a87bfd6f3019e6a92efda7d0752b5aca20a0659248a4b68cbbfe375bb92262ed

Analysis

max time kernel
148s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 09:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ed05ed5e0dc4dfb5aaa15703bcde48e_JaffaCakes118.html
Size

62KB
MD5

3ed05ed5e0dc4dfb5aaa15703bcde48e
SHA1

37730eeba8d129bc5188c311922dfbb03617a93e
SHA256

a87bfd6f3019e6a92efda7d0752b5aca20a0659248a4b68cbbfe375bb92262ed
SHA512

d73dbe708723582849afc7dd13caf7cf284aae08566532faa532de4aceadd9c9e77bc2440e8cef95fc040806fd94d0fffad2d0e9a0fd70befd98700c32da10bb
SSDEEP

768:YBEioj7hOEi1TDpkcppmqIKI/CV8nfw8QfJsQ8Qutdvxqt:YBEiK7hOEi1TDpkcpzCCVVJfJsQJutfA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3964	msedge.exe
3964	msedge.exe
4488	msedge.exe
4488	msedge.exe
4364	identity_helper.exe
4364	identity_helper.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe
4488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 3244	4488	msedge.exe	83
PID 4488 wrote to memory of 3244	4488	msedge.exe	83
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 4016	4488	msedge.exe	84
PID 4488 wrote to memory of 3964	4488	msedge.exe	85
PID 4488 wrote to memory of 3964	4488	msedge.exe	85
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86
PID 4488 wrote to memory of 4988	4488	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3ed05ed5e0dc4dfb5aaa15703bcde48e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d3746f8,0x7ff84d374708,0x7ff84d374718
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2076692804991734823,17087931167989801974,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5484 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
bface01d4c1108aeaeae2fe9147b83d7

SHA1
b9efdb497b2aa5550fea31a529baf207e2b1cccb

SHA256
5512bd88e3ec1e032b4830db328ebde09cba03f1e0f2a057a043c95e088fb1f6

SHA512
5380790a7877e564d9d18a6cf3574f5c07c4dbe233f47f642f13536dee2e327a63db9e4b3d2fbec3cd94a0d5bca8d9f07ef6affc6621ac9df163ca0412bab277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
861B

MD5
5d571184393212b211762a53e0ecccb3

SHA1
86c63e412368b05e9aa088c0ede0aaeadf0f6579

SHA256
9363c50f75fa98f92b19af28093a9bdd90a6128b25b9e29ea8c9dcfd59ced768

SHA512
6cfb793238f8f79934daad3e7c56465dddd9c842590d3b6469804f3d2939a2e4774f82614a6e9bad4d9d32d22327b02d8fb966fcff8ef8091f5fcb5ebd8749df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
923B

MD5
f6a15473497d54d3904c8d298edacde0

SHA1
fcede3a5b83481460b822d492b9b993b1254abc3

SHA256
1aafc6d410517b9aff252397d052ebd28f5c7af514cb5cb7286ffff065a39ad8

SHA512
30ad22883ae9b5b6f7942fffa4fbba9ed855d5793f005afd3f995f9e29eb3b83f8e84ba52523d37c99a046bfd4d0b36980321c2586175e4b42881eabd3dcb559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
94e0398e1a1c73cbf37c80802cca5335

SHA1
4144e7f150fb591335d2cbd12fe4947a4185d357

SHA256
e7e4a34eac513f4feb41bc25b83879957feb026c24e62f283b24e85509ccaa35

SHA512
aec72f0cf8c9e4c015357e549445d9b225e834ab34fe4c5551d0089f537c5d298b6769dd83718ba07859af611c190262b78357b228c2bee2e7e0c8e2b30d3010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a5d1c8dc4ee2490ade7a5a3d4a5be3c

SHA1
c05b228d54c37499e53a3de3710268deecd6d378

SHA256
51c65c877ef8204441d6c653973cb11b11523ced6cc7e89e4d195264081ccaac

SHA512
c44bf5f3cfa55cbf38f57bc2ea2a62badf06018aaf1fd6102d78085456453f6a339e67e501349c8baf7c00ccf3aeccda3b8e1edb4b9f12080f3e135619875130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
286e49f4f99ef72ef2ccd8ff404cd059

SHA1
e422fbd4a0a569156566dae22a7a3e46145b821e

SHA256
135dfd7558ec722d680865f8750a5bb1c72e158411fdb9e0648a00bc64b2cc9a

SHA512
17cd136dedd30bb42942447b9b88bd04ff4f6b8d7b0b8f105f5e8c32c386e1cbd984e42f3f95d9b8749fad4f053c598b4b5a855b1f322f3abea7034cee1a70a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
20e0ebd661764345b7d4a66f57478646

SHA1
3e18e9b2661909334cbe1c17c88369ae03c0ab58

SHA256
2571cd7af3727d935e52a37420c50a9e44b7749a8cf38fe5106909a34eab6b5e

SHA512
553a786e518c99cd7f9d594873412857ef0d252463106fa79090406e8dd7ba61283896b9f95c5e7e50b258a5d132622c78e634128f1b8eaebcd0dcefd41136fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
81dd885c3f05961f655adc22ac636950

SHA1
ba0ac91a9b09ac83cc3e516f5591e7ebf0dfe568

SHA256
0f84f604c2266b80c230314d96556a04e3bf598ef86ad46954427f2194aa2c73

SHA512
30e98c576b7104f2c6dd18a28da652973f77b48dc3da508b879b7a89a5bb9822cf20dfc811e7d0dd7dd14251e332b57e6e5be16ce8a9255d845677e2fc86855f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5794be.TMP

Filesize
371B

MD5
c232cbd6da2a3c06f512a352ec39fadf

SHA1
0b1c167745aeba78651b0ec39e1eaeb763de5483

SHA256
b46474c0bd0b0ae1a8cb96b4ad23e0bde8c0357f10f0a8128b732b8e12ba1b7d

SHA512
e8bb5a5f78c68851e1e6c3cb908f979f1829f5a6e2250534f70f6a9aeabbbeaa6ba59c70d0afc91aabf68313e5155144220e483b024a5efa13749ebbde058899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d42473ef8e6d04751dd32a3c74c8357c

SHA1
3718e8e5d05867b80f5103b6c2d52f448a528b75

SHA256
5274a3d6047b7598bd0bc913716e5e407b37a96889658a2bc0722d8751a5a449

SHA512
310c2f9ddcd62dc08014b573594354f56ddfa882227e7341caa50740ceed4c196de0a0cfb3ef48e7cab163e9dfa252e33fbcbc32dd0b11d283528dc39c781993

Download Submit