fdf36a0ff9fb33901ba964d9367b13afa4b436b25ce5ce93f05f8c420bf7c3e0

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd0ff09b6de86b3590a7a95cd0c58bfd_JaffaCakes118.html
Size

184KB
MD5

dd0ff09b6de86b3590a7a95cd0c58bfd
SHA1

cfefb49ac19ca0623e4c0261ed46ee8810d134d4
SHA256

fdf36a0ff9fb33901ba964d9367b13afa4b436b25ce5ce93f05f8c420bf7c3e0
SHA512

ed80439493c103a69a64529b6b036f158b74ea81b3c81a6ad39a4ee1d76f3eb8347308cf955c2d54645ab065ef092cf847c1685e2818bc32f8a910bd06deff4b
SSDEEP

3072:BGEmHDSnzYbSw5krCO0/V/8rnOL55ShutTAbj4jlrw38fU7ienQpfQLPya+KIst4:UEmHGnzY5krCO0/V/8rnOL55ShutTFMw

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
4636	msedge.exe
4636	msedge.exe
1496	identity_helper.exe
1496	identity_helper.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4636 wrote to memory of 4920	4636	msedge.exe	83
PID 4636 wrote to memory of 4920	4636	msedge.exe	83
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 1080	4636	msedge.exe	84
PID 4636 wrote to memory of 3280	4636	msedge.exe	85
PID 4636 wrote to memory of 3280	4636	msedge.exe	85
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86
PID 4636 wrote to memory of 2912	4636	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dd0ff09b6de86b3590a7a95cd0c58bfd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91c4a46f8,0x7ff91c4a4708,0x7ff91c4a4718
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6834819031235471190,9538025107479723960,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b0b2a6e83b183ec3ecab0fa512663790

SHA1
02a8b06608fa8d0207cda4b2590f7d476f5026ae

SHA256
82fe8e23b77013ddc2b2e8cace5118166d393e971d34d3cc3a6f47631f9808de

SHA512
5e049a9f2dd1b8c2bf02447920f5d3cefacb241017fc8d64d2975f4486ca1b8751ad047c72f0f123d016de87f00ee75282cd9e8bd844a5cacb1822472706ca45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cd800d263c44fdd6e184c00b9e4c4643

SHA1
e26b83c711a00327668e2615676d1c30b966d973

SHA256
fbb84cfaaa61ccda556915375e9566b348a5fabade82de175606d4f4d7c8c576

SHA512
4f7cb772520d0524e4a19e688e4cf007830b95c50988910a5270cc11ef989fbb0646e1920621d5a87c5102b38542fc927d2f8dbed13fea0567daa3c42b78d31d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ebae8a33fddcf235d4afc4c84b0d52c

SHA1
6f0b57b3dc67e66fc23e9f27fb2ec02997a6322a

SHA256
4c6206051524ca4e9074eff06641610a58893ebc2e0d079a067d5004e4cdd5cb

SHA512
cd42208229bcbc281af19232b60c9caed9a24e5cd1ce501a67887c388ec4a23380665e96ddc1c8e7314c7ac0009b7d7f7eb144d09a93c93aadf93c2d45293384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8b4c1040e49db44be4ba0ef4216bad50

SHA1
38f587f5d8e04a914ca00c76ec4e734721f8d141

SHA256
66921541341535c98c089a68d5d323143470ce79e3de7e160393ec225cfdb7e1

SHA512
72aa57a58f88d4e811230bc49bd9c8e9dcd3f2f36aaa321e39d36b275b2c00674066c932a68fca6e03a1e6f8a62db502f735fff44c5a7e4caf44d3e039a14f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
534d0a4c9d6faeb08879d9fb5f1d33fe

SHA1
4d4061e36247b65d21f3d0ff554a25ae0d9521ef

SHA256
f30670d5fabf77a4dfefe13b9c15dd8dd0bcad64d2536e9d3baebed68def5ebc

SHA512
19a53aa1de629e2aa08ced886e89a4f0a8a40b2aca54026dcb0a75178447ed8837ce212c63b09d8408b43a8c628a66c815e5ccf34351ece0f0ea625e3e44926b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d97cf475aff3ad8cf0e65b2be502333

SHA1
0a553d2e20d2a413f08a9fb9a8a709e247b20022

SHA256
bc8afdafe1c4cc35fb4fcd05e887afa2b426197a388007dc3f190493453b26c9

SHA512
4887692af038d46e4723b90f5f05b60c46e1cc00ff2e14d138f721d05b243f79a410a7afcb736fd561c371f6ff15bfcf0bbffee84db5a01729a286467307f4d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
9567a206c65ac0776b81a96086a1cb42

SHA1
b89201c233ee3dc8c22afb4eb5f046f4e1a1fa24

SHA256
2f9af7724c50a31fc75adeebeee638ea2825e30be34d8f896734e09ab9c2b40e

SHA512
01412049ec1528ab475c080b5b9d61a48628ba64f8472e1c74a693c55af63a576141d7199c2de2c718ff5e071567e3d33f0635d636b20dcde242d21fbd712b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593ca2.TMP

Filesize
370B

MD5
c4d96f1cfda88ef2dc9345cee0dad5d8

SHA1
320d83d015a618feb88e8735a133fa3a71689978

SHA256
3d6109c82732f8da82c18f791e3fdebe20d35a251bc3456790c57fab1ffa2514

SHA512
f51383bd9eaa07a0b128acd759808d807fba66640c63dee990fd92637cf7b3e8c373c7ad8a788c84acd619c12c4da67575387d62b264743db4ac348245fec8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7e0df71f97f0346abbab193a84023dae

SHA1
4e577af6d439df751fc515cb18f60e99ce6351ea

SHA256
664708f3c5484da2d915620d55612b0db5ad6fb83e878154ec1d00dbd469d46e

SHA512
c326dfeda9c62e1b7e65efe46e4ffcf12fbb41e84501a32402759b59f917209cec69528e7a45ab085cf6b99d324c752ba5b418f20fa150f20324419be2119173

Download Submit