fd6483f500d4a154d0071bdc047123b1d6ddf10dd327d9704a7d0f53b3c95e42

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfaef77a2e96bde6568db1126da47819_JaffaCakes118.html
Size

26KB
MD5

cfaef77a2e96bde6568db1126da47819
SHA1

a597bee89c9b71db6cfbf97c883752b68bdf1db7
SHA256

fd6483f500d4a154d0071bdc047123b1d6ddf10dd327d9704a7d0f53b3c95e42
SHA512

ff2db7ca3f192a469ebebfdac197429d28dd7274eb20355c2900eee5b6e2b535834df8268aaac01a09619671cd84190b5eb2285c276d2043fda5b7b2554b2eb1
SSDEEP

768:p4axQqpLGHxmD5d4j5V+3sljPfTWCesCUly0Bsf:p4axQqpLGHxmD5d4j5VTljy9sFhBsf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
4648	identity_helper.exe
4648	identity_helper.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 4468	5096	msedge.exe	83
PID 5096 wrote to memory of 4468	5096	msedge.exe	83
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4428	5096	msedge.exe	84
PID 5096 wrote to memory of 4572	5096	msedge.exe	85
PID 5096 wrote to memory of 4572	5096	msedge.exe	85
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86
PID 5096 wrote to memory of 2272	5096	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cfaef77a2e96bde6568db1126da47819_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff073846f8,0x7fff07384708,0x7fff07384718
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12011182022280589040,7449716596442582047,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2632 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
66076889f54c7b441184956c7cddf5c9

SHA1
3dc2733dc7f9125d1c7331ac59d0681944c4eb23

SHA256
db3ddb44c27e32877c8d1e0b06805a0ab6208edd01d4647f365a6fb19a5cf91b

SHA512
c584f8bcc9c5c946bb52ab7909376b00751eba38cb0851fb703beb43edff155708968b48a5da847e587af6b78547625dca2631130b91dd0218540d6e6c12b8c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
07224d8ec0ad8df1e762249eceb7d8e3

SHA1
e338bab1441ec2fe62e37717a7d533f71048c663

SHA256
87220f1f1ea2697b66487a35664801c1ac9d26927b95aa847a02eb8258cff531

SHA512
d884fd2d17d31f46348a1add7267b1ecdde1c0efb9de580da505b695e0998f34d76a1f68af0ca7747779c08982385b4188a21a4b27eabe5186d0f2f2a33d5486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ab46e49b856a0cdeda38cd1e0e3ebcf4

SHA1
6ec106fd3fa0fc11f2f04003bc715155a4371e17

SHA256
30c8428976354025d2a14f83ace84d6425c152f561a7c5c5b5aa941888484013

SHA512
238f64a8e4d3c82a010c882dbcdfe889c122e1c7e8ac2ca7b9fe8017d42db81bc3b5176b49cd89405d300a83eeb984020942d971a7ca402387fa83c289ff9f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce917a77a2c7997b461a44442e20b517

SHA1
fca7d9a2980a88581f6aa58799cd1b3f47152368

SHA256
920590c0ec2644351d022e609ca4f43b7a627a56ffca6589237e7366febc1e32

SHA512
b2e70de5bfd7ad8efc256bc4dfd49fa7a81d246572833d9e37167d52c4062acd927ce74288c745807f0ba3edf05fbad3a44e3743a2ee3d51a66f26a13fab8878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dfe768b419c596ea09ea618b07691586

SHA1
9db1561662ffa3b1e79665ed339fbf04076a5ecf

SHA256
26514e7558261eaefa140f6a32a5364cdb6200921900a7e9a7b86c60852fd7b5

SHA512
92f26f5464040e1f144e1740dea44275ea85d5bf52bba247635ff5377b015c78bc652c947110fd1d17364d0ff01922e298b508a21815f3fa6da903ab6b84ccac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
e22f56a30f4363639855712a8d9c207d

SHA1
4126bd8fe14171c45a42501300edf19dab2e9e46

SHA256
4277596211600d5d9c0ccc3c5761f3cb4ba060ec2b631bef32ad908516a725d1

SHA512
83e8d1faca4f38c1c4798ae618374de8f091da97ea700f5d9b2754eaf5251a9c4de33475d06b147325035ea1e783f4956cb2d7917a1f808442ed3688c9323b36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e10.TMP

Filesize
537B

MD5
73f381098534fdc75940e1f0cb0f1db5

SHA1
7cebfc71a8e25b0cdfaa729917bda93f84fe1840

SHA256
157e8f415dfc05b9f64923ca881196eb291cea85d7f5cc44339fc2c382ff5786

SHA512
0e696ed5ad59fb83812d03b0d684819375fbebff7d2c757af8457f2be9f1d095a363c25da764b30d63f4e2650c2097ddb32c38bd449d6574b0d0de7ccd09d813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e7c41834e32cee2f6dd608186a2428b8

SHA1
d143bd82e202584eb755b238b44085b41046d0cf

SHA256
ac492d9d3de739e6ec1b50cbb9de80e14d4012b0126eb19ddaed8b399363a540

SHA512
c900cc934621bd8e42725d34cc92d5d2898f55254554687e6ece8b3af754041bee3d0cad119e8adea9a32ca184c16c27bcce4c2a10c9af4bfffdfa2f06e09bc9

Download Submit