911127205c94b6512045fe4282de42d75d22cc80d95fd6e2bf2593147b7fe177

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 09:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

670f7b72e0b87724dc6cd782fb786b9f_JaffaCakes118.html
Size

57KB
MD5

670f7b72e0b87724dc6cd782fb786b9f
SHA1

ec7a79f825df256fdde3742cecf7faa53ec49dda
SHA256

911127205c94b6512045fe4282de42d75d22cc80d95fd6e2bf2593147b7fe177
SHA512

48cf3644f74d0441b2e599d7c3c80e8835539f433d8faabc3caeb7b83a298a20074944764ab207cacc10ad084d7ed4c274453351101079a3cc91666c99caa513
SSDEEP

1536:gQZBCCOdA0IxCwv7luG9RWSTMw3CA2wh18lrxuc60mobgEb0UC/s9ILBguHDmSsW:gk2q0IxFluG9RWSTMw3CA2wh1krxuc6l

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
1744	msedge.exe
1744	msedge.exe
3212	identity_helper.exe
3212	identity_helper.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 3032	1744	msedge.exe	86
PID 1744 wrote to memory of 3032	1744	msedge.exe	86
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 824	1744	msedge.exe	87
PID 1744 wrote to memory of 4600	1744	msedge.exe	88
PID 1744 wrote to memory of 4600	1744	msedge.exe	88
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89
PID 1744 wrote to memory of 3520	1744	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\670f7b72e0b87724dc6cd782fb786b9f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeecf046f8,0x7ffeecf04708,0x7ffeecf04718
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3013274658694996300,2488492587816380990,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
57149660b722df1171d2dadf761db2d0

SHA1
3bd6c0e8c4d72efee374ce315f965c8f5b05a3f6

SHA256
b9fe0b6674b1a9b284a862ab92a8532b1503fb5128a158005e260bc2f6d6c87e

SHA512
68335b510bfef6a83dfb320115dfc2dda13217c662e6f05a70805842b53bb93b2ab309281331c86609d0f1426e4a8bebbb4949841846d33cfd21abb3c19ca4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5a0395d552ab97f0ba54807c8e597668

SHA1
c092ba47ad30726da24935d1184a7680551a1ca0

SHA256
d30626cfccddc9670ed761ac80b6fb68f9fadea780e655d3e5b96e41bd3f0e67

SHA512
17f96139d281ede546b3689956fc16b697710686b23e74d8fda2aec86b0dee76638e6374a14cbcf5eb83907dd1d7fe52e8c098db5cbd51487b1fb26862bbf323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db6e75d8f392734b4d482e1fc8e1a3c1

SHA1
815eb3a9cbf4b7cf3d32116d6ee3bff7afe82947

SHA256
63ab11d6f7fb62ea617c77dacbae363528f89c8024062d73dbdc6d219f3b07af

SHA512
6eac7f497e7684595bf3ec4f94b84b6af0d45162ed3aab0711d94364e29a634f9e1ee7ce453a2c9fa96d1dc71416b6859344c0d00ac772d94f8195be7ad2a5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
240d6d5c88c4153482121fc2c2590d10

SHA1
9cf2b2df2e5aef4600bf3158d541e52e88df716e

SHA256
623e112e93c3f69a2420efdf6ebddb1307a4c1f71532edbd3aa8dacfabbd540c

SHA512
b83439ee99badbb8e5db2ad7ad12bc3e1af41b3ff73e433cb4928d5f33523db2096db1a52ac5d90c8d7ec7f441b39090363ae1f11262e201a5e234d2e8c7f9fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
753c5ea2e179da747ec4ef2965a3d5cc

SHA1
bc2ea9b02a74e80c1993be910ac06b569fd90e4c

SHA256
b4c26a7225fcaf5e49ac151553c912ade868751a90e474d91a18b6c9c734c53f

SHA512
6f003b3ba9cee2c3ed8f504ddd05a7c06104f4fd79b626a93f1cd49f6aa73d5687ab9cfaf9f17b3de2626f778c598fc36287d49d817d0d9c1959b468a152a8fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c6f.TMP

Filesize
370B

MD5
f92563404a97daf9cd51bd15e50ec727

SHA1
bb76b4fd389680dec644c19d4f940bccac2b0c07

SHA256
0fdc3256d2964b2d4826cfe7bc996762df1cf566e9569da52b69b27addb12fd5

SHA512
ffb145458ed02be651f71f943e8a43d272b971f48260ef02c1576f83dc27dabc18d37927793d38bc911289284e2be9671c310cee88828e91a0d13ded767ff301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
915c7532bd82c0ce4121a293dde4949a

SHA1
3046524a98878ba687bb5f5507756a77cb4a7bc6

SHA256
c082b9cd9bbeb7b8900696b8d00b049c6f49e4dd1b61e6b4fa8bd38956c08fec

SHA512
315f12854505d25952b1731499cae17f3981ace511663e07ee059bea5303768c779e1efbb245b8011e828d9a6b49bf62ac3ceb2d20106f0c44ca901c99e41c74

Download Submit