d4a8165181615bdaa388a05b776678224ec02509a01e7689c95c4b62ebf912a4

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3226235e0c84a46bd6ea25b71fbfba07_JaffaCakes118.html
Size

300KB
MD5

3226235e0c84a46bd6ea25b71fbfba07
SHA1

d7f6701e9b82c6f013cfbdddfb7b8b41e977492a
SHA256

d4a8165181615bdaa388a05b776678224ec02509a01e7689c95c4b62ebf912a4
SHA512

f8852e1e6987ba069479b970f17e2afb60b1ad55c8f442b06dfbc72cb36679d57fdc07733e670f58d0b1acbead7fff0b84109887616155e0af4245ec396177d9
SSDEEP

1536:WsHaD+SbTTF1SjTfPqE3NkltM/jVII3IbIre0wZRmx6ocUJLnv0ue4XMc3U9dE6a:Q+SbTTFk3ItCVI2Be6cwiTCH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
860	msedge.exe
860	msedge.exe
3924	identity_helper.exe
3924	identity_helper.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe
860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 4716	860	msedge.exe	82
PID 860 wrote to memory of 4716	860	msedge.exe	82
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 3184	860	msedge.exe	83
PID 860 wrote to memory of 4512	860	msedge.exe	84
PID 860 wrote to memory of 4512	860	msedge.exe	84
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85
PID 860 wrote to memory of 3332	860	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3226235e0c84a46bd6ea25b71fbfba07_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdaee446f8,0x7ffdaee44708,0x7ffdaee44718
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,522315131240744503,8729138492730618617,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
0eb30fe8bd71bb08a1dc36c516b01870

SHA1
3fb2af9eaca39f8984603ca673995294e8b219ba

SHA256
a139a7a8d953c2fe46ab5f9e33a5e668c23cb0bb8d7f38f542b2b918f5438a82

SHA512
35169d505cdd7ee1de0611ba3e8ac9b323451ac5b046945bcbcafd57662fe92b457d24169cd113318018497c388eed2196bfb0098710ae02cc7bca06b9fa2db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
20e9982bea3f81a9f3d52d5e6a75ea99

SHA1
84834951be9863df545b20a1c2f6339d23558f14

SHA256
59e1bf0061b358c3b0358017d9feefa52f740cd3d584144eb4758d5d13a3822e

SHA512
98c2277502a88a9467ff1ac6dbc40965d53d3c858ee8107e2b48569e5579d0387dd9e3adb158fe9f891accbdd5235c4ec4b38da57e1b64b6760a160225687132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
19a95069763e88976e7562dca081daa1

SHA1
42234052cb24d711e1e711b1a398f2261c18294e

SHA256
1174b213710788973d81b28d98c203eb30255d63ec40012f90271da3ccd22097

SHA512
792e7bc115b3c609efdf23adae703cb64b86d77a72f3db062d9eeaa250c0aa207e0d29caeb9a410bf0162d301ed84f2f243c738704bef28f0d6a668e10271862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ded2e502b69adf83228f06a736c41850

SHA1
350aad9e2ab11781dd743580846d604e28ee7974

SHA256
d59fd6ece68a1fd28b4edb64c3a1272380727b230f67fc0df85303e3d067c11e

SHA512
5153534ecfffc5e04177598801e375e6850d8e471801c2681b54355b49ed7207ba81fa45e125d955ffce8819769f0923a2f0fab3c55bdb9d94af0c905df9d9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2b4f79556c0a02343685877dad42c10

SHA1
6afece43a9b9a4c65d4d0f3435c72f3d48349c99

SHA256
c4027e15d33e0d8ab06644300f51010242390bb95df73b41935835515cf2da89

SHA512
591619a87cdef852bb85c4dcf6141daf175eb99b789387ed9218b548da6930162d13796a3060aa68174536a4c23dd51bd670fd54a725b7e395dfc98ae239416d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
749c96aec31822ac84cd4ccb1a548cf5

SHA1
b95473d82a0e1007aaeb7a03b75588ac67dd5c98

SHA256
7c50dd20833e842f351b81625b1482e3b6f7f61fdf586b4ff8365e2654f4500b

SHA512
db2d0d1d0c33f640e71793b7613553015fe4f4c6a29c8e8ecd756a6857b7206e4bcc650e6611ff1e79aea3822295207c691c9e85e0d9f5c57c2ee05d652bff32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
441aa3c87ab924d989730b3d8e682cf6

SHA1
087a9b6e07032b69c062435de910bd24f04acd7b

SHA256
4a774d6833e662ee7553e15aa5f4cb6a726d3b1367e4380b23fee392f7a50a1d

SHA512
0afb905791ced8431119a60441acda15cdc48108166df3d0d1ee544959c501c25cf370a5ef985c935e78e955d62e2d2f705675a634a70cb7f14955ab5d14412a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
a1f624e86faadddd426e273ea1fd48ee

SHA1
7f993b54796225e09ab09ad6de88c4ff1bd69c5f

SHA256
d2b1c9f92de374191405352b847477f1fd7299351ea3f7172d08d974d69427de

SHA512
a87d308e8620349241ab6906896135d42d15547cd26ce1068666acc638688bf1e51bf2aebcdfb8ea358f6711963289829b0151e0aa6ee0e97ff3f56353e1ac25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ac9.TMP

Filesize
203B

MD5
aa16338ef185ea4ad922370ec3fddf36

SHA1
d3b96feb876e0871ad82b40a0246cb06a5de0685

SHA256
300103ad3da286c07872147fc0cd622612497be611feaf376d5011a0422ff7e5

SHA512
47bfc8ce8e18316656031d0ecbdd371a8cd674bc4dbc90e5884e8d24b7bb0f1111763cea321d4cb2fa059dccc234c0a3f55afff689c30be68034fb113bb43d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c1719b725b0e6df4228e944f70c26321

SHA1
dfdaa66ce32c46fab60c5c6cfa5a42237d4106da

SHA256
b645dc877897570ec917c5e19136a83aa307e8ee5c60fc6fdfdaaaff0234bb73

SHA512
9cd024713652604f50e109e5767abe8c9c15ffaa5b76914deeb37e197d503b83e3fa7046fac2ef3f95ebe49946c3e42e4d56e05e818210dad30ad6ef6f938a40

Download Submit