8ef6a8a08d85031e2d8093acf3f5e7f71acf00c65e9d07aa6a3d8eb2ebb7bdfb

Analysis

max time kernel
140s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3d1e224ea0096dde1aae9687e212fee_JaffaCakes118.html
Size

241KB
MD5

b3d1e224ea0096dde1aae9687e212fee
SHA1

b7a9d11a862f706558c5e9aa7532608c8bcf1626
SHA256

8ef6a8a08d85031e2d8093acf3f5e7f71acf00c65e9d07aa6a3d8eb2ebb7bdfb
SHA512

1d24767e359e29ac735e5aabf77c920cce690f79855ea41ac11eaaef674165e0001971fedadf6012f254dacdb05dc368d809eb7c767bb0856022dc13b76b36cf
SSDEEP

6144:n+RELVzhXkA3d8VZQvzwV2lms5JBpknvjXGXgcH44KKKQP:+RELVzhXkAN8VZQLfh5JBpknvjXGXgcr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
912	msedge.exe
912	msedge.exe
5112	identity_helper.exe
5112	identity_helper.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe
912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 4928	912	msedge.exe	84
PID 912 wrote to memory of 4928	912	msedge.exe	84
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4132	912	msedge.exe	85
PID 912 wrote to memory of 4592	912	msedge.exe	86
PID 912 wrote to memory of 4592	912	msedge.exe	86
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87
PID 912 wrote to memory of 4900	912	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b3d1e224ea0096dde1aae9687e212fee_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7fffe59d46f8,0x7fffe59d4708,0x7fffe59d4718
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16187123301777929070,5574174638909720994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0b7f604a1bba727e792734be964f6337

SHA1
02cd2afbb81a16b90c09611ee855ee1530b1c31b

SHA256
074cdba8b5ac0feb85db80157236a92a5b86e6681773e5c5cdb8426619e12a18

SHA512
42e636cb73eb5b1ff9b78626c76200d6a8ff29ce4c6e29f7c6ca8da68f69175b049de1f76dd7dc7672b93835bd69a5cd99a9ea26ff04c6071c6ec587e85117ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5872c87c92dd5496a492d89b72915615

SHA1
cdcd2963438d503c721bef74d5216b8f1cfc6ce7

SHA256
5cea93d785d5bd6fda18b569a9636d307fdcb9a76adf63ded635e017c9e6e7bd

SHA512
65804b48bc6f4f3e093e879bb93c5911637f1839ae39b0ac826d089bf949d5c0e208547b1fdf3f80500f2241180b4a19278075bf6d27224388d7396d6ace8080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c81554ac441d6c5389a55e35035a566c

SHA1
180e23b8f68014c25b568043cf9187766d8a7d81

SHA256
a2af7a16a553f9cf76ed0891b619782ce829e3ef4b089c8c840bb664301d544d

SHA512
65b1680170cfd4b4326fc1868be907d1a3bd1303a22effd94a651f274d680dbba92ea8e83def01e1bf80aa7bd8d81e8a762b4e796224ba80f451369f97c8d91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f9e835dfd0c2470c50a4ef48c9dab96f

SHA1
59bd7108f7b61a580ddbd6fd1734777cc0d009c9

SHA256
b2efb412d3287612bbaac22b813500f2efad25e68096ac1180cc75f60a5a263f

SHA512
54936aadd31b846d0238904966ed4d3865a1855f81d069b9550f0b8db2503195ccf0658a0f383dc563a1b72614e4249bfeeba7ce296087b7368bdc30088bbad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
18bd4f898887bf4c0acf9d611822b685

SHA1
3fc179f7c923f1d350614e7cd2c5dbdc1b99dbce

SHA256
4c3eb11874131c024b007dd1df30d3d109a528cdbae612f78892a3a2bfa3d1ed

SHA512
3fb8510530da1be9e68631ae488526aa5466df6e9c0d7dc4bc62e5ef83e81896e55826acb0a8905986e44ad49e454a1b276fab9bbd52ff4dee755e01fb297cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8dc97aefbe136e1031cccc25c53411cf

SHA1
67faf49b13332d24d7073b77a7bee8f6f11678fe

SHA256
6d2e2cde6a4c792dea53c6cf51bcd8c233debddf2eda1719229638d248d865a0

SHA512
aef0f8617d13ebb58d3543345f53fd32fc7dd360ca7fa58e85a18b6a96b3a2c9a2484e7147081542d5756c03b813414bc746ac751051be7cf84dd6b1ba293e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
9b0d52ad7e71a5e3438490fa9f0024b9

SHA1
dbbb73e665fcb6fb3b6a55ccca6de8f3631b6ecb

SHA256
1c95dbc68d0f22900f0ddf630a19f96e28b5d1cf8eb2967e8b298989adedc208

SHA512
b89a6166b6d0b914674c9f480428d731a7dea32331ec397b7e4de7bc4ea0f17a243cf3636fa877ad7c01990fcc2fc6cbd86f59cf739a09c82172a053d4dc73bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587172.TMP

Filesize
203B

MD5
16ee1231b3fc829ec31c0b5d39009423

SHA1
1be040e1f4b7c73737a293265768de720a28e545

SHA256
b96c26a574a9aa030e627acf4a8b44502d3420642954cdb7b0cc1584092a4b3b

SHA512
21bbc61b1c504620f77b9c13d8789460b91f5201c818e81aa118815b94e811b424cf6f977627068f095eb029bd8d91ef7c7a50afd8d3237da9b5f0a873cbed5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21d7f09cb49093a92cf455dd1124bd3e

SHA1
e7f898b092ce1329533d69ac7300260e353e9733

SHA256
7f4f5e3a4b2e4bcca32d487556cc81a03338a1c5000a3e201c2669d34afaab47

SHA512
1872da143311ae56ef394dab7ead1d01ca567058fe35fe0f9a29eeb53decee762d282cc501cde87665f0b26b78e6d43fe2d15bd562a53c1fe765713cd2cdf1fd

Download Submit