5f1928b04ff72e5456679d940424522dcb788c626289c5cd8699cf740a2cf81e

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9a72a5596c109b8510b34865727ca3b_JaffaCakes118.html
Size

127KB
MD5

b9a72a5596c109b8510b34865727ca3b
SHA1

acfac940d81ce6323e15de7b8041cca49e10b276
SHA256

5f1928b04ff72e5456679d940424522dcb788c626289c5cd8699cf740a2cf81e
SHA512

80b2ae06a7aef5a00a7f5d14794779ce395a250827126323db2daec542e0a6f442562c441f0e0960f69a34d25b348aa0554a393e0ce3bc6e72676bab18e6bc2c
SSDEEP

3072:c4qMUkI9HgKQrRGx9rhc/V9xw9GPBP48T1PMeFpQGemu8HRnDG:CPHg8x9rhc/V9xw9N

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2684	msedge.exe
2684	msedge.exe
3916	msedge.exe
3916	msedge.exe
3068	identity_helper.exe
3068	identity_helper.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 5000	3916	msedge.exe	85
PID 3916 wrote to memory of 5000	3916	msedge.exe	85
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 3424	3916	msedge.exe	86
PID 3916 wrote to memory of 2684	3916	msedge.exe	87
PID 3916 wrote to memory of 2684	3916	msedge.exe	87
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88
PID 3916 wrote to memory of 3900	3916	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b9a72a5596c109b8510b34865727ca3b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeda2046f8,0x7ffeda204708,0x7ffeda204718
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17050585076075788104,11693442017376559115,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
05e1db5fcbaf6b4e6a9f06bf4aecc9d2

SHA1
011cf09de4c19cc1e555ee61b5bd9b31fa86361e

SHA256
583f02d6fa990288f9552304e2f51739c2edcccef90a8242b9cc0eb1e6d71bb1

SHA512
0330bc31f79f12ba3cfa2644726c95e01bb4c87a99daeee424d6bedcb0441ee282d1701a7f6be4fd65fe2dc409e5e9ca66629b3b56112ed693f26d6baafbbd5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
99053825a6f402ec25eb8d5292ee2258

SHA1
86dc758230a46c0dc5c94183fdbd2a583ed63ee7

SHA256
b5848498af1022cec184fd5ff7d7074fd28aba5c30ae16a5bd666ca7059469b8

SHA512
cbebafeb15dcd1f97742869b45f9d330f59ee77fdb56b33a8665cf4d0aa235aacaaf0571950bdad97c29de1f00821870d3915fe0d9c9b5c75ac68ed33d0ca419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
24fe5ab292b77878d42f81609b2f997a

SHA1
5fb7a4c784a7004838965a268469b54aaf5a234d

SHA256
acb74aa8bd76649fef2c05816351a728080bfb12bc38e19b0f08379c75def7f6

SHA512
c3f75dc737b9931f5f44d55ae4b00d2668565861421a55929cd1b6605a886f0da4e323421fc07f3a764224b6b6bad302bf1d5678da80e0b02780327785f2eae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5b2a0c840c6dad66417da258908c2bb0

SHA1
466bee7f8b7186cfe253d2a82ae778322ee898c4

SHA256
8060f593371112fa71f99aeacb2591b804b1e4146e790cb388b9f4f7fe00c289

SHA512
ce72050dcc9cc3e4cdf850f92b4dd21889a3fbe50a1ff6c8e77f57298ca4a09333093f7027d6e10e9998e5d0edde27171e256bbb7fd446a1eee275aa5c5a71a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
87e1091afda660d8ee87c364166bc67d

SHA1
6d55647ca3a7d0b1f76165f5896451e52fcc5d56

SHA256
b902348a78b553d5b166f6dca3d9db537eb5c75296c9400e9d4d762cc99a1687

SHA512
3263ebfdc2e18bc4c9589189bcafb113b3a10b8d5792542f364e3550245889fd1f8cb20443bd5fac05e2c52c88d747ccca56077bfc1a07a760023e9d4d70fee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2440ae151a6984ff5f87f623fc3f5b38

SHA1
e184bcd7cc1577e6a02110abbb044bf6016f9fa5

SHA256
c56f4a1c0e8cecdf0d18a78aa94dc88328060aba7ef6a4309a73fc9dd6d985d9

SHA512
1a9bb22b897e7dc646c08ae4bb6376d3c8efbee2d782ce76297944f24d76cb12b2ab32df8d1fd7f07b34bb5f59ec0b3756e2ee481bb468e4991d0da9d7b71050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b9d2ab6a95dccd2421e05c221e4b40b1

SHA1
f3ad5f3320b86be84356a605872e7baaeb890aaa

SHA256
ac0be3a7e5b61174ebbfa4bc9ebca0ea4ed33292588e9dee9f02d94a3ba26461

SHA512
4312713f07789c1ad61a9b8d20ed3a05ae5f4bd4c861d93b460df7d9c4d4704f4d0e2f2693efe47a2443249d039d3e3ee84827898129dfdf2473fdf1b0998a5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58150a.TMP

Filesize
371B

MD5
6a8cf07e31aac21442a7d89242df8036

SHA1
a08a4880bb05d63a78a22b797dcb600c8fdcf5f6

SHA256
50cdbea2ece801cbdc22eb15eab348fa60cc9d0c07c6e1ac86453b4a89715507

SHA512
fd682ae368e14f5f34c59ba24443e5e576353a9f6b68e59490b6276a6dace930f2a761b04ba645fae5103f301148f1e36805806900ea6fe990b42cfb997129ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d3c0535ea4868166b4c24c54fd8abf28

SHA1
33797a873b28a0ac4e370cada6cae533dd165fb3

SHA256
5d7d5d7273bdbb8565a39a9fad0cd12d569ad287dfeaf77fe82ce4c51dc0335c

SHA512
7757b1fd45576d07cd763f06ef18cb26de66d059a4509d6325047146df6f2dc4c092b3b64be1027b3c78ab1eee0059ad608776fd6faa779879def2ad5b73b798

Download Submit