9f1d7feb23743e729e88608d320e51c6ff9b6bbc00c215bcc8315c9f4cea4cae

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82b51f18b8958662072446ee9c8cb828_JaffaCakes118.html
Size

56KB
MD5

82b51f18b8958662072446ee9c8cb828
SHA1

e200771ba49a78fdaea3cc6c0accbc89732a57b7
SHA256

9f1d7feb23743e729e88608d320e51c6ff9b6bbc00c215bcc8315c9f4cea4cae
SHA512

d78df83fecaa4ecda315efbd96f3acaaa7e6e1122ba38855b0a3a799a95c57f36547d275fd64812bfd180ddb7d0eb8fa8e2710159e2ba224a79b90f34de0a19f
SSDEEP

1536:jyUxevrCQKU/XKl/ZrKlvx9PSmUv1OOhKSftKZTz08MizroD58V2Xl:KzCQKU/XKNZrKlvx9qJhxtyTz08Mizrq

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
4648	msedge.exe
4648	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
4288	identity_helper.exe
4288	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe
4648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 1716	4648	msedge.exe	82
PID 4648 wrote to memory of 1716	4648	msedge.exe	82
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 1844	4648	msedge.exe	83
PID 4648 wrote to memory of 3572	4648	msedge.exe	84
PID 4648 wrote to memory of 3572	4648	msedge.exe	84
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85
PID 4648 wrote to memory of 3740	4648	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82b51f18b8958662072446ee9c8cb828_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa087846f8,0x7ffa08784708,0x7ffa08784718
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17763553817070059267,18296510955678992166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
06b053870aeafb9626a3b5811ccd994a

SHA1
d88305e47ea47e234be3659546db33e5bfae8717

SHA256
c3fdeb105b90eacca573ba56b3c14fa5a8690400884388cc0c789d20b9a4cd42

SHA512
f2b890bd469f7f2cbeebe1e3aa1c6ae5aa01d73e21b60a55cff405ee4bc236ab8d1d494b555772b2ec1370f5b508b1aa6edbaf30024df01910e28b4c40b66627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
543B

MD5
fef9264d39de5df7fae7e6eae699bc7b

SHA1
7b7c5588264bf74b2a651b5a053b9f0fa9bb4e6a

SHA256
2bc5971b917148e87592384d57e17ff83518d9df4177009368dd4bc278231146

SHA512
b6cf6436135ad97f5dcf5e0284d2899141d961e08f59a400b986025fadb4061a19f459abc0a12fda3c45f08413e53d4a898959a007b3cdcf2f84599e99eb1d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67bdab34f2532922d52c1f517cacd154

SHA1
cbbd3a01b59a39f2d579b3edc2e5432ec5bd102d

SHA256
cdde96eb95e0eb996d470700bd922582da3b3ba74f3821356817f5eb3fef89b9

SHA512
3a89b56ed8c4b11876cae90a1f7bb55045ca6fa302469be49ba10689b78821052a94a1757da054cc8172939814668cb2473bc4c1acf2a6e0e970be4cbc87cfd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2ba98468cb67de63a9236a3d1f41787

SHA1
e2a28bcdcf5d18ed09dbea655f60c9590803c4f8

SHA256
d364d623b6715c2d7215d35ebb179cd51a7f2a8021ffaa9b3e124142fd25d1d3

SHA512
1a5a0533baad55fd4c55b8de47c3baf1c3632cc9bb65f332718c3fb6f3e38bc9eeb6d831ca8c512d101b77c8fa5fa6211160b217c3ba03f7d95b507f292ed9a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0b3b87468d0e1909e8118f2c804f03fb

SHA1
9bb27dcf43fa8af549b8b72c37cf7d3a3234643a

SHA256
c76831a4a181d05b3646bfd8acd90f280841b03e258c2f25c36e1d6426408b1b

SHA512
439e00d30225b52b0d2c5b27d130aa3a9a02ef3540adcdef1c968a63d4d49c66486432464d6a708af334e0e1304f385eb975b0b5ec1844dcd1e9ab43d6ab6b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0037f01c2a8ee5fb72f0be7f7fe8728

SHA1
f0f71093247f65d86aa79a2fb6e02d45cfa63c97

SHA256
8607ca113d8c14c864b3de593c823bc38edf06fcf07e237a3ecc5caf7d357fc0

SHA512
8b23322e9150e3d2e620e19a39104475710aa4018062b0d1bfc836d947b7999fffefc8cb14a06aba8f6b96bdb1dbe15e296589b282d115165d4638dab93ec2c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
20b226415b53c06648a2c8d5f2bee7c2

SHA1
549f8500811d76134e083451454b002824632ae4

SHA256
c4919b6520dafba24a57f72d1d6b73e27e3338bcf0d88e7db335023761d3bc2f

SHA512
b02062eae01cf17ed6a08eb8026af978e4d4ec7cb9f146089ee428650ff337df963dd0430eefb2196b96116bb034ae6bcf2d10920fd78fb10606353ae02819e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
72092118b517dcbf8f893b9dbd3b9c47

SHA1
db50fbc84e2995e166921e9555cc31e1d5990c76

SHA256
b5520240dd9570cbe452155f1db68bab4e650ee223c5948263e563dd0324ba7f

SHA512
26d896dcd98293236ae1ae4c50c05c8e291b44cc8c09c9ca7a6130a6f400126d00a91946828adaa84c7029a7f38acac2aeb05e3d999841653c2095c2909b605b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588047.TMP

Filesize
203B

MD5
f489eb780c50641b04b42b8d88defa8f

SHA1
ddcc4af52393b27eac9fc29b8d5cca814fca2e8f

SHA256
6746a7601cdc5fcd9601c4492eda346e9e075652ec937c5a9fbcb616efca80b7

SHA512
1da592c345eced85d6fc91ee1614ccea7117b056d2d17ad2f158e4774f71f8549872e09ed6a04dc11af1402864419bc29efae5f68b94f049623119b199cb8cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e293d5159f0d6c98ffe05cbedd783355

SHA1
f4198fc768cd4de2c9e4458765cef62cf88421f8

SHA256
cd09edcce1e291a442bad6ccf3dacc0b9452395f5107cce8bd59ffaddc09985b

SHA512
83cea88262396c995a41bc616a9c4ff0acb3454c4945dfe112a0e560293eabc6fe31d1a0c33e31997cc3b802b8d09690124907703c3933e4f61ae4e93ce0dba1

Download Submit