1c34fb06223bf476ad2c72a3b00524998dec03f2b1ba0d4dabd3e2f33241230b

Analysis

max time kernel
145s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f5f094585e75726891f785954cee44d_JaffaCakes118.html
Size

55KB
MD5

6f5f094585e75726891f785954cee44d
SHA1

740ac2e348e9d25cf215a514c99da7dd23674a9c
SHA256

1c34fb06223bf476ad2c72a3b00524998dec03f2b1ba0d4dabd3e2f33241230b
SHA512

f6a6edd3f355c2b35ebf9175d4d1bbcd20c8c4c7f672010c0c67d15b42321782f728ecbcafab01e051349e7d21fcf0ac5e8afd729b37cf226000dd039eec552e
SSDEEP

1536:gQZBCCOdq0IxC9Z1EVK7dUCJfmTxSOV7Nzt7VvvZueI7YTJsxqCpyB6FNNxldxpN:gk2c0Ix8EVK7dUCJfmTxSOV7Nzt7Vvvu

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
3908	msedge.exe
3908	msedge.exe
856	identity_helper.exe
856	identity_helper.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 4148	3908	msedge.exe	84
PID 3908 wrote to memory of 4148	3908	msedge.exe	84
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 1352	3908	msedge.exe	85
PID 3908 wrote to memory of 4992	3908	msedge.exe	86
PID 3908 wrote to memory of 4992	3908	msedge.exe	86
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87
PID 3908 wrote to memory of 2388	3908	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6f5f094585e75726891f785954cee44d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc82e546f8,0x7ffc82e54708,0x7ffc82e54718
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9598514013482065899,8264219023295447343,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
988028c9c45765dae296d1807ffbe0c6

SHA1
c609e59ad860b4493bbf6455f4442e158333016c

SHA256
a84d968ad39acd69c40b7b5eaeb1f25b2f82923583f316bbc98c093761d58793

SHA512
ee287666777756bcf43def2a3d40c0622c5767f56d6d26a6acc7ff6533849afddff31b72fac242b938bcd7b9f9f3bb4957b8b784d9928f1e8e4688deb66089d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cdd16871690ee3e7d151d490347e316e

SHA1
dbb6b4a9fea715720dfbb66a2f10655da6e5a20b

SHA256
bb29c3c9c3753cabeb36e3f4699f82901e0dc6712e7e6cb4d74befd2232fe7cf

SHA512
f2862870d6a963523ae2737fe096d9e6e93283ee48e027b1b863c5eaa1d84e9fda63d5b832990b2478bad8ec1e7d165ba12ce802851b2062565abfe2c7c3ad2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a4c714d9bf09875f50515ce570ea86ef

SHA1
f2365b7c5596af69e81b27def6952ad62efd75d7

SHA256
59ca1f8687703b702f8ffecd0409fdb85e379aa44cab8e1da53084fb05f1baca

SHA512
ae19c4a3906123d392a41ff8d70353e26f9832e48186e047ed3e97c31222296d67d1928b1b51cdb5d7c8449e5d15d65f493813e2eb6f09740d96e400c4663641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff650f10de29a7e70ca141e25ed76bd9

SHA1
61545a8e8f7defd9133aba48d390f6780e55ef5b

SHA256
6f437734ccfe1ec22735a60ac343c27a7ee820bb662209a7a1c2dcf282099fac

SHA512
045bad3869014a24535931f6945f6ba9370424dfabc275036619fb8802426b79c97209b25cff76706bf5b91f131926c95806a113081390684f88fd4b9ec1df21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
66fd7a2415c78edbc4b915caceda7039

SHA1
e772102d4c15fd2b440d498ee42895b5f458d139

SHA256
b6613fc723765b5735bf8ebb85da93019c3abc93d11570a853a415372d71cec1

SHA512
61eb4613a5e02e9c427121b08c2116237f3cd3f671ce71b81359468657d84b0ad62b930eb210120ad25c856b53b415289d188aed9f58805cba6d8f61d8f85471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5801c0.TMP

Filesize
370B

MD5
5814cb4cc9d5a897c90b594d51f28f40

SHA1
d450b9779d7d3c1139d43940e1eff5d2a6f19fc0

SHA256
36ef22a06a3397989b63652348f3d2868d06d05e1d7f472db0fbb07e06a6a21b

SHA512
c9537f9704e118bf1f221b04b33f9466ee07fe0884668ba8d05733d0d6b213ca7841f487d1674136b4c36905b313ad7831c51e4fe6c3fd61fc2ecf6b8fb03cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
673662385259f38a6b9e120ac5afb43e

SHA1
b60919081c50b7e6b40add754d62f5be3af587fc

SHA256
daf6ea116295bf019ae528b85a6da39d76025f7cdca803846bb06bcfdf01c5c5

SHA512
cdbcdc4fd6f8d813d34ae633893d11acef0107779347aaffb36a354f7d900960be332167e4b0af82051fdf0026cae62cd14612169a996f13cd37485976af3517

Download Submit