4dbad643c36a81a22fafdf27188f93b417fc0b1cc5b31a2deef9bb4c58e2b5f2

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 05:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dc771429bc04f8ff5289d8be702a760a_JaffaCakes118.html
Size

101KB
MD5

dc771429bc04f8ff5289d8be702a760a
SHA1

2aef2294449fa1bdf77dd6cd9d6dca20d12dfe84
SHA256

4dbad643c36a81a22fafdf27188f93b417fc0b1cc5b31a2deef9bb4c58e2b5f2
SHA512

242a015761ec00a4c8edf1af0fe59474f70f06a2c61bbbc6bbead3045a32ba47c36a427d4390280a118268b7d6f77348c0102bdd8d970de7fea734a3327486b9
SSDEEP

3072:VvPDe1LuTWqq4X18bE2s4zejKqso3FEK1KmLfi+yYBwZldfvG0:ZeYaE2sLf1Km7iXvT

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3108	msedge.exe
3108	msedge.exe
4936	msedge.exe
4936	msedge.exe
3488	identity_helper.exe
3488	identity_helper.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 1212	4936	msedge.exe	87
PID 4936 wrote to memory of 1212	4936	msedge.exe	87
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 2600	4936	msedge.exe	89
PID 4936 wrote to memory of 3108	4936	msedge.exe	90
PID 4936 wrote to memory of 3108	4936	msedge.exe	90
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91
PID 4936 wrote to memory of 4752	4936	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dc771429bc04f8ff5289d8be702a760a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb18f946f8,0x7ffb18f94708,0x7ffb18f94718
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16769167706697391776,16241659902646568541,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1ed561632c34bffffa6cc0d590f73ddf

SHA1
78483366d55f95204540fc6939c8790e1a57a30a

SHA256
9d90a2c9806d23299eb29db4810331bb2253bb50277d20b50ee0f697b4ce38de

SHA512
c6c9c8ab9140e526936bad1aef323f0fcc2fc4257e49942e085779b2fb02c16881b57d4d4c0d6d5e1e1208573b647c9fac47775af54863422b4f6cee81cfcf80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
faacfc21ac1948a1de149d82360ac956

SHA1
59b1e07f2b832e3be8df836087b2f8c4fd52be50

SHA256
5cf594fb65d0c15f9e962e7ea19e04ad99d9dfae984d2397c2ae8fabcee4262a

SHA512
37fe14ed6823e9f47fedefb3f1a9ad0f22c038346c4382c052ffbfc58a552432fc2e89108ebc0d7289f8dbbfe0fbd767581b63faaf384c484ec8d5273ecb41dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55613dc545d1ebc4f94c47736ab1338d

SHA1
7bfcedf57c166285f1abc2216013f0eea0fedac2

SHA256
6f3a31bd143dcef67180e8441a7b5a98bb709c8cfb3672ec65638f79b581ce00

SHA512
0ef43e07f7beccd0e90de2068eaf6fff147df82184a17165b728d1b7badaa74878b7e92550fef4343550072fc46a513edaf93477029c75015d42c87435e7c4ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cbe81e99ac09e5fa5552f584ae24dd30

SHA1
feea524ce6f1f2c433f13be3c22532546e6017f8

SHA256
e5618c5c17a2e98148834838b702cc4707c58e79514265dc537a1ea9ea56d1de

SHA512
623740efa3d499275eff4fca8225988535d2d714f263b997418015716dc98969be312b52d546f6518a40074d1bda8fb8d814dba25dc92eb04acb8c1e731fd29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
35faa7c10998f3b4e85d4a396c86734f

SHA1
7725748e769aacfeab7e545bb1c7dc33029c21f4

SHA256
d5ff15e5b7dab96fa02df07cbfe3acde449fa23d5496688263ad1cdfa2d4b2c9

SHA512
bdc7b0337e067da480356bd218a844e1ce0bfe6c50a6432199077ce27230911539fd51d8eb33f0f833f9a5e09993b29a2d8db8a10eaddd09409945d23d03720c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
389e1fc6477764d13a2739a9d8702bac

SHA1
b73d7d3ccb5d1a33602a0a9ffa4f789950a381e8

SHA256
91f7e17de0c8b2c1c6de603e87cc0806be0e686a04cb99225143a1734fd77ff5

SHA512
89ed4d82f18015841f85cdf2f6370c7b50260542c98996620372ad6ae55bf711b3d9d69d8c1c2262336cee8c7f01c1bbc94c7aedebc64a00ba78cc7f52b51966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33f4f6d2a34001c002807c1ed45b6eb9

SHA1
c4457145660617ce55939b8a168be6a0dd656d57

SHA256
3588be368b61fe9c3ccea3cd15ddf8e95d42122c3f6b4f78b7e67d8035aa074c

SHA512
f43d19458a83e6899d5206cad4775157be44f29d8b744804840de9a1fba95e51a11356e549c3b67a4a885ce06998f426561b3e529e23efbe1cedf93e117fa7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b15e.TMP

Filesize
199B

MD5
5af1ee82e30aff1d3c06867769c74a78

SHA1
71da7ab9143d2d4da7737988d37332eee9e1f01f

SHA256
a12341492ccdbda9b0aeda0fe8e50681b90cc0d3a884d7878dbbfdcd07e0036a

SHA512
eed9718ebfa04977a1a449fa7729e287f7773bce616fed28c7ce5b13ab76bb9bf0a066e36e840850c9b87831a90bbbcdc1b4163660189aa7afc3d8dbbcaae8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a48b129f0713b9e2de31db462a75678b

SHA1
a9fbbc52141b1bcb2b59c39a8340dbde7abc42e1

SHA256
1d5b923873d9aa322dc234be0e190071a39d8ca768acfb78fc3f1e9c5740c661

SHA512
981064f10ef04e2a4d2f1beb7e2b7168722b4a48ebe907e0e73d9fc70213067e9113fdb19da1a1006f0ed2af8998a1c84d578d53075702a4a2708577fba2747e

Download Submit