9cc8b94b97de1726b86966fb14157bca2eb7bcaa9365f67e9494e8f9881e160f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78da5cb66287b7f1732ebedaf0efba8b_JaffaCakes118.html
Size

23KB
MD5

78da5cb66287b7f1732ebedaf0efba8b
SHA1

fc79cfb575cd587d041e231651481310a862f56d
SHA256

9cc8b94b97de1726b86966fb14157bca2eb7bcaa9365f67e9494e8f9881e160f
SHA512

b3be4cfdaa112a0385ef03cdfef572f873ce6a3e588d5f06625d617d84846caf83579b47c49d069127a31648e71009ceb2d72fe460d78bacbb84073179482424
SSDEEP

384:23llBMiHeFbNBj3FKTVZzb2lSkI5ecI58d7MyJe8mUO9vuFu8:clCtjTF0ilSb5ecI58tMyJZmUO9vw7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
5048	msedge.exe
5048	msedge.exe
4092	identity_helper.exe
4092	identity_helper.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 224	5048	msedge.exe	83
PID 5048 wrote to memory of 224	5048	msedge.exe	83
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 688	5048	msedge.exe	84
PID 5048 wrote to memory of 1396	5048	msedge.exe	85
PID 5048 wrote to memory of 1396	5048	msedge.exe	85
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86
PID 5048 wrote to memory of 816	5048	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\78da5cb66287b7f1732ebedaf0efba8b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6e846f8,0x7ffea6e84708,0x7ffea6e84718
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12516149705046323713,7690836727125901529,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9a3d17b20dce7f789a6a5bb921b8a0c9

SHA1
7a952f958975bcb158281fc1dd051766d2276f6c

SHA256
52603f8d7712b5f3fe07e39f15cdfc7daae95ba7bb494edef2ea6e8eedaab5ce

SHA512
c25be33a56bbf82580d37c12e420d2fe69d8714ed36281f1d56064de3aee4d4bd90ea01543603d4fcaeb00d61ccf9fe6a4dc2c0273288d62931673aecd197b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f93fe4e3038fafe1af3941aeaeb1d0bf

SHA1
11ea8788e45a9c75a731f66055f36cb04e9877d7

SHA256
f92049587696d7732b7f7c390bea5f78ca0e4140b50ee4bae4ee25f50dc6fc0f

SHA512
52641591bc90fc20cd2b9c271364f7af02a4e766352119557e3db6624868dd01b9764348ba8b94710d3257c544212f050b13f037a38e2c0cd3853d05d3290a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ae8478498d71c6fdc185c6818bbe0bef

SHA1
10a6a84bba20600ea1a2a408d1ed4cc316c44f2b

SHA256
694a32ed613f2f49aea9b5ac5f6d8838c64eea8232eaa7d8ac038cdf12f57915

SHA512
953b11da6c8645f5a8035773f9ceacb2107694d5dd91762d6fe2ec8a3d691dfb59a34a15397e0add731c0e219466220730ebccf186b6f67e98cae8a4b11783bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e0b0e7984df498ca7917ec3891bf5595

SHA1
f16aab38b6359ba00ede320792c1b1f3d1a9b11f

SHA256
73d37bc4cc650ebb5329babb5dc8ee63fa037edd8bf05a5a7434e4427694fac5

SHA512
44bd27ee9111491b13919de10c6084fa9c3ce661cd96a54713f186ce57e783242ac316bcd2eee6795c85d83b474c9b97470f5e6cf3a909ab2088541f3f136e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2a348d97188f830d73575cfb2b5f48f

SHA1
59929ae8fcd2ea47a8ecd3b202bf508096fc39b2

SHA256
87b3affa29e91a97640173b523bb5083bbd58c0ccbd50c71b7c86d0ddd492963

SHA512
c4a47c2e44d42e9e852cd77ded098eea73270f00d5b8cd8d1c3fb4d53c2ba27f342243e0c0079c0f19aaf7e9a41a24ddd2771b43426ab4d440872e35a30395ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6292e594e6f29cdd0608f10cc53f27b7

SHA1
69c3480f14b081a06f7f7e6e846feae8994a93b9

SHA256
a14bc4b4ab7a66406157052fc7b12e6fdcf43757f072bd8de21d0da099fc25c6

SHA512
62279b8695a8e29b74cbd9b2fee09552a9217a0b9460865f66b8a1ebb5c09deeab8dafcebbc04c931e2eca430e5ccca0d5b64f9f7645ee09eeea7583b7d08319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5bd54a051a45dc8b745a1bae1d1a30e

SHA1
b295eb27250da40fcdbd901091063c1305da84ce

SHA256
3e9fce370b8dc5b79932adaf43e2219713b9ff6332e17f484b450949e86e7515

SHA512
5cef2f1a77bdaaf1de445b47f92898cf9e8abb4b5efcb2a38c7a591618c580c785219266f8436e3deb5fc62834af6605b68571a5097ab7cabea431f3e5c53982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
d6f91f8bf73509687f150964894d50a7

SHA1
d5215131f272b4f10871e7a88d1b2f1862d775d5

SHA256
d51d0f002a91e1f9262a816f08409fa17c43a41b9c6a793170f3a543dcb1294f

SHA512
48421b0ec08d8aa4cd10b8e7738fb2165e94aa509984c9c358d1a07733a51005b0b7da67199ecfadd778c27e9c5937dc17e0f6d386ceaa6d4e553ac1834bb0d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582ab5.TMP

Filesize
202B

MD5
2f47a4a9f7decfaed58b9648d3197f9b

SHA1
517dd6f5aa59c642cec6d02841285570f9ea1da5

SHA256
8fc711a49785fa497237196f463878a2f1a98502d61d741b8b8975e42fcad79f

SHA512
6b8f2cddaadab698ad1e6e16495f246b6574d7cab29de66c7f685734ff1b90dc462fa5e37a18b9ef077f867f3e46897839cad10e6a32e52815a31db5f2299edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd0767dd52e2952e4a7fa8707fb38cc9

SHA1
99832bd81e24e9476acc816378705458cd41fd8f

SHA256
6e1169d60f7a487525f01063daccaf7d302cd403e090da9b3c2f5f8aa227fa0a

SHA512
1fa232adfe2a9c3b31860f1bcd36a6f50f2cd2a89fe6e82256c6823d08862785b76f435eee0d6f39e30f857c62faae36df15fb0cf818c7934aa3d178a2f56bde

Download Submit