b9ac5dd6b9ad75b7f71e90a08cb0a4c41c223f74d90baee745fa2505063320c7

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 08:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

10239bc278a6141c518db703d2616b88_JaffaCakes118.html
Size

89KB
MD5

10239bc278a6141c518db703d2616b88
SHA1

19ca8a93c792f0457a26cae52629ae17b77dd915
SHA256

b9ac5dd6b9ad75b7f71e90a08cb0a4c41c223f74d90baee745fa2505063320c7
SHA512

c4a466b79bc6a595dd79d5621a79b084a9cc343742d4f5e185838d6ded497f6fd31e00f5c50906f13bdabed50a9f1a7ea6fa4d9757805e78b0e20a6857cda62d
SSDEEP

1536:LQR43e1zeAjxlPV1dfkuTU2RM8TpnAC979tHArpuD3id4xMjznYBrbLTV:LQR43e1zeAjxlPV1df/TU2RM81ACd9t7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
2792	msedge.exe
2792	msedge.exe
3832	identity_helper.exe
3832	identity_helper.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4072 wrote to memory of 4836	4072	msedge.exe	88
PID 4072 wrote to memory of 4836	4072	msedge.exe	88
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 8	4072	msedge.exe	89
PID 4072 wrote to memory of 2792	4072	msedge.exe	90
PID 4072 wrote to memory of 2792	4072	msedge.exe	90
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91
PID 4072 wrote to memory of 3068	4072	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\10239bc278a6141c518db703d2616b88_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff129b46f8,0x7fff129b4708,0x7fff129b4718
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6612 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8171489308490894125,6627421981716629461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
45ffdf80320a894ad1a7b20a76b72846

SHA1
13b423adc359595dab34577ebd2f9dc3df51a253

SHA256
b52703af330b73424ab734e858aa4a7e88b4d9c047b412cfc25be71eebcbd798

SHA512
b6e76338c9cbccfbd769b8c8bb5113f73d30a598116a7829c9633176468a86c818f36028678050242c805350ff15406ef661819f5c19f7d56796d282eb8d5879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
cca11a1b72a027bea42a059e6daf97f9

SHA1
3747ea598d4bbad6569f50c15e750f4a3fa05fce

SHA256
4f91ff76c9c5e4c882e0903c48ec6fcb6316eec353d6c2d4a694f899d4761366

SHA512
9e9b6e8620ddfe957bf8622ca619fd1f2dbdb632ee799952346f987ac41d06423852d642abc419f53772a5f90a098ec63193dec5a01336450200bc9b7f7d0408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2d85ea6d7831b52bf69f5f8025c5b4dc

SHA1
5c1a2f5dd62ba8eee2fb074154268e5ecf5ae6a9

SHA256
068eb4c5fdf59ff1199707224c69d813e49886460f8dbfe4e1b0c07d472435be

SHA512
20d17ed80ae12a0b8a157859b13c3b317bce08263442269bd44734d5e0fdf3280ffdb6a8c783d79a66092191316fdb7a64649a13cd74c252773f3c9f3a6e6135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a3a6aec3f3045229102e3cc1d81039f5

SHA1
ec275b75eca224d6f7b3d4f90b3698eaccac643f

SHA256
4653a87ef97b4706122b2d930d561479824ba03e278cd05fa3571347fe1237ad

SHA512
f99524fdd26b70ea146088c64731aa2c3b42284fb0e3ab7002d639e24837c3f3bd9d8d574639fdaa6a4db987910bd58b0dbf9aeb944e4eb8e5c26c97fa676a89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
42dd2b67b4a81b59029a2dfb6908ccbc

SHA1
01ac7258d9a4052b1679dc6b2b892d08cde4eb03

SHA256
0730e2629c2d1f41342e065630ea096323322eb0cf54fb420359682453e53681

SHA512
286906364d2cec54f743134ded505ce4318eaa23d805d6302f33bddf9ffff54ff5199d17e3937ae8463bb805dc59fa6f1b33f2d5eced8f89eb6f23ca65d9df58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
048eb56d5a1fee3a3446d8e73bce5f78

SHA1
333c6412102ae975e13f5ef7513283cbba2bc7a4

SHA256
5e0fb81cab01af2e91733acb1dee0066da70a96049573b5a53290232ae6c29db

SHA512
f2c4bf050c32dcc23a3c32f95b45b013cc444b9ba1d481ac5a102d25d3f6ed66a69664d43cfc1374f55fc6d6d54abe2a908950124079a1a54ec2874a2817fab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
866B

MD5
52fb2d4f285809ce19884621c7ae2f24

SHA1
41d285fddf837a9096b4219c51fbdb73787ff48c

SHA256
949601c2f1b92c6a169a60d3bdc39a324d8e37e707ade2adb7bdd3cc764647ed

SHA512
7672077bb203e7d919268b62f2a82b0031404398e242738fd0edc15b3aca6a5a78cd1a682e8790796ee47b02f90f463f80c0a7b5c0aac1fa214b77a4f4b53c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eb4a.TMP

Filesize
698B

MD5
7e9bd4040a4a5fd8fa199a1e191474d2

SHA1
03ac0867a08f22828782356706cf914507c88eba

SHA256
d7a307097ced568a21134e2cc1d2508e5f5c0c5b6195f8ddc232d2d5208588cd

SHA512
f11f58daa465d1b9e9db1122355cd6a6eeb0e1ef591d595efeaa9e9cfec52105f5cccbf334db4587a2b4f9d40f8f81f11f4243a599284edac1bb7b59f7e64ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ff8b17544439d41270a5e1b7cf106f7

SHA1
640e34f77a5b96041cf26dd77d6dea44549c54f3

SHA256
4c2f5923db1238f02f114f39a678eb60b87100d0191d9c258555da36b468e998

SHA512
8e98ed162d32da85676596a8c33b5d00eb9bfdee3343d50128c78df4e4d238be7dc298b47eac1eb0956a31f5d54d3be9b2f2880fe3bf0b0e2893bd02a6f35e8f

Download Submit