9628e6580cdb586deaebb7592256ecfd2a0b9899ec90207af6e7746a353322fd

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24e309d39105c4584f3e1d70b8ca428a_JaffaCakes118.html
Size

2KB
MD5

24e309d39105c4584f3e1d70b8ca428a
SHA1

fcb9c620e0ef8fd8670b0c6595f56deee8c45164
SHA256

9628e6580cdb586deaebb7592256ecfd2a0b9899ec90207af6e7746a353322fd
SHA512

7ac954f68881b95354463fbe0923e542bab06adf05d38968816c5773c7aaef3a691b88ab3c5778f1b13b8581863895a6600490c7b7646f4089ceb9c35112969d

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
4948	msedge.exe
4948	msedge.exe
4432	identity_helper.exe
4432	identity_helper.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4344	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4344	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 4588	4948	msedge.exe	83
PID 4948 wrote to memory of 4588	4948	msedge.exe	83
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 3316	4948	msedge.exe	84
PID 4948 wrote to memory of 1840	4948	msedge.exe	85
PID 4948 wrote to memory of 1840	4948	msedge.exe	85
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86
PID 4948 wrote to memory of 3936	4948	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\24e309d39105c4584f3e1d70b8ca428a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb83dd46f8,0x7ffb83dd4708,0x7ffb83dd4718
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,10987055192784876970,2605994212626798214,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b0 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
892d146ffe7f3b9e65b601de91bf4a7f

SHA1
c0478c7b5ba5c12b9d8149b2296ccadc0f0e1f4e

SHA256
aa52414f038ac5bd5fd76ee7a88d3bac1eaa72e28e23dd44c53565cf918dcbee

SHA512
7a8b904525c3f2a4b09544c9605b08c5d46f008ccb9b7ab9302667db454cbc63da6925d4158bd2885b8abb9582d640265e6bcf0b1b6cd4f5e1d0b19166eb6b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
753B

MD5
27236547ae68d933d256b97f8d059517

SHA1
4a0fd350059108c03855d2da51fb0635842a68b8

SHA256
458579670156bee267d66de0a0cc9537c594c040ec44ce177a951b15270a46c6

SHA512
215081491abe037a178d1b74f6b73140e504f93739bf3ea784b3bd3aecd760dd48ebc319a0bc86f5c2f2776d46018b1fde179500457ab3df1423f0552346a4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aef912ad7e2abf53c2b622ed1439388c

SHA1
933d4518af23ec7f9cd553646c7aea7da9ee93a1

SHA256
8a29041cce9274032b7292b5981e67c02ae43daed251fcd1f160e4aa46ccce57

SHA512
f7f0965fd8cba3d22b22bc8f58703de74e49591cc65fcc7d84a4543e0d1015a479bc211a329af6ea72aa04425a951f9e599edf3390de9629a2b8046fd4b70d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acb3e042d90d67587eff0cd6ca017d24

SHA1
00a1d88e8b744e8fd75a9e0a1b2f8cedd49406c2

SHA256
7937af8fdf09a15a01379fdbc34958f3d26d1fb4051760032f2fbc497d1316aa

SHA512
b4d026a654430205634d0cf8bd2ddecd150979f67a9cc4d99a7fa7d9cfeaaaabd21a2eda0293f7ec1e7a387df8ca29d31204636dc8e9b26d1f3523f14d3508a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2fa02c83ebb5ac9353024a4abf62c3a

SHA1
4a4b0df3c2a43d81de0ddbce4541e79f62e6e390

SHA256
14e5baace1d691a243202030bda304eb8aa954ec6b2fe5f216066166819d3684

SHA512
d5d1fc59fc82176c3b63bbdb0a4abbec7270bb06fc670b1a26375793756de99e0c553e987213898c050cdee09e614b942e7bc3a0ea9fe89984630049f21d132c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
f4e7119a700c92cc4d1495566001187d

SHA1
483de0fd780bab74085755c24a6dc9e28fb976e8

SHA256
b7ad2b342a3cdf7e1c5727963b500f51ebf06727e966a01038a4f70aa8c09159

SHA512
e12554b5ca891a61818d4c0dfa0124e87fd482a51795cbc0c4674eff7decec3e2ddf9a8053498205ad8a946594b2edc4ca8e4c7d6ebd92ee7fb480deec00cc15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e985.TMP

Filesize
539B

MD5
e5044e37466ee1a923c69d84e15ebf78

SHA1
4cd5128041af48215e1213cdbb03bb0871d66f39

SHA256
47fad4a94efa114af14d352cbcdec4f58c4f37aeac25de1fa07438c77bbb7b69

SHA512
95d6d15cbbd9dee3b4069dbc1996df8c05301897fca1ac9890f3f898a352c9fa12359ddf3f6ec67f1fb4dc95b6af63a2ff8810ec809f500dd0d7c283c2519c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
466ba504289b5ff4c628c60a137c8471

SHA1
dc3f4f20dfef61271b455d2bedc5a94f0fed07fc

SHA256
bb619188e3347e22462d6f4a6add1b8832aba8af2b844cf0fc7ac2df81358400

SHA512
8ec3a975202470f439b498064075c782b2ddc7726d557e3689267222e82316fbcc5c46d662016202db74371ac11739af341a7db78b20d29395e40602facb72dd

Download Submit