1bbda486536c52c140f8ceafad920a83adba1bfce22c320430260b5a4f4b5d11

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 05:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fb9713531d1bc3bac7c94db0756e7e1d_JaffaCakes118.html
Size

54KB
MD5

fb9713531d1bc3bac7c94db0756e7e1d
SHA1

efacdaa7651b58af0711e5d218ea402c4ab7f59b
SHA256

1bbda486536c52c140f8ceafad920a83adba1bfce22c320430260b5a4f4b5d11
SHA512

219309076e4663b0917b9cb0ac33f75ade3fb6a10da6e8d27e8d041cd7eb01ca29bf10502bcf9f74dfe77c553df8bfbd58edca9289ac946b9a7c06ab2991ba64
SSDEEP

1536:7mvXvVyHoD7+dnui8ksbqya2taSaxpVdjDF/1F9eG3ihwKoU:qfYDsuDEaSOFUoU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
4080	msedge.exe
4080	msedge.exe
3616	identity_helper.exe
3616	identity_helper.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 636	4080	msedge.exe	82
PID 4080 wrote to memory of 636	4080	msedge.exe	82
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 2268	4080	msedge.exe	83
PID 4080 wrote to memory of 3636	4080	msedge.exe	84
PID 4080 wrote to memory of 3636	4080	msedge.exe	84
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85
PID 4080 wrote to memory of 2820	4080	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fb9713531d1bc3bac7c94db0756e7e1d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3b9b46f8,0x7fff3b9b4708,0x7fff3b9b4718
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1460 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12753534419373241462,11666456241831754403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\759b3446-e5d5-4012-9b70-ee8639e6b4aa.tmp

Filesize
7KB

MD5
b2c0b44382ed33f87f0bf7e9d02b50b0

SHA1
59d39b9e3a2d610b2571613548a932e836283076

SHA256
8851fbd3ad4d809435e63f359f05635692592998152ce581057fa2910988670c

SHA512
95a035ef107ad1a1eafde881dee96c33ae3ff70de90ddcf7f76105f82fa0c85fc3040a5f9aec2e9d265f4eaf34c4e9b0dc772a416c518113a2a0c8412bd4e267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6b6fdc9c33104c6187593d4f1779c275

SHA1
6ee24e05a10576d636f26668d07e8e1a7d865ecf

SHA256
b5ed686f854660c7625756576747df1de14f75cb90a5c6f236c58e58a6bc3fea

SHA512
77503901010623d3464d8187bfcebd2065742492574bee503186c327b6f7078299ff8ab7c577be6ee11aec4ba6199358dec68b3448d51f445f2925aa0f5c471e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b24787ad3b017ea99e3f80b8bc33cea

SHA1
60296fc9556a3098f142e577659f353fc1c7bb63

SHA256
31b9f77482646b26d05e60fc941059fb1b0dea195339b1ec8238f60bd371bb09

SHA512
2284164d0c1501a909bb397489555d10bb560622375f72a1e51903d37c8e4155c958ecc26a7cf4e484668511e1a1f980bec41130d6731be6e79f9347202673dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64e866042e3cde84d6e1292050c3eaa3

SHA1
53d1cf5290a5cd80a1b0b07ef4cf4c0cfe8ea323

SHA256
3caecc34858a2c9c06279c3b7afecab4eb76914c61952300632496eebb61418a

SHA512
ed1191c792a4b8551f6a68cf762e11fa24867f247e93dc3c62875ff80816569f9099dde21f11f74eeb31927711b4bf5fb02cae595a3bd019b9ad38fa569521e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dacd5a397b8869f32a80c0e8a0c89626

SHA1
23b1ec03d2390dbd86b6f231d5f3e7568beaa7b7

SHA256
5f2afbb1e29bc71b51b810a4456b53f1d72308a2d8c11247b318704f6dd85b4d

SHA512
b8a6b18dfe42584b5abdaffe1b2796d619825e5b20b1cdb083854ac831c406958b609d40ec4c9230d27ae3ec88114e88571051b11419e11117e5dca889a856ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e399.TMP

Filesize
707B

MD5
2965b6968e398ebfe960d7eb2eb3f415

SHA1
52438e44808ac96dd3b71ee2aa8741b64eb955b2

SHA256
5b0af4e87d3f64227628196e3aae70f818a43e983172c840e42aaf23a15f1678

SHA512
2542641245ec85403119e4ec29ceb67f7311549dae82b7e31732fa812f28a1ba704d5d0fd8041c7e2afc95da06bb1d961cfdd0f9df24c3b99627669848548574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
014d17414743414a66353cdcf84b7f02

SHA1
375d2e31f97fa1b79faeb0cdd1bafd66d5f7b006

SHA256
e4761470d5739dd4876dc788708f41bb88b03dd226eaafb24961354b85d0e146

SHA512
c17adcd009f46c4c9b676a593e1a1634ec68a2de4ef936782d6ec04d41292d316ff6be451be7d49466bdd658476b0dff10f3e52e22399557a6e8c4b1524d398e

Download Submit