8353df7640673d82d70e92a1e304ba8bbee23ced0b683d2dae973b43279793c3

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d91b15df70f461af16cd218d536a475_JaffaCakes118.html
Size

35KB
MD5

7d91b15df70f461af16cd218d536a475
SHA1

26c23b331274eb58eabcc5ed6964b361fa5393d0
SHA256

8353df7640673d82d70e92a1e304ba8bbee23ced0b683d2dae973b43279793c3
SHA512

37e2db9db87f31dcbffd05f589b978a3d02ea1eafbe086b42ce1efeaae112939b559d3926dad6b92f41fde5fdcbed980ec82163848bf7f3da6f3e5cc7c66ddda
SSDEEP

768:jlQl/YCZwFTo2YJU6hpAUSxVXSFpekzLsAqS529xoxgnlI/ytQuv9:jlQl/YCZww3hpAUSxVC/zzLsAqSM9xo2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
32	msedge.exe
32	msedge.exe
3212	msedge.exe
3212	msedge.exe
5004	identity_helper.exe
5004	identity_helper.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe
1264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3212 wrote to memory of 4804	3212	msedge.exe	82
PID 3212 wrote to memory of 4804	3212	msedge.exe	82
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 4964	3212	msedge.exe	83
PID 3212 wrote to memory of 32	3212	msedge.exe	84
PID 3212 wrote to memory of 32	3212	msedge.exe	84
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85
PID 3212 wrote to memory of 4560	3212	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7d91b15df70f461af16cd218d536a475_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e4718
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1782602302693460119,15241425819910067396,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
9101777de5039a995516e205754365f1

SHA1
46db0f9ddcab3517e9d2623915744d159fd76568

SHA256
7a44154925f3b82237e598d7d826fe5d402682c3f30b2b945c663f3f1a3b1527

SHA512
229745213d63a35fc8312fd26f81b6496d1dbe31b283e115962124c90e56fee92dc0a8e26d11f044564dd072fbd2d5dc62a0e51b69250ff9217b98e8a98c8d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
704bd3e2b4eb893969d97208d04acfdf

SHA1
55e76992e49f6cff42eaa68f7d245258242f02ce

SHA256
4711d919d1223bb3dc76c2d3413fbc857e1129ecd7232a4aa5ccc7835620b849

SHA512
d650c8490c3ce4eb25633cffbd0afdebeff4d36bb6484f28fef95aa0afcfd4b59d46d466b9cb933a2eaa61f1c7213bdf16002a67f23bd66423cb8a4fe26fe9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
54ce3753d76f2141c92b49164a1291cc

SHA1
6dbf31cfa5277cb643b2f307978fcaeb90f33639

SHA256
e290c6611ac0cdad6adb9cd3f239436d4ab53bf23b686815e504a58a542ebf6f

SHA512
45e02a8df766898e78d9014710c4eaec20f5ce877dca4a91d35eb3f4f043afc2ad28270a0554bb4c2579fc3902f8d03f1fa43a1ec9bb8147c9cab7949b7fd896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0c4e12412fdd8fd40ed491fe4417e4d

SHA1
5d3e72b10075c27b19c252c2b88c55abb0b1bf62

SHA256
9ba3e410eb2d685abee3709016dd7ba772d9038b36c5dcb10af93749cefd059a

SHA512
9771e0c14fa87a6a3e638f88cd954d5896d3341ad4286865535b52005ceb9650c2181e34616a8a3147d2c3c9a7e49faf58e5ec13a72b0cc33992c46459e7de6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
450cfa523dafd29bdfaaaed81be0bb39

SHA1
adaefa0e05924b78bb7cdbaf02945fb55e30f8cc

SHA256
7bd1d9d198b136628903e023bb439b319563c7246047968c809532a2d8081bb8

SHA512
f9f81529222345aa4e336e3349dc31d3f6c1e6e726ff666fc1b89d85c78bc4d58f1f95596fd246f8cf229bfa37e0208d1b2bb15f188db99d4e4a5d551a0db941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a212c0f24495303699e211d06ae02392

SHA1
f7ad97c222bfe0eb97d8a217b50a9896531628f1

SHA256
9d9a07038b9e5e1e0ec5c7c73f46ea4836c41c63aa0aef33f6836068d9b2d815

SHA512
92e5a6004bb6367b8c72f10e1dede1f61c8a790b50d7dcd13eedb2d1d80c64103f935b2e441075ee1be1d935a159f1da9c5a4733d9ec85e648e36b13b66cafce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e50c3fe86b6a8d681168f086c016b166

SHA1
064dbe4d5e2639d92718e4e3338505a034b9c9d7

SHA256
07d275d70331dd38fb43053d3fa9abf41b2c746899b4a9d89e62535754963efd

SHA512
577c958a14256eeab794abb2c9e1df3c6bac1ef4210997de318b2da00049d69b4f04d0042357702ad8a4d548ad376cac7f7945ecbea007bdf1be805f8b41b114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
ec7550b027c6c3cd28d15838ffea01a7

SHA1
e3b50dd15aeb33f9f34175903ee9f23b59e1d121

SHA256
bf60dbd36eab7dd25590f63aff8cb52fb7e0c43b488dffb27a59bee29f79e10e

SHA512
36d3b2250851baace193ee10e3931c5d9269b10ff0b646b95805f51b76c4b626b8d9ab62d9a69e95c640ac2b99822c3908fd504cb4b8d5a6918073bac221c84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c16b.TMP

Filesize
538B

MD5
6830444ddad1491bd66fc0cf4feffcc8

SHA1
ce85b01df383490aa6aa345be786f25dd560e9ff

SHA256
cd694925779d7464a5887359abbdbdfbb77ce8921d32ff9b48f78a95a043a22e

SHA512
f05b68aac5e8f5233468a34a26d0ed6205ec4acd9adc524b5b61081df2f731383c5cbaed530f219f852884e6b3110cbc1745922b96cf1b01f2526cc528389b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b177a85616cd5f59790b815f261f8e14

SHA1
95374597312c9d471844c49408d24014eeeba022

SHA256
eecffcf07f5b99329ab531fd64c0d66469f8b791124f7d3a446e22c18b1f66a2

SHA512
16aacbabd7ad17b1455ba5b3cc45eb9042f86ece918e4206506d0a64f22d8823776ef212f00f2a1d6233b950c0f2c716757b17ca42f79b83005dc2ed5db5e5c5

Download Submit