f2ca585db6e896d0916f10c1a9afb0ed5c7161117c47a7983342fbdd9ff5a035

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 12:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d4657221cad6d5b4455aed4e97d9755c_JaffaCakes118.html
Size

59KB
MD5

d4657221cad6d5b4455aed4e97d9755c
SHA1

c5c37082fd9ff261312086f0d83e63e944c2df9e
SHA256

f2ca585db6e896d0916f10c1a9afb0ed5c7161117c47a7983342fbdd9ff5a035
SHA512

5e7485ccef66f4d94930be50f6370735b888dd3eff0afbfbedb0e09a6101dd8c40db8db356c8490558a224fc382fae3e0102e5daa69ac8acf5f76e02a7f7314e
SSDEEP

1536:mFWnL0wfhCVe5gf8//AWosECvuIgcxgeg:mFWnL0mr5gf8//AWosECvuIgcA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2228	msedge.exe
2228	msedge.exe
4388	msedge.exe
4388	msedge.exe
732	identity_helper.exe
732	identity_helper.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 2928	4388	msedge.exe	83
PID 4388 wrote to memory of 2928	4388	msedge.exe	83
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2464	4388	msedge.exe	84
PID 4388 wrote to memory of 2228	4388	msedge.exe	85
PID 4388 wrote to memory of 2228	4388	msedge.exe	85
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86
PID 4388 wrote to memory of 4504	4388	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d4657221cad6d5b4455aed4e97d9755c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffeed946f8,0x7fffeed94708,0x7fffeed94718
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4716299967140298052,17547887604893214557,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
2308a2ad822927744b695bbe0dc84f30

SHA1
2eea8c6f5642f44db79fdfeb40926a066315f962

SHA256
cdc8f1ea94a40b7f4dd5d08cba2f0e89de34ff7ecbccb28c8eab7c6b0323dd10

SHA512
6b4b18ab9bad6f0d9fb6920309c22ef20de0af874c91c428b872ab7da4cb4eb9722f81b55bb91dfc26f7b8249dae830b9295226ef3fd419a2e2cf13aa32932f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c51ebbeaa67ddaca7634a0ecc30840ef

SHA1
fb926c1b8391d1ef845fea9abab8e27a38ac22e8

SHA256
d0e4111a86cdcd2e6177293584fadd12639d35945c5c7718331fc344c70a7920

SHA512
19fa7770c7fa4c8bfd87fe7752b182a9c111403b1dbff1d58e6833b9c865497b8831be3b11057b04bac0a2ba1e0d9983646c721c218a4addbc6f8674443adf20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0a5304960877a51ac7a28185db8e3bf8

SHA1
de5059afcc0a0d4d512c94009c664215379a55f0

SHA256
703c399cf88fc7d4e093ec77f1a3f398411014988fcee80185dd7b9d79090cec

SHA512
746f02fd308423b2b447f518c718748ada5d320f71262a01cf235836ddcd260a54c302c708d2cae9d807d912f1883eef70a00ee2b7baaa5bcc22feb96e3cd5df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
817629b0699aaa27d29752c5eea3dcb8

SHA1
beccf568da3c7a230fd706314f9cf8218b490f24

SHA256
c7f54e55ff97a8ff41c68212f50a01cdf362177b1f7397559c736604b15dc769

SHA512
f2a4e981755292c6cf934987a6dea970173dff12387cdb02bf58252283a0506a011feaea0aa65379cd3222c234d6a16765b9f80b2f668a24febfa4b9cc45de54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e00daa1f920c812de987964d07e67090

SHA1
c814985c3d6e25ed5986fa0d22fc4afcbb6cfc2c

SHA256
6f299912744882128a7fad9e9b9f31c027bcb28ed6efe557fd9f0f01dfa0c929

SHA512
c0313099edc0138d1f71828808fbfe36de8932c079496b4f21211809a7792cb0063b27aca670c1705588ee32fce7bebc7f89dade337a719dc394ba1b0b560742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eea1b6b19b36b87420015afc69203892

SHA1
972e01d4bc91c6b71e34f1464f55af6f6d1d4561

SHA256
77a5cae7ef509169d03b3859b721d23b6c98c2687fc6b5096463ee17e26233ab

SHA512
5ed8f1ba346dd1ef043f80006b6f8c00267a06086cc638cb7230e6d985bcfece46b8a808c0824b7530c1e3747484d791d431f5b28a66d2f86bf6cf271796814b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
e5191daf76c911f6ecdb649cb65f5922

SHA1
2b86faec0247d9edf456fec4d9e8bc228d10febf

SHA256
dd347fd33222a5cbb7165dccd2b9bf5ae2fe6b2a2dc97e0b1a378c22b8a4a39c

SHA512
4de23d819e3e55ed0e6b7749977b2d4ef016c6abec588fde449c7efba1138a6645e76f92cd929a92b30fb1b0e69c159b01bd41b9c3bd46f4a61f61aed3266a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ed7d.TMP

Filesize
372B

MD5
c1d7729fba2454f68481c09a70068b8a

SHA1
033f84c15b3ecd6cf9148595e514663f6cb9f02a

SHA256
07124426636cb9429d5faa88674371d8aa37a4b06c569a109b78caf5f2b9bba6

SHA512
1dfd719df8ce2085916948d7c09cd9425217fbcba578a830b2f191ad187bd1c49d926b2f7e8cf41820697a010507c5dc6a51a5309c05ee47b3fef071e7d4731a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ce96a2fac2e7d6f239275ee33bf3cd93

SHA1
93f875e01eec816a621e2c90ef88d4d6cb3465ac

SHA256
371d4560c25e8566ce0177b324aec76b20fe8647dd73831132ea55785ed0dab7

SHA512
d44fc6f4d07fe7b093eecda146a707129846774d7e0403ba469f62e65e7925fb680be2e9ea22770606d5d146ec74a044fa8412187715080b203d068d11426d23

Download Submit