1cec18402c3c95937eea143fd3472ee8a2781beec79eeac8ae9b93f399a67bf1

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bec95665c800922c1d84100a902eeac8_JaffaCakes118.html
Size

109KB
MD5

bec95665c800922c1d84100a902eeac8
SHA1

a3ec869a5c65dcc883e12ee064113de9ffdb29b8
SHA256

1cec18402c3c95937eea143fd3472ee8a2781beec79eeac8ae9b93f399a67bf1
SHA512

36acca23cf4d5c2d80f55337a1753464b1e10cb08dab920773086afa0ef2dc81cdc655d876f80374bbfa6741a96da637fc79549aca40c701ca0f5101055e1332
SSDEEP

3072:8csLLNo/zPJxKAJ/AXS9CBsuryLxTqrCW5iXUgqhjy5+leByKNv3vYa4jRZ:88rJ/AXICBsuryLwL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
3668	msedge.exe
3668	msedge.exe
3808	identity_helper.exe
3808	identity_helper.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 2080	3668	msedge.exe	84
PID 3668 wrote to memory of 2080	3668	msedge.exe	84
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2340	3668	msedge.exe	85
PID 3668 wrote to memory of 2976	3668	msedge.exe	86
PID 3668 wrote to memory of 2976	3668	msedge.exe	86
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87
PID 3668 wrote to memory of 1636	3668	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bec95665c800922c1d84100a902eeac8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc437c46f8,0x7ffc437c4708,0x7ffc437c4718
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1608 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15698952705948982935,17102999857110310372,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1e86b6a33f3049419bbf58ea8b0343c3

SHA1
be2b2383e7416a1ff8d2a0f89b3ae6a4888a9622

SHA256
b7f57123b54c243f84737bddbe0d4a4423071811638f6798449b93c1ec3aa927

SHA512
f76363229ee405c8f13e5a189f186b5bdd7426cc2a1dd987229a7071e17aa4105c05726250a4c24ab7bb94c490a46f9f3c322a046a3a0196e6dd6e821439fd27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
260B

MD5
84a151bedc4df771824f15d41367b660

SHA1
784bd732e6454b1ef7324c57dfb521beaaf88cda

SHA256
fa1669595a341395d2bbbd272bbbe78636b7a06e644666063eef4089b200c603

SHA512
716bf5c89227d553c7861cc8bab27bca7f445063f546c71edffcd77cfd353a7f85e650db494b6bcb1935e831ab1dd86705c85fe4b377939de4c9a34c2ab75139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
334B

MD5
9ca513121c16dbd7951a5bed35c677df

SHA1
9c18c1ed06b9b99bcd3642bdc258435b8f64fad3

SHA256
98fd864aab116772012a3ba895b08f8a93e41e070d32548330d7242c1168040d

SHA512
843e6a0345434872d84f7433e81aa02dcf8b6083276f22443446d26f33204cd3186f723dc8b2f6bf932babbc55a11ef9ff63165ea80f71dbad8f178d0f731a9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1531819dc8a77f955e710a340ac2bc6a

SHA1
5751f9fbce27151ee518ea9387620cd7add7a535

SHA256
9c857c73ce06870b4c446ed3306260dc37d2ea51779362c346cda3db3334fa95

SHA512
e34bcd55eaf1bfdb85000ae923bef6616fcbc313d410b656ed6e47270fbe56404c83d1dfb3b21697701aa14cecd77cb17366dba71464ccfd6400e6ce40b52e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ef050b09cf4753f974db7010aec93f6e

SHA1
1656ded89c8fbe4e64c92cef85bfcb298bc1a6a1

SHA256
604e099df0da3ac00956b26539b9fffa506cfad8881510938f1b81bf451095f1

SHA512
993154d864b3b87fe550e7e8a6b1a8da404f1495588a23287526fcdab9c0549fbea86413207193a1386a2e7debf6535d81ce6e3ab105449d6f2ee7193ef03cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c005c4f2192b10b583866208a8a92de0

SHA1
8379a00d8c1cd2c0dae08b6bf6d74ab1b902800b

SHA256
baf190bcbf86412732b3a9cd11fe5374d8415a16eb15be9da24498a27d676abd

SHA512
e03c16c9b3f06c7f79f205ab13b3dc6eb35ace93e027bf6fbcffa7cde72c3daf13caacd2714a3fdc51a911afc69dea114628a2b32b3c6ac6baf3a17bf77ea873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
2ba0a25ff77c14fc302c5a7cb58d1e48

SHA1
acb6fd0fbe5a77b4c4b708872f9d026412e7fb69

SHA256
f3728e605dff7c88172bdb961b236575c5b8d968d8e4183dcc7ad81abba33fc0

SHA512
b973b851b4e5a1a9c2ab0cbb7ff917a452b8b182739fbf3c0807f45ec782e0e5eec4ced97e9a127574d4189f8d8ece3ebf85a3c6469b13b0eb68642dade66504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
de66417faf489923634172283b358b0a

SHA1
aff344ff6e09c43ada766b83c764a8811465cdde

SHA256
a89541a723e199505d3af82b81e77c96f918de6791994bdc17e79d3e6779462d

SHA512
33a44f20b832f4bc4f5dd2715667a2b49e5a18ebf04042cb406044bf706263f5f58686d880489a337d8f6cee0bfec4925abb5a124edac7bd21df084affd486b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5809bf.TMP

Filesize
203B

MD5
d84eddb5107b7ae6d020285a15789008

SHA1
a895263856ad78cc0f2c89fe5cc630639adfc645

SHA256
55b320c4b1184959b0c18aa0800f2bc13ab5bd890c0cebf9271dbffb38ac1de7

SHA512
ed461bf6c05ec412c62f56583e5b1ab09f5454f5f6e092ea723b56fb60cc8b977fbd2366b8a8f54e568e064d46bcd658830383cb62f81cfd3abe3ba0f7b4b026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2dadb342244cee662408d391a444d441

SHA1
14dbfcedac130a01214499cb6d6b6c46911744d6

SHA256
5b7d4624250aca7edeeaab1bfa67ec2b38fa0e66a27716cff7e0ab3b45cbd802

SHA512
9a0a6afc3210e8b9be248b50fdd5c37aeb83b14baca5034d8723d10f886a1c3f755bab40b56a8815aea953ce3d75f2358a611178df5ea74558181bfcafc43037

Download Submit