57c5a73b4f16a2d8bffc3fb7156807d6bb892e1bc1074348a5017e37c834aae1

Analysis

max time kernel
139s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea9a576725f9e1365edd1dde4caf7429_JaffaCakes118.html
Size

25KB
MD5

ea9a576725f9e1365edd1dde4caf7429
SHA1

6ceca5bc970bc37ff6cb3482bb3dccf40c23d2bf
SHA256

57c5a73b4f16a2d8bffc3fb7156807d6bb892e1bc1074348a5017e37c834aae1
SHA512

579fbf90a392cf84a39438862bcb6f319f88e43f2684c2218ef578bbd07f8cf6e9d9806aa90d8253647e30649dc0e28392def21a91ad499e1845fb2eb775aa36
SSDEEP

384:90+1I0t+Cljgu/jIByZbBM8VO5JRu1ezo6/orkrNzNOBs8N77RfQ5TJwBWg34QA:9pIVUjg2jIubCGMxwrkrEWg34QA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
1784	msedge.exe
1784	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
656	identity_helper.exe
656	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 2384	1784	msedge.exe	82
PID 1784 wrote to memory of 2384	1784	msedge.exe	82
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 4912	1784	msedge.exe	83
PID 1784 wrote to memory of 3900	1784	msedge.exe	84
PID 1784 wrote to memory of 3900	1784	msedge.exe	84
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85
PID 1784 wrote to memory of 1896	1784	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea9a576725f9e1365edd1dde4caf7429_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb974046f8,0x7ffb97404708,0x7ffb97404718
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1356 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13382184123797587563,4717999126892072303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
  2⤵
  PID:828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
e4206cbb4b6f062e3b837ff4b53be7d0

SHA1
3609c2a1f3219d17a39e2bf5eedbb08831e96b58

SHA256
c95cd32b386ae2fc84b0fac4388ab867b5c7c019623641ff1023ff76a37ebe8c

SHA512
0a9c47d68ca98781dc05aec3057bac758610c19f5a11d90499b811e185fcec2deb9faf70abcd3d729960ac2103bcba6b3900019a3751b319bffc3c400801a358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
329B

MD5
3bbf656a3892e1d232c8857e2c0c4113

SHA1
c45a2a216842de0f8da1bf255be644e2b6b443a0

SHA256
e2dbe69de3a39a94409e262ab012a2b6be4ad5b6d2635028bf3566f17a3a59dc

SHA512
810323bcda46dfabe64da80df754962522bc4414e52f74df0e6ef570432655a00b60ec2a8ea42b8f6ab18a81a05a8d6806716123d0d886fd3f068bf8bcbee4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49e014e196ba283f3795ee6a454902fa

SHA1
796f6955ffeedd52ef15d1eda184882433c6eb64

SHA256
249d75bd144c7830f89be0d55904b041798040f2ce13bf166f7c510a23195e7e

SHA512
2f0344ac8026766bbfd65ee4f6fc80bea1fe149ac2a9398fe2227fb69fdbd5d925cd063b35986f5550e977eb1565c01f433423fdd835a839e354115427a5257a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bddc659c79814167d0a5f1762a473720

SHA1
990f3137051f4037d7d71858b2308df25257be66

SHA256
3b56f513cf8e8fc4fd8a2bd1eeb442389ba2311ec69bbe1c0b13e2fdc586d361

SHA512
741b43ab23e6f9dd0a0392f8650db1848ede5eaeee344531533bee2a8e65e3f99e85f92fa97db8c86cc2a71c9d0c974ec7936f5f576d7d862a8bb255eba68073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ecbca0df0e5db8652e9d3d5c1538bf1a

SHA1
0711235100a0d7e9254ba0b0bd9cc5a23ef8d508

SHA256
9ae1a88b8af48ef69ea04d3076ad16df530eb77275ec49e7eb2a9492a158da6f

SHA512
6679ba983ccf4926641f3537271b44cb2428c70b66796bfb5b73145f0cf10b1a41c1ea67559e9e76acd177dfb6dc539c73e10d8faa1d126615ecec425b5b57db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
23a8d5ef8862a169ff29ca07d0d4c387

SHA1
8ee22c7eebf0199460034393570f80180365315a

SHA256
84584de57e4bb744bf964254f7421c8f51f5f2c9f53e75358242cfad13e4b7fe

SHA512
38f63977c6518a260f321760c9b78ad4d355f750cbf7fbb47f1f4c2785e667b3a4b1a7c79adab8ada65e1b6930f89de14c23681e64f5a1251efbb4e5508bca12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
853B

MD5
f8c96770db3397b558c0eeb022153c46

SHA1
0831e00966c1f1499a13a18291f40049c746cc6b

SHA256
26859ef1e400c586481a3ece327516c2dc3b0a6f3b2a60df5c8fd277769fb6cc

SHA512
e4de222ed51f2c49ac0bc374233d87a465824aa671fc1b6ce4e8b21705fe8f084c460120ad8d5f19078b0515bff592914ea12a845af55445053728b521269637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
859B

MD5
706a511c3da8bb4a2ec3005b19f7fad2

SHA1
16905380271aedd19fe26ba255037ea6385655c2

SHA256
d1e2ecaf69ada17d3edcd339cae260e2f3aec59b530542dcc7d2a180fe5c63b2

SHA512
789ea55f6658dab9fb9db8812c3ab4deb88a285b129a3182928dc86663796fb0ef43420dae0111fc965d33298b6792db098602f2793f2e2a679efdc5818f4cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587858.TMP

Filesize
370B

MD5
395adb9c48028027768ad82f5476ad29

SHA1
3b8f52e4054f18fe843b25716a00b9fe8b7ce457

SHA256
9ed0893166c5b76632844ffb5c81a6cdf70e1f795562284c802452433d25ba01

SHA512
171dcf9402dbcc17f8655539829ef661ea20323e472db7484e80ec35667fe06ebd58f0457445329b8efd14b96349b1101990c6204a53da73cb03bc16a0475e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d1dafbdafa525c41f341fd7e27ad889f

SHA1
570a8f2daa3c81a74fcc17383434b9d28ee194e0

SHA256
a34ad7b3aeaad4008a812e5819602e0051ecebf38cbff7040bfbf23765a5dda6

SHA512
9bc1cee553d95013ee11c6f068025f741f9fee053ab6a51eab628513e17982b0e612194c2b7609fb7e47c84fc0e70847fc4feb7703eda98cc1e8a50b2878c337

Download Submit