8845bff03f6137845b035da41b2381142d232f55f884bb6796d5d2740a4bb7ef

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d91548ea81332a0949d43e027493ac8_JaffaCakes118.html
Size

254KB
MD5

8d91548ea81332a0949d43e027493ac8
SHA1

5cc16e72e986d0b6a9aeea46c0366eaa9585bfc3
SHA256

8845bff03f6137845b035da41b2381142d232f55f884bb6796d5d2740a4bb7ef
SHA512

ef88e870a3867123ea14bad1ead85174530f6b5f523480448e1475cf6dc1603a6586ea5f29a6d44bd1cfe7d86708cd0ba1fa3f45a45cd5338648c60ca7e0fc40
SSDEEP

6144:seuAHAOokyBGBFBQBeB2BBFqJjxBIa5IVz7ESXXDyatm5:WAHA/kyBGBFBQBeB2Br+mzlyz

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
20	sites.google.com
22	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
4508	msedge.exe
4508	msedge.exe
4832	identity_helper.exe
4832	identity_helper.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 1888	4508	msedge.exe	82
PID 4508 wrote to memory of 1888	4508	msedge.exe	82
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 4108	4508	msedge.exe	84
PID 4508 wrote to memory of 2268	4508	msedge.exe	85
PID 4508 wrote to memory of 2268	4508	msedge.exe	85
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86
PID 4508 wrote to memory of 380	4508	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d91548ea81332a0949d43e027493ac8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9a1dd46f8,0x7ff9a1dd4708,0x7ff9a1dd4718
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9735461950615333549,5189306581251276620,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d91ca36ec0c078e82e04e54b0b0be430

SHA1
ba627f27c61100ac379b41030cb0c1d6a0683c7d

SHA256
546684d16ce12177e249186fea0a521a4d9a3c7fce6324f7db2256982579a48f

SHA512
23190c2fd0f48abf560b1c0809050a2378cc449c4cdb69b4354c93d4dce0d53f8717fc351e8d2db8aeba7a007f2250200a1b340fc5dcbebfd889e3eea356d476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
83ffe2e390faa9603e225dc9ab637126

SHA1
6235ecaf8091cce48ffa2ff6230e68999758f7e4

SHA256
785fa27db7f2c229b1bd46270afd5f910955b4772b8b156b3023990464871a03

SHA512
094266e6a7424ddbfe58db4ab9d85a046f658b79ac91c37461f50229c645c804a0a2d3445f2f85da7e0e88b591f5ab66bd978202668e9ce87c99c081a0cd6de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1625e99606d604febbd16c00210db84c

SHA1
de6d7086f35ce53f47daaeffdaa6a7c73309a89b

SHA256
6d50998407445075bde9eb64b59e578097fe48b1810c5ecdeb2295785d7ae01a

SHA512
03fd9e44acdb0bf198049812c0acd679b1d7028d47356fc42f706d4f938f4e73c63059ae36c08c7ff466dc76bd483d5a0522e99dc845f8617480edba317561eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a5097958fdd453eac32b953886086a9

SHA1
1aa541d56a37e4cf18a250ec5c952270380b1549

SHA256
38db35aa415790a899d581b5b20309f949eda7e0ed6d70c5c49e8f64e75ab91b

SHA512
56d1ebb6c1776b1e313ac98b955dd4d0dcc8e57d4b3afc1760b794f25f1dddaaec20a01b6ce07fe739b0489ffdca98a9f8e0e325c960f1a743b707fd22cbbc79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
acd1d9d39bf2b0c1b9a858010ac2b462

SHA1
b58cf041d2a46d7f18a345c129a2e439537ce54a

SHA256
66d418d4ec7783862927b27bf16b672e37f17b23b833950d811934cfed14fd08

SHA512
f9d6f52f20470977a7d275d9c91d301befcf3dfc8c429f932e396c190084ecefbab6601c350aebf6c5523cf9fc8795410911862c482bfb2a5d8033e17e8762d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
199B

MD5
1bd37ce59d1b96999a77cc05cf80af46

SHA1
253688fcee5f151cd7f1b115978387c5a560cb95

SHA256
1da3ca60ee2cdb43d588f83542400b1c332c92ba77bd3efff78502df992e8754

SHA512
d2d3605a5ec1b92df6f257640f7a400b166c2684129822aa4c8d587a551394af72a540ee730d3a9deef7d3fa2141dd32c502b40f25d06922832a343174445eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b045.TMP

Filesize
203B

MD5
0f53ef4f059f3bdcbc89d613b3dc0188

SHA1
807165b51cc20f01b4002ace1725e021042b9835

SHA256
bb6d6ff2507276544cd991a3d88954d50e69eee89338ad8636bc3d9e6d0deeca

SHA512
7ffa407938a8c750953ce1d9b8de299450cb45a3ad6fa00715b3dfe9f285de851b012207e9420b496764bf0bfaeb2d6a5b11fea5ef9e43638e06e75e33156777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ad1c83923fac2b5233cde6bea5cc5971

SHA1
418e9869a0b02a281d43d48c1035559da7ea6540

SHA256
732aef10dc26e239527006127398be72fdf247b2292354d46044b3916810386b

SHA512
f366a6aa47043c3203a368bf146e6f713c4040abbce17fb5bd9cacf6f94fb0cd0647fa69bc7a588b002a17016e359d4508f5cb071b1edb1d5eb296a7f5955db6

Download Submit