f0496ebe8535078bc05f04c89f14d8

SHA512
9cd9c2144ee3cac89ff18b6d0f66b856c85e9456eba18e01fd30890566531f999775862f918effe7cf71f476fc22d89451f3e5dbd0ee61a5f515ef83f071cebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
708B

MD5
7fd77a700bce5adb5d6940aaa10d8d85

SHA1
b70ec6f05bb0f0a4a4d806de954bd3784d409739

SHA256
3382027ed7bff3dd65a7b1f2f98e90831433e5ce182a8c0fd8e7badd90cef548

SHA512
1ddf87242b6c3a00f57d1fe9269b88dcaaea67c17dd1e297cdac07265b1d2f8594195415c0b2258c909eceff7cc4fb21bb68e422fd7fb5ced588d298200cbd4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b997.TMP

Filesize
708B

MD5
a1305d45954674089011fdb843db208e

SHA1
0386f44fcb088b545c831f4c2cf4a939be431a34

SHA256
389169afc3a920cc444ff4fd398c6d3a38b9f311c1944a274fed8db69b378373

SHA512
88deff341903e259e54c550b2f3c3b286c9b5516eda6247278b3b9efdad67bf4919b631ccc42ddaa2942eae5dee71344f13f8e875f45e0743300b3893ebe9cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4047bf8b7c0c334182d4ed4a643756d6

SHA1
93120faf52ffa575ec6c03018fa8a3649a8b8047

SHA256
6450d43f17064610f07f8ed50aa9472ed7d30cf1f73879398dd2e8a13ff65335

SHA512
d2c942bf4ed2b85f1a9664544ec699616e6098b733151a9f3347b085e5c45acd04fef9f9455176633311a3d7510eb81978cb6ddf5d6bdcd62860761f1b7f89eb

Download Submit