09062e8259a2528491b369b6434e0b8f1bd1a3c07758970b01c51f3db7377f5c

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dae85cfa85d00aa4d51f1ddc6d18a6e8_JaffaCakes118.html
Size

124KB
MD5

dae85cfa85d00aa4d51f1ddc6d18a6e8
SHA1

2ad94bdfdbd73f98e00766acc4d781c4fe732d2e
SHA256

09062e8259a2528491b369b6434e0b8f1bd1a3c07758970b01c51f3db7377f5c
SHA512

b0bf98e6412bc4e8d65edfc5a09b01f16640643b2bf7293ee09b9f1722f27649408f986c8370dd78afaddee55edce24a7dadfa1a5d6e5b1a9b9837713d88079d
SSDEEP

3072:BDIHDI5DIHQ6/TUxrUFYayrkCAUHUop/F/ux9NJh+9kGEhIl2z0dk:YkqUrxtLM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4712	msedge.exe
4712	msedge.exe
3968	identity_helper.exe
3968	identity_helper.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 4312	4712	msedge.exe	83
PID 4712 wrote to memory of 4312	4712	msedge.exe	83
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 2476	4712	msedge.exe	84
PID 4712 wrote to memory of 4880	4712	msedge.exe	85
PID 4712 wrote to memory of 4880	4712	msedge.exe	85
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86
PID 4712 wrote to memory of 1096	4712	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dae85cfa85d00aa4d51f1ddc6d18a6e8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8d0f46f8,0x7ffa8d0f4708,0x7ffa8d0f4718
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14444357830630501138,10224348670182620178,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6837505dae817f02bbb549d3910f76ec

SHA1
4bead1243a3ed4ba876f30031d11b7fcd4052b84

SHA256
997f7c6bb1805cb785d5c0ce131c8cb2362e6dc77efb38c3980f69b7a789a649

SHA512
4382a76e27e70b6ecc05c14e9a1b915e36ca661cb868042b28d59a7d807ae1ba069aa0e734648225dee2b6dc33626f58ee24df1cc451217fa093f46d5df616d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e15f9acde9d56006be268b4025f94b5b

SHA1
5d36b646b34f0a1d08b6020f12e548db96865906

SHA256
045480199f3befc5d2eee18f84e92cc5bf8881b76ac168085a987878da798e0c

SHA512
22d43f812391c9fafde0a4e247212e491765e8f049eb56d692f248623b7a52044ceab8e6977675c343d502b460666bd72a4ea970f9aaa7a6b8a6c3a880bcc255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c93ca93f4069dc139b88b8f2caf05b24

SHA1
04733a5e4e8eab716ef81f59188a11b9474551a2

SHA256
804090791621c39a8da599f7e19a062daf6233802e7b4e5ed6d668c09837b2ae

SHA512
246cca16f23a38d73637471c9374eabe62433d14573bddfddb6e99d6e19ee2b19bfed9b509848ee8fa1a7ac8754321479c9579811607d206519deaae9f734038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a1776af51dd27ee4514557dd6a618a4b

SHA1
5de115b2f636562995d57b29bbbbf20e71ec69ba

SHA256
a0aa974d129b9796bb41318f9edd2d5dbbf64ad05ab17f64ea0d8419fdbf6bf2

SHA512
fb6ff612926d7c96db8e47a8bf30d8bebcf62fe0c819ef483ae10a78c6a3e042edc448673c257706782e63d6ddbc4890c57f5bb7ac0fa83183cb11784ced3342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0b19956c4991b0bda8a39f134b064cca

SHA1
4283fda12ae2f5e9e806053f6a5bf7d5972d75ad

SHA256
b52ffa952195d401ffe7034f4d82118d3b21efe8616cbb305e9bf2d9201fbca9

SHA512
234db4f171c5e3f3e4e588e92899d35cc6e9aab86e300d59e4a66d8bf1e1d89c39355ef644eb84ed68064594865bbd8e9bbb7e2383a5d667498ddbd6e06583b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b96a5fa43888d88b3db07dbc8b48318

SHA1
66a76ef6c242be571c3b5f095e5e772868cc3afa

SHA256
e85bd5616bb570b1d7aa51a7d066662652edad6c4fedd4b9995fe04f130efc17

SHA512
70ee60a907c35e4591bf346ef64c9bdcecc1ca1fdb5008a003d0aafc7194347f3f5b875ff4468ba0ff39277a98e97bbff9875c8625887d9d2a57916661734d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60929cb73b5051f771cded3152a8f926

SHA1
99b573aa437ac74fa9ba47ec64fca51856daefb2

SHA256
5ebfff041864239cd71673247490f3f4ca2893641914f7719b0ecaf8a5c3e800

SHA512
7ad15d7a360d3692ff0733b6d5f1d0ddd4cca1cef98f0b1cccb56128a1c0660f046086462f9055d14b7fa7ee26a10741191bb8a9eb144f16fdde4f395e3e843d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6c07273528f31cc0d95e9fc1a7863e1e

SHA1
b12740fc073d367d13f56019f7780d962b1130b4

SHA256
5652944c9c9890f904d90dc691a8f05322de40e438001d70d1f8bb3bccf0595b

SHA512
ebe36cea8267ec8ee4262945e19c7e24525825961b9eae16c143b13daab2d11f7b409dde769f67f20e55b670d386260bac425a01a3aaaba3ded79e6855428fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e311e8070a5db17b6cab425cdb01bd27

SHA1
ac533db7fa0902f34d02662fd029facbf4b8e8c6

SHA256
b9aaa4c71488c3a8769cee7cf502ab93813fd6df60ff2172ba8cb7e1dec86532

SHA512
87accdca84a2b2042e2c12381cd1bc0fb2d74bbb0c6a4d18f444212803ebc0b7184317df7f5fb3eac722d5d43d942dd62ee1d760f0b3fd18911df5bd04fa31c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
6b1a13a73e0e8fe3a0b10eed7c646e0c

SHA1
2ebec3ce4a9d39038886e387f2337ead634cb375

SHA256
763d9c1ca1cc1085a785cd74852e6fde4ce4a8517545206a70626a89b1ee1af4

SHA512
b1fa534e33c0fe48ff174dc96346818e0316ac03914ad9ca2610d591576236950a60dc862192495456b8abcf06539d86dc1cdf02a48e785f5b12097010328eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584457.TMP

Filesize
203B

MD5
463768d9766adf6fcefc93bae5337fc6

SHA1
6784c2cfaff089247878c053993c1336600697be

SHA256
f2dc4c75413e7e77d07c304251f3298e932c041577c90df4a43836f463828653

SHA512
f2a3107e987e630945bfe1a1bad4b9d05ef911cf19fd15efbf261353484bfdc667dc8c33d3a877ef11ed12b303675cd994efaf90b07e944e8c63d0adffd4726d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
277de54aa76f61059450e4fb57b3be87

SHA1
1008dd0583fa8a0d8fe258be89a214a4f3f9c421

SHA256
cd8baedae0cc677669b2d95fc5ef751ac2687b765006cdbd537308426ae32f35

SHA512
7f5408c61628fb5ffed751e63f5c211bcbe9c3a035771eceb76fc5e9a0471964fb4bd0d6fa34b5c257b31934af258fe2d562595f3da802a67d25a84cc5e264a1

Download Submit