1e434fbfa8c28f73b98976b99f72e8f7f4acd18eed2a55721046aafebf5382a1

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01/08/2024, 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8238e85ddb4ef4fdae029da254c8a8bc_JaffaCakes118.html
Size

55KB
MD5

8238e85ddb4ef4fdae029da254c8a8bc
SHA1

056007904279b7614ec4173d209a481d69d47d52
SHA256

1e434fbfa8c28f73b98976b99f72e8f7f4acd18eed2a55721046aafebf5382a1
SHA512

5030efa6b553423ece2e4fd2b88ec6852a37dd2cabe0d8ec704a49ec2d5c8f21f67cb8dd616cc5e84473105e8e480e902392cce88a3f1b8726ad324f072057de
SSDEEP

768:ElkoIAxFSqbfEcdxO2H7wo5S+UameG5mxYcjcxeXF0iqPa7:ht2meG5mxYxxcF0i0a7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2080	msedge.exe
2080	msedge.exe
5060	msedge.exe
5060	msedge.exe
2444	identity_helper.exe
2444	identity_helper.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 4120	5060	msedge.exe	83
PID 5060 wrote to memory of 4120	5060	msedge.exe	83
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 4236	5060	msedge.exe	85
PID 5060 wrote to memory of 2080	5060	msedge.exe	86
PID 5060 wrote to memory of 2080	5060	msedge.exe	86
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87
PID 5060 wrote to memory of 3712	5060	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8238e85ddb4ef4fdae029da254c8a8bc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd633f46f8,0x7ffd633f4708,0x7ffd633f4718
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12567960310269287172,1690294529729045163,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\66c6c7f1-c839-4d80-a93c-0d1c46ecdab1.tmp

Filesize
10KB

MD5
c01d5b7756887006ee06bb36619c77f2

SHA1
8694271052c955dcfa931e5137b8447309e92ec6

SHA256
f20daf377f61b77f0936cf9687b1bf7b8c6b5e5d091f0802a7c960edfd3e2d25

SHA512
e36ed6118ce0441b509a01eef7c70e0c960c2f4e174d1b730a45ace87f25290f7d0160f0bc4952b2162eba06dacfca259de6fd5d30884cbd7a2656180c061bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
94eddc8c760c6582645d582b4f107cca

SHA1
01860648fbebb62eadd53d3bc58471df3b8d211e

SHA256
710d6dcbe48115aecea88b0a8c0124f5ae5f30225e59dde1bdfcc4574b5e5933

SHA512
1cf9e561257755bbf563df4f348bba14ffbce2faa7cfb96738dd2aa4b166d1ddfee114578f8b84b4d7c59f3d18cadd9ebc5b45557116bf68c2eda0867d9e5484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71a22f9fe81453c6c788bfe09ab8fe0c

SHA1
f4ee9368e5795c5b3f9470e0434358170e7646b6

SHA256
ca6f5b89e7361282ace0d96bba28c2a4434ccecfd0a97d925e9bc61524efd908

SHA512
a36d9a0c814d4293ae70a62a76e8a98e712ad91674a26cb3d8ffd300e22a6cba134e501b4a7e742229a66005db3b508aa821abcab1347b05457f06c712a1d724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
be3d42ef7ebc3c9804f7f467cfd460c8

SHA1
acf48f2aa07b2f4f7939244e05245d5774d7c225

SHA256
e3b2eaab926e5d6d5f472c90477aa58b82ceae694c9cb33e58345c6224fda4e1

SHA512
f11875a8c86a4101d80fbc235ccfdda5e9fe471079bc9fba2862678c79c0f5058b77bc0d5a335b9b3c9f9d0bf6668be0e1e9c94694cc5fe32dc66a2157aeaa50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5b3d793f63f15480ce0733ef20c5f715

SHA1
50f451e28b52edb9c8913a37db48cb5a07190fe0

SHA256
1e19e79bed3fa6de5b0488cc6604270f7494ec4d3b95556e1b26c00a6fda1554

SHA512
5cd1347e06be09a4f8dc58c6e6e1c5b20bd6bb89251a8387381b3d30ecc0393dc111788aa311c54bfbece3581df7cc3f2f14b8c939e7d9494718f733a35a0ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad58e5cdf989cddfcff99a97b8e336c2

SHA1
447e6d2fa0254640b70a0180f836958e692821c5

SHA256
f110e6baf4e83a7c1b95cf6329848d386e7094a579f64818215b1ebfa7a70f87

SHA512
93ba3127b97934633a725215ae74e6f27fa9329f897dc235c93de975eec750b25698f3f0308cae58d244bd77abb5de6338d0139d9fcdd55277b80971bcb9ee60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
037c359a2546c09912b69fcbc8275240

SHA1
0d119c0b60c36a1f8a336aec332f752e5ce69bf9

SHA256
f64df6d4c2ecbb97ecf1e0adb0a7b9db72587edf1bf59e382e08026c88674183

SHA512
f9dc131c9ba1486963fd05f45f80a2c771b3d610fc7dc7beeb0ec369124fa0b168a5ce0a262cf636ef95cc8e9a82f531232585c10a65e0cd2a448e8263248dcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
de6af33d262968258729ccc8941d3d5e

SHA1
d01252f6e13af3f0c4f373d5b4c648c226be680a

SHA256
0241fe6cd21f2ed5812e7e2e9d80b3c3ae6cf49ae59a1495d14001d70e64f5da

SHA512
ed8b768e8e3a0d5426f2b9fc12bebc1c332b32084d2c5fc30ea3102f7fa5e1c7d1b843bbdc15e5d74de8c19c217e73e6e22a71cf98dedb04577ca47d96478c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3db58a3256bfe9533f77e0c51cdbf9f5

SHA1
5187560caccd5f138e6d0b9d5bf4715ee27ff8ea

SHA256
28013bfbcd645cabd6f14de8d257a16fda4cf8d7d162aba836cefb8f08c32c87

SHA512
fcf21faaa1015c8f02ed4405894f090f5efdc043aa92894f1b5c42094f9fe56023198daf9d2840f0ef53c365ba0a17314f727e5774ec4f482ed76eaa3fc6008d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58aa45.TMP

Filesize
1KB

MD5
4ca5196d7daa07493281edf46b6c9f22

SHA1
a9009e77943cf0cdbc1ec58b31701f4d80aa0bdf

SHA256
d550345ba9c7dfba5b441aecdbb25073c62227df7ac356865d58c99990341b0e

SHA512
b4a025da812aad9a51d24286dfed2d23216218418a831b85d820d91ff14c60955282d7b2f4fe4ed7ddb5eae960f456010ad6160016acd2c9077b116e949e6087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit