e5bafa424577aa6b81a2a0343c582404b48e6303e519d9f098c48b8cb6d9fcd1

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6ca31aa7fc7eeb67ab35fc38588ee09_JaffaCakes118.html
Size

39KB
MD5

f6ca31aa7fc7eeb67ab35fc38588ee09
SHA1

0f693f6b8ccffc4b349112aed412ad980d006147
SHA256

e5bafa424577aa6b81a2a0343c582404b48e6303e519d9f098c48b8cb6d9fcd1
SHA512

37143d5a9df577ccb53bf6fc6c808f03c6a84e0e81ef783ffd3bde971333c579067c4717299540f2aaed06208618bcb7239a85a2342d978902044b74acc9fd0d
SSDEEP

768:jX2BjOCLoQ4rw/R2yFw9R/WD1EnDMsPExLkuno+sygg+mL92:jXcL94U/YyFw9R/WD1EnDMsELkunoryY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
3732	msedge.exe
3732	msedge.exe
3200	identity_helper.exe
3200	identity_helper.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 2208	3732	msedge.exe	82
PID 3732 wrote to memory of 2208	3732	msedge.exe	82
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 3044	3732	msedge.exe	83
PID 3732 wrote to memory of 4468	3732	msedge.exe	84
PID 3732 wrote to memory of 4468	3732	msedge.exe	84
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85
PID 3732 wrote to memory of 4020	3732	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f6ca31aa7fc7eeb67ab35fc38588ee09_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5f9846f8,0x7ffe5f984708,0x7ffe5f984718
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8872790248017137780,16845915713699484880,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
96e2a568ff6817ceeb814e2934ac677b

SHA1
468cf1236e2375ea89c961065cd9cfcdaa6bdd02

SHA256
d04454cf4629e907b4e2d0d6dce5ff10ff6ca40c8bc53f1c2141fa4c05177fd5

SHA512
cf10ec4ae850fefa62053419128e0c711b85c074dfa355174f356270f5d65c123fca7b71a51a19d4e5f23f4aae83256ce26b0ed3cfd5bdb8d3f1092d3778799a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ca2aad39d889223437b3047247153c13

SHA1
71d9e53afde9b73679c679a7e3ab033287492782

SHA256
718089c305a08219ba19e85c1c1d6c63f5a843acee0acb344536769bae129200

SHA512
39bd47ab84c97181331799d67456bf84a397a83c835985a01f80a303c7ce8a92a573dd76928019608dc0e8f75b9a653f63faf99809b1b8e04fed51bad227bb78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c5424102b679f0a9fa621ff2769169f

SHA1
12836123a4e7677b67e3ecb851a906a753d2a085

SHA256
5cce0c28a189b88867119378b4a2d599177e1bfd5eabfd3f784b278a4087160e

SHA512
b160302da12cb8c7679e0cffff61ed33a9201db7e7097ff7a801e675009a537990e2f400d3b561faef79ff4c162454d38f41786a649b626c2f6b47da6921395d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
26ee91b2bf25649187c0d1bf0c88c1fd

SHA1
8892a773b6891fb89d81e93e73f5907ee5d04a53

SHA256
a03fe85035169ebcea9f6930952c95d92f4b1de0d39fd42ecedfb85b0cb6f2a7

SHA512
115f3b48fcd03eda9ead747001c9c0dcb912ecdac6ac0e4086cfb6b1af147a4640d3d2b744feaa71aa6991aa76dca4ce8c6d13432db77de76c885028b2fb3e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42d883c9f1b8ac870077ac437c682213

SHA1
3975fde171d9bf60ba5eb148bdfade118cda533c

SHA256
00b14a0e2c8d0aac73d634ff8c1ac80482b5704f21060a287d3ee1de8be9407b

SHA512
6a1fed3684c26f8bf6ed4803baf12e157d28940a7e08e286535b0aff22f594f06dc923d1ee0a2233ab73981cb1b70457ebe99d2b6e586b8c4e99f89f1d124952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
cd11851fb739f0f49257c6062415ed84

SHA1
a33f5dae31571f1cd55c0f5ea17d505fffb9b9bf

SHA256
f2ae3e2e6f342b6c154171aad2bef541460ebb9879b92f9087a8638cfb5e528a

SHA512
4a0c496786740e24b150e8d500300a35a21f18553b8cbbd16ca275f5c2fd21c86fd722d50017b36f5abb618880c1fb34be2cc507f7f4d100960946bc43dcf874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
430a19367a694bc68740285bbca7cfac

SHA1
86ee12c054681f9118039509f0dc2f7c239fd030

SHA256
5562c1da46123fd458e74bbf2d38fe08f9605e646023824f890f314d6cfaa454

SHA512
e91ff28a4654c8645d1205b1d81950bb2f909688d42f2f87ba5bf6b9dcd5bdb0b680c5c78b2bd01c35223019d4937a441a2f304940be4e68fcc1c1cb959de502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d7a3.TMP

Filesize
372B

MD5
f0df00997f8dea362b9d9f03d1e93c8b

SHA1
d31566b34a046249b7d1521f73ead423ea3643d2

SHA256
4da477ae7f136cf8cf201a1544efaea40246e86e3b7bbf27b4c32eceb4e9945a

SHA512
39b6aa6188135e3519691172d803b35660c92978d98c2a8cc7105b344f2119ae50bbeda2806246a439a460dac78ac4fd0ece2f8fe802fac99031d371c38b66eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a70413ec7879f8546b0a2915f6dc13c8

SHA1
0d25229f69bf4cdb28c3f690a6707683c83b52d3

SHA256
cfb8a2b671a1155c0dfbfb0ee0efa8a13164d493c01321dc24cdb6c4e786fb41

SHA512
3ac4c21252ccf61a40c0809b396b1ab5e0e0ab8d3a6b7dc2d15839d3693753568d9133974b5d2b02970986d2d8b487e5c1bf522cfdcc2bad1b281efbc8e4c23f

Download Submit